From 8d09867e9921280d63de1a066f4b3e8ade9e3433 Mon Sep 17 00:00:00 2001
From: Vitalii Kanivets <vitalii_kanivets@epam.com>
Date: Tue, 13 Jun 2023 13:20:58 +0000
Subject: [PATCH 01/15] Added issue templates

---
 .github/ISSUE_TEMPLATE/1_new_policy.yaml      | 55 +++++++++++++++++++
 .github/ISSUE_TEMPLATE/2_duplicate.yaml       | 45 +++++++++++++++
 .github/ISSUE_TEMPLATE/3_fix_policy.yaml      | 29 ++++++++++
 .github/ISSUE_TEMPLATE/4_fix_terraform.yaml   | 29 ++++++++++
 .github/ISSUE_TEMPLATE/5_fix_test.yaml        | 29 ++++++++++
 .../6_security_vulnerability.yaml             | 29 ++++++++++
 .github/ISSUE_TEMPLATE/7_feature_request.yaml | 27 +++++++++
 7 files changed, 243 insertions(+)
 create mode 100644 .github/ISSUE_TEMPLATE/1_new_policy.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/2_duplicate.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/3_fix_policy.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/4_fix_terraform.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/5_fix_test.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/6_security_vulnerability.yaml
 create mode 100644 .github/ISSUE_TEMPLATE/7_feature_request.yaml

diff --git a/.github/ISSUE_TEMPLATE/1_new_policy.yaml b/.github/ISSUE_TEMPLATE/1_new_policy.yaml
new file mode 100644
index 000000000..34eddd636
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/1_new_policy.yaml
@@ -0,0 +1,55 @@
+name: 😺 New Policy Proposal
+description: Template for creating new policy
+title: "[New Policy Name]: "
+labels: ["new_policy", "policy"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this New Policy Proposal!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: input
+    id: source
+    attributes:
+      label: Source (Link)
+      description: What source did you use?
+      placeholder: ex. my own; ex. CIS Benchmark AWS Foundation v1.2.0 (1.1)
+    validations:
+      required: true
+  - type: textarea
+    id: describe-policy
+    attributes:
+      label: Describe the Policy Proposal
+      description: A clear and concise description of what the new policy is.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain your proposal.  
+  - type: textarea
+    id: reproduce
+    attributes:
+      label: Reproduce
+      description: "How to reproduce infrastructure with such a security risk?"
+      value: |
+        1.
+        2.
+        ...
+  - type: textarea
+    id: remediation
+    attributes:
+      label: Remediation
+      description: "How to fix security risk using gcloud cli or console?"
+      value: |
+        1.
+        2.
+        ...
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/2_duplicate.yaml b/.github/ISSUE_TEMPLATE/2_duplicate.yaml
new file mode 100644
index 000000000..e082baba4
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/2_duplicate.yaml
@@ -0,0 +1,45 @@
+name: 😾 Duplicate Exsiting Policy
+description: Template for reporting a duplicate of an existing policy
+title: "[Duplicate Policy Name]: "
+labels: ["policy","duplicate"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this duplicate of an existing policy!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: input
+    id: policy1
+    attributes:
+      label: First Duplicate Policy
+      description: Insert a link to the policy
+      placeholder: ex. policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
+    validations:
+      required: true
+  - type: input
+    id: policy2
+    attributes:
+      label: Second Duplicate Policy
+      description: Insert a link to the policy
+      placeholder: ex. policies/ecc-aws-014-ensure_keys_are_rotated_every_90_days.yml
+    validations:
+      required: true
+  - type: textarea
+    id: add-info
+    attributes:
+      label: Additional information
+      description: Provide additional information.
+    validations:
+      required: false
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots.
diff --git a/.github/ISSUE_TEMPLATE/3_fix_policy.yaml b/.github/ISSUE_TEMPLATE/3_fix_policy.yaml
new file mode 100644
index 000000000..f69511077
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/3_fix_policy.yaml
@@ -0,0 +1,29 @@
+name: 😿 Fix Policy Proposal
+description: Template for Fix policy proposal
+title: "[Fix Policy, name]: "
+labels: ["policy", "bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this Fix Policy Proposal!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the Fix Policy Proposal
+      description: A clear and concise description of what the Fix policy is.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain your proposal.
diff --git a/.github/ISSUE_TEMPLATE/4_fix_terraform.yaml b/.github/ISSUE_TEMPLATE/4_fix_terraform.yaml
new file mode 100644
index 000000000..0ded156d3
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/4_fix_terraform.yaml
@@ -0,0 +1,29 @@
+name: 😿 Fix Terraform Proposal
+description: Template for Fix terrafrom proposal
+title: "[Fix Terraform, name]: "
+labels: ["terraform", "bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this Fix Terraform Proposal!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the Fix Terraform Proposal
+      description: A clear and concise description of what the Fix Terraform is.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain your proposal.
diff --git a/.github/ISSUE_TEMPLATE/5_fix_test.yaml b/.github/ISSUE_TEMPLATE/5_fix_test.yaml
new file mode 100644
index 000000000..123312325
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/5_fix_test.yaml
@@ -0,0 +1,29 @@
+name: 😿 Fix Test Proposal
+description: Template for Fix test proposal
+title: "[Fix Test, name]: "
+labels: ["test", "bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this Fix Test Proposal!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the Fix Test Proposal
+      description: A clear and concise description of what the Fix Test is.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain your proposal.
diff --git a/.github/ISSUE_TEMPLATE/6_security_vulnerability.yaml b/.github/ISSUE_TEMPLATE/6_security_vulnerability.yaml
new file mode 100644
index 000000000..72b3b2979
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/6_security_vulnerability.yaml
@@ -0,0 +1,29 @@
+name: 🙀 Report a security vulnerability
+description: Template for reporting a security vulnerability
+title: "[Vulnerability Name]: "
+labels: ["vulnerability"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this security vulnerability!
+  - type: input
+    id: contact
+    attributes:
+      label: Contact Details
+      description: How can we get in touch with you if we need more info?
+      placeholder: ex. test@test.com
+    validations:
+      required: false
+  - type: textarea
+    id: description
+    attributes:
+      label: Describe the security vulnerability
+      description: A clear and concise description of what the security vulnerability is.
+    validations:
+      required: true
+  - type: textarea
+    id: screenshots
+    attributes:
+      label: Screenshots
+      description: If applicable, add screenshots to help explain this security vulnerability.
diff --git a/.github/ISSUE_TEMPLATE/7_feature_request.yaml b/.github/ISSUE_TEMPLATE/7_feature_request.yaml
new file mode 100644
index 000000000..2e7646deb
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/7_feature_request.yaml
@@ -0,0 +1,27 @@
+name: 😻 Feature request
+description: Suggest an idea for this project
+title: "[Feature Name]: "
+labels: ["enhancement"]
+body:
+  - type: textarea
+    id: problem_description
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when...
+    validations:
+      required: true
+  - type: textarea
+    id: solution_description
+    attributes:
+      label: Describe the solution you'd like
+      description: A clear and concise description of what you want to happen.
+  - type: textarea
+    id: alternative_description
+    attributes:
+      label: Describe alternatives you've considered
+      description: A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    id: additional_context
+    attributes:
+      label: Additional context
+      description: Add any other context or screenshots about the feature request here.
\ No newline at end of file

From 9d82bcd8a8ab3ba74598f64ce4516597fa286d85 Mon Sep 17 00:00:00 2001
From: Vladyslav Yevsiukov <astr1kyv@gmail.com>
Date: Wed, 14 Jun 2023 15:08:19 +0000
Subject: [PATCH 02/15] Added Public Policies

---
 .gitignore                                    |  9 +++
 CHANGELOG.md                                  |  8 +++
 ...or_all_iam_users_with_console_password.yml | 19 ++++++
 ..._access_keys_are_rotated_every_90_days.yml | 21 +++++++
 ...vpc_flow_logging_enabled_for_every_vpc.yml | 16 +++++
 ...ds_retention_backup_is_at_least_7_days.yml | 17 +++++
 ...ecc-aws-083-rds_high-availability_zone.yml | 16 +++++
 ...r_tls_certificates_expire_in_one_month.yml | 18 ++++++
 ...or_tls_certificates_expire_in_one_week.yml | 18 ++++++
 ...ure_ciphers_in_cloudfront_distribution.yml | 18 ++++++
 ...cc-aws-092-remove_weak_ciphers_for_clb.yml | 19 ++++++
 policies/ecc-aws-093-clb_uses_https.yml       | 25 ++++++++
 ...re_mfa_is_enabled_for_the_root_account.yml | 16 +++++
 ...rdware_mfa_is_enabled_for_root_account.yml | 18 ++++++
 ...aws-096-credentials_unused_for_45_days.yml | 55 ++++++++++++++++
 ...eceive_permissions_only_through_groups.yml | 16 +++++
 ...098-iam_password_policy_password_reuse.yml | 28 +++++++++
 .../ecc-aws-099-instance_without_any_tag.yml  | 26 ++++++++
 ...cc-aws-101-clb_access_logging_disabled.yml | 14 +++++
 ...-102-ensures_sqs_encryption_is_enabled.yml | 14 +++++
 ...nstance_without_termination_protection.yml | 19 ++++++
 ...c-aws-105-rds_instance_with_no_backups.yml | 19 ++++++
 ...ws-109-prevent_0-65535_ingress_and_all.yml | 28 +++++++++
 ...s_is_restricted_traffic_to_dns_port_53.yml | 19 ++++++
 ...s_is_restricted_traffic_to_ftp_port_21.yml | 19 ++++++
 ..._is_restricted_traffic_to_http_port_80.yml | 19 ++++++
 ...icted_traffic_to_microsoft_ds_port_445.yml | 19 ++++++
 ...stricted_traffic_to_mongodb_port_27017.yml | 19 ++++++
 ...stricted_traffic_to_mysql_db_port_3306.yml | 19 ++++++
 ...ricted_traffic_to_netbios_ssn_port_139.yml | 19 ++++++
 ...tricted_traffic_to_oracle_db_port_1521.yml | 19 ++++++
 ...is_restricted_traffic_to_pop3_port_110.yml | 19 ++++++
 ...ricted_traffic_to_postgresql_port_5432.yml | 19 ++++++
 ..._is_restricted_traffic_to_smtp_port_25.yml | 19 ++++++
 ...s_restricted_traffic_to_telnet_port_23.yml | 19 ++++++
 ...ecc-aws-124-eks_cluster_version_latest.yml | 17 +++++
 ...cc-aws-140-rds_without_tag_information.yml | 16 +++++
 ...m_password_policy_one_uppercase_letter.yml | 20 ++++++
 ...sure_no_root_account_access_key_exists.yml | 16 +++++
 ...m_password_policy_one_lowercase_letter.yml | 20 ++++++
 ...aws-171-iam_password_policy_one_symbol.yml | 20 ++++++
 ...aws-172-iam_password_policy_one_number.yml | 20 ++++++
 ...-aws-173-iam_password_min_length_ge_14.yml | 21 +++++++
 ...m_password_policy_passwd_expires_le_90.yml | 21 +++++++
 ...-176-cloudtrail_log_validation_enabled.yml | 16 +++++
 ...-cloudtrail_integrated_with_cloudwatch.yml | 16 +++++
 ...used_for_resource_access_from_instance.yml | 16 +++++
 ...ecc-aws-183-config_enabled_all_regions.yml | 18 ++++++
 ...oudtrail_logs_encrypted_using_KMS_CMKs.yml | 15 +++++
 ...cc-aws-185-kms_key_rotation_is_enabled.yml | 22 +++++++
 ...ecurity_group_ingress_is_restricted_22.yml | 26 ++++++++
 ...urity_group_ingress_is_restricted_3389.yml | 26 ++++++++
 ..._group_every_vpc_restricts_all_traffic.yml | 23 +++++++
 ...d_connection_between_cloudfront_origin.yml | 27 ++++++++
 ...-eks_cluster_protected_endpoint_access.yml | 21 +++++++
 ...ecc-aws-196-unused_ec2_security_groups.yml | 14 +++++
 ...odebuild_project_source_repo_url_check.yml | 30 +++++++++
 ...ws-198-autoscaling_group_health_checks.yml | 20 ++++++
 ...c-aws-199-unused_eip_should_be_removed.yml | 16 +++++
 ...0-elasticsearch_service_domains_in_vpc.yml | 16 +++++
 ...rch_service_domains_encryption_at_rest.yml | 16 +++++
 ...-ebs_snapshots_not_publicly_restorable.yml | 18 ++++++
 ...cc-aws-210-cloud_front_waf_integration.yml | 20 ++++++
 policies/ecc-aws-212-lambda_in_vpc.yml        | 31 ++++++++++
 ...edshift_cluster_prohibit_public_access.yml | 16 +++++
 ...ent_variables_contain_text_credentials.yml | 24 +++++++
 ...19-rds_snapshot_prohibit_public_access.yml | 18 ++++++
 ...s-221-ec2_managed_ssm_patch_compliance.yml | 18 ++++++
 policies/ecc-aws-222-ami_public_access.yml    | 18 ++++++
 ...c-aws-223-ensure_that_sagemaker_in_vpc.yml | 20 ++++++
 ...subnets_automatic_public_ip_assignment.yml | 16 +++++
 ...r_does_not_have_direct_internet_access.yml | 16 +++++
 ...tributions_use_custom_ssl_certificates.yml | 20 ++++++
 ...ributions_with_geo_restriction_enabled.yml | 16 +++++
 ...m_has_certificates_single_domain_names.yml | 17 +++++
 ...aws-241-acm_has_no_unused_certificates.yml | 16 +++++
 ...cloudfront_distribution_access_logging.yml | 16 +++++
 ...iled_certificates_are_removed_from_acm.yml | 20 ++++++
 ...s-245-alb_is_protected_by_waf_regional.yml | 19 ++++++
 ...olicies_instead_of_inline_iam_policies.yml | 14 +++++
 ...inbound_rule_permissive_to_all_traffic.yml | 30 +++++++++
 ...ired_certificates_are_removed_from_acm.yml | 16 +++++
 ...250-rest_api_gateway_is_set_to_private.yml | 20 ++++++
 ...-api_key_is_required_on_method_request.yml | 16 +++++
 ...ams_encrypted_kms_customer_master_keys.yml | 16 +++++
 ...54-kinesis_server_data_at_rest_has_sse.yml | 16 +++++
 .../ecc-aws-255-restrict_outbound_traffic.yml | 24 +++++++
 ...ynamodb_is_encrypted_using_managed_cmk.yml | 17 +++++
 policies/ecc-aws-257-efs_is_encrypted.yml     | 16 +++++
 ...258-efs_is_encrypted_using_managed_cmk.yml | 24 +++++++
 ...ache_redis_clusters_encryption_at_rest.yml | 19 ++++++
 ...s-260-redshift_instances_are_encrypted.yml | 16 +++++
 ...s-261-rds_cluster_storage_is_encrypted.yml | 16 +++++
 ...c-aws-262-expired_route53_domain_names.yml | 18 ++++++
 .../ecc-aws-263-enable_elb_access_logs.yml    | 19 ++++++
 ...curity_policy_of_network_load_balancer.yml | 25 ++++++++
 ...c-aws-267-guardduty_service_is_enabled.yml | 16 +++++
 ...ser_for_administrative_and_daily_tasks.yml | 29 +++++++++
 ...aws-276-iam_access_analyzer_is_enabled.yml | 18 ++++++
 ..._key_available_for_any_single_iam_user.yml | 23 +++++++
 ...ificates_stored_in_aws_iam_are_removed.yml | 18 ++++++
 ...ecc-aws-289-ebs_volume_without_encrypt.yml | 16 +++++
 ...ecc-aws-291-rds_public_access_disabled.yml | 16 +++++
 ...pi_gateway_rest_api_encryption_at_rest.yml | 14 +++++
 ...gress_is_restricted_traffic_to_port_20.yml | 19 ++++++
 ...ws-294-clb_connection_draining_enabled.yml | 16 +++++
 ...icsearch_domains_audit_logging_enabled.yml | 20 ++++++
 ..._at_least_three_dedicated_master_nodes.yml | 22 +++++++
 ...in_connections_encrypted_using_TLS_1_2.yml | 21 +++++++
 ...s_configured_to_copy_tags_to_snapshots.yml | 16 +++++
 ...s_configured_to_copy_tags_to_snapshots.yml | 16 +++++
 ...edshift_clusters_audit_logging_enabled.yml | 21 +++++++
 ...p_addresses_not_assigned_automatically.yml | 16 +++++
 ...ress_is_restricted_traffic_to_port_135.yml | 19 ++++++
 ...ress_is_restricted_traffic_to_port_143.yml | 19 ++++++
 ...s_is_restricted_traffic_to_mssql_ports.yml | 19 ++++++
 ...ess_is_restricted_traffic_to_port_4333.yml | 19 ++++++
 ...ess_is_restricted_traffic_to_port_5500.yml | 19 ++++++
 ...ess_is_restricted_traffic_to_port_5601.yml | 19 ++++++
 ...ess_is_restricted_traffic_to_port_8080.yml | 19 ++++++
 ...traffic_to_elasticsearch_service_ports.yml | 19 ++++++
 ...tabase_cluster_engine_no_default_ports.yml | 22 +++++++
 ...319-rds_instances_storage_is_encrypted.yml | 16 +++++
 ...320-rds_snapshots_storage_is_encrypted.yml | 16 +++++
 ...api_stages_ssl_certificates_configured.yml | 16 +++++
 ...ecc-aws-323-rest_api_aws_x_ray_enabled.yml | 16 +++++
 ...udfront_default_root_object_configured.yml | 16 +++++
 ...-cloudfront_origin_failover_configured.yml | 17 +++++
 ...ecc-aws-327-dms_replication_not_public.yml | 16 +++++
 ...c-aws-329-dynamodb_tables_pitr_enabled.yml | 17 +++++
 ...ws-330-dynamodb_dax_encryption_enabled.yml | 16 +++++
 policies/ecc-aws-331-ec2_stopped_instance.yml | 20 ++++++
 .../ecc-aws-332-ec2_instance_no_public_ip.yml | 16 +++++
 ...-aws-333-ec2_service_use_vpc_endpoints.yml | 18 ++++++
 .../ecc-aws-334-vpc_unused_network_acl.yml    | 17 +++++
 ...2_instance_should_not_use_multiple_eni.yml | 16 +++++
 ..._networking_modes_and_user_definitions.yml | 35 +++++++++++
 policies/ecc-aws-337-efs_in_backup_plan.yml   | 14 +++++
 ...talk_enhanced_health_reporting_enabled.yml | 16 +++++
 ...c-aws-339-alb_drop_invalid_http_header.yml | 17 +++++
 ...ws-341-elb_deletion_protection_enabled.yml | 17 +++++
 ...-alb_http_to_https_redirection_enabled.yml | 24 +++++++
 ...-aws-343-emr_master_nodes_no_public_ip.yml | 22 +++++++
 ...search_node_to_node_encryption_enabled.yml | 16 +++++
 ...ch_error_logging_to_cloudwatch_enabled.yml | 20 ++++++
 ...s_instance_enhanced_monitoring_enabled.yml | 16 +++++
 ...ds_cluster_deletion_protection_enabled.yml | 16 +++++
 ...s_instance_deletion_protection_enabled.yml | 16 +++++
 ...ecc-aws-349-rds_oracle_logging_enabled.yml | 40 ++++++++++++
 ...aws-350-rds_postgresql_logging_enabled.yml | 40 ++++++++++++
 .../ecc-aws-351-rds_mysql_logging_enabled.yml | 51 +++++++++++++++
 ...aws-353-rds_sql_server_logging_enabled.yml | 30 +++++++++
 ...ecc-aws-354-rds_aurora_logging_enabled.yml | 51 +++++++++++++++
 ...s-355-rds_aurora_mysql_logging_enabled.yml | 51 +++++++++++++++
 ...-rds_aurora_postgresql_logging_enabled.yml | 35 +++++++++++
 ...instance_iam_authentication_configured.yml | 16 +++++
 ..._cluster_iam_authentication_configured.yml | 16 +++++
 ...-rds_aurora_mysql_backtracking_enabled.yml | 20 ++++++
 ...c-aws-360-rds_cluster_multi_az_enabled.yml | 16 +++++
 ...-redshift_cluster_encrypted_in_transit.yml | 17 +++++
 ...ift_cluster_automatic_snapshot_enabled.yml | 17 +++++
 ...matic_upgrade_to_major_version_enabled.yml | 16 +++++
 ...t_cluster_enhanced_vpc_routing_enabled.yml | 16 +++++
 ...ecc-aws-368-sns_kms_encryption_enabled.yml | 16 +++++
 ...c2_instance_managed_by_systems_manager.yml | 21 +++++++
 ...ce_association_compliance_status_check.yml | 23 +++++++
 ...cc-aws-372-ec2_instance_imdsv2_enabled.yml | 16 +++++
 ...-373-eks_control_plane_logging_enabled.yml | 25 ++++++++
 ...ters_security_group_traffic_restricted.yml | 55 ++++++++++++++++
 .../ecc-aws-375-eks_secrets_encrypted.yml     | 17 +++++
 .../ecc-aws-376-ecr_immutable_image_tags.yml  | 16 +++++
 ...-ecr_repository_kms_encryption_enabled.yml | 17 +++++
 ...378-ecr_image_scanning_on_push_enabled.yml | 16 +++++
 ...gresql_log_rotation_age_flag_set_to_60.yml | 27 ++++++++
 ...l_log_rotation_size_flag_set_correctly.yml | 22 +++++++
 ...gresql_debug_print_parse_flag_disabled.yml | 20 ++++++
 ...ql_debug_print_rewritten_flag_disabled.yml | 20 ++++++
 ...tgresql_debug_print_plan_flag_disabled.yml | 20 ++++++
 ...gresql_debug_pretty_print_flag_enabled.yml | 21 +++++++
 ...ostgresql_log_connections_flag_enabled.yml | 21 +++++++
 ...gresql_log_disconnections_flag_enabled.yml | 22 +++++++
 ...log_error_verbosity_flag_set_correctly.yml | 21 +++++++
 ...-postgresql_log_hostname_flag_disabled.yml | 20 ++++++
 ...resql_log_statement_flag_set_correctly.yml | 21 +++++++
 ...sql_log_destination_flag_set_to_csvlog.yml | 20 ++++++
 ...ostgresql_log_checkpoints_flag_enabled.yml | 22 +++++++
 ...postgresql_log_lock_waits_flag_enabled.yml | 21 +++++++
 ...3-postgresql_log_duration_flag_enabled.yml | 22 +++++++
 ...fault_route_table_association_disabled.yml | 20 ++++++
 ...fault_route_table_propagation_disabled.yml | 20 ++++++
 ...6-rest_api_gateway_is_protected_by_waf.yml | 16 +++++
 ...t_api_gateway_contend_encoding_enabled.yml | 16 +++++
 ...aws-398-rest_api_gateway_cache_enabled.yml | 21 +++++++
 ...00-glue_data_catalog_encrypted_at_rest.yml | 15 +++++
 ...ncrypted_with_kms_customer_master_keys.yml | 15 +++++
 ...c-aws-402-glue_job_bookmarks_encrypted.yml | 16 +++++
 ...aws-403-glue_cloudwatch_logs_encrypted.yml | 16 +++++
 ...ecc-aws-404-glue_s3_encryption_enabled.yml | 18 ++++++
 ...05-emr_kerberos_authentication_enabled.yml | 21 +++++++
 policies/ecc-aws-407-emr_clusters_in_vpc.yml  | 21 +++++++
 .../ecc-aws-408-emr_logging_to_s3_enabled.yml | 21 +++++++
 ...cc-aws-409-vpc_unused_internet_gateway.yml | 16 +++++
 ...ws-411-unused_virtual_private_gateways.yml | 19 ++++++
 ...previous_generation_instances_not_used.yml | 17 +++++
 ...-aws-414-elasticache_automatic_backups.yml | 17 +++++
 ...s-415-elasticache_encrypted_in_transit.yml | 16 +++++
 ...lasticache_encrypted_at_rest_using_cmk.yml | 16 +++++
 ...418-elasticache_redis_multi_az_enabled.yml | 16 +++++
 ...aws-419-elasticache_redis_auth_enabled.yml | 19 ++++++
 ...ecc-aws-420-elasticache_latest_version.yml | 30 +++++++++
 ...ws-425-elasticsearch_slow_logs_enabled.yml | 21 +++++++
 ...cache_auth_token_rotated_every_90_days.yml | 18 ++++++
 ...9-elasticsearch_encrypted_with_kms_cmk.yml | 17 +++++
 ...-430-autoscaling_group_cooldown_period.yml | 17 +++++
 ...c-aws-431-elasticsearch_enforces_https.yml | 16 +++++
 ...c-aws-432-elasticsearch_latest_version.yml | 17 +++++
 ...3-autoscaling_group_has_associated_elb.yml | 20 ++++++
 ...cc-aws-434-xray-encrypted_with_kms_cmk.yml | 21 +++++++
 ...cc-aws-435-workspaces_unused_instances.yml | 18 ++++++
 ...436-autoscaling_group_utilize_multi_az.yml | 17 +++++
 ...s-437-workspaces_instances_are_healthy.yml | 16 +++++
 ...oscaling_group_has_valid_configuration.yml | 14 +++++
 ...c-aws-439-workspaces_storage_encrypted.yml | 21 +++++++
 ...up_service_compliant_lifecycle_enabled.yml | 26 ++++++++
 ...ncrypted_with_kms_customer_master_keys.yml | 17 +++++
 ...sl_protocols_between_cloudfront_origin.yml | 25 ++++++++
 ...s_mysql_instances_latest_major_version.yml | 21 +++++++
 ...ecc-aws-447-sqs_encrypted_with_kms_cmk.yml | 18 ++++++
 ...ont_distribution_fieldlevel_encryption.yml | 16 +++++
 .../ecc-aws-449-sqs_not_open_to_everyone.yml  | 22 +++++++
 ...esql_log_parser_stats_flag_is_disabled.yml | 20 ++++++
 ...-452-cloudtrail_logs_management_events.yml | 17 +++++
 ...s-453-event_bus_is_exposed_to_everyone.yml | 15 +++++
 ...gresql_log_planner_stats_flag_disabled.yml | 20 ++++++
 ...resql_log_executor_stats_flag_disabled.yml | 20 ++++++
 ...min_error_statement_flag_set_correctly.yml | 21 +++++++
 ..._not_allow_actions_from_all_principals.yml | 15 +++++
 .../ecc-aws-459-config_delivery_failed.yml    | 19 ++++++
 policies/ecc-aws-461-dms_latest_version.yml   | 17 +++++
 ...maker_instances_encrypted_with_kms_cmk.yml | 16 +++++
 ...aws-469-dms_auto_minor_version_upgrade.yml | 16 +++++
 ...ation_instances_encrypted_with_kms_cmk.yml | 16 +++++
 ...acle_audit_sys_operations_flag_enabled.yml | 22 +++++++
 ...-oracle_audit_trail_flag_set_correctly.yml | 22 +++++++
 ...s-473-oracle_global_names_flag_enabled.yml | 22 +++++++
 ...-474-oracle_remote_listener_flag_empty.yml | 22 +++++++
 ...ailed_login_attempts_flag_is_3_or_less.yml | 22 +++++++
 ...rror_further_action_flag_set_to_drop_3.yml | 22 +++++++
 ...col_error_trace_action_flag_set_to_log.yml | 22 +++++++
 ...rn_server_release_banner_flag_disabled.yml | 22 +++++++
 ...479-oracle_sql92_security_flag_enabled.yml | 22 +++++++
 .../ecc-aws-480-oracle_trace_files_public.yml | 22 +++++++
 ...481-oracle_resource_limit_flag_enabled.yml | 22 +++++++
 policies/ecc-aws-482-dms_multi_az_enabled.yml | 16 +++++
 ...-487-ebs_volume_encrypted_with_kms_cmk.yml | 20 ++++++
 .../ecc-aws-488-ebs_snapshot_encrypted.yml    | 16 +++++
 policies/ecc-aws-489-unused_ebs_volumes.yml   | 16 +++++
 .../ecc-aws-490-unused_ec2_access_keys.yml    | 14 +++++
 ...l_mode_flag_contains_strict_all_tables.yml | 22 +++++++
 ...rkspaces_images_not_older_than_90_days.yml | 18 ++++++
 ...aws-494-workspaces_web_access_disabled.yml | 16 +++++
 ...of_file_systems_encrypted_with_kms_cmk.yml | 16 +++++
 ...e_delivery_streams_encrypted_using_SSE.yml | 19 ++++++
 ...-aws-497-lambda_active_tracing_enabled.yml | 16 +++++
 ...maker_endpoint_configuration_encrypted.yml | 17 +++++
 ...ambda_variables_encrypted_with_kms_cmk.yml | 17 +++++
 ...s-501-sagemaker_instance_root_disabled.yml | 16 +++++
 ...ker_auto_minor_version_upgrade_enabled.yml | 16 +++++
 .../ecc-aws-503-mq_broker_logging_enabled.yml | 31 ++++++++++
 ...04-sagemaker_network_isolation_enabled.yml | 16 +++++
 ...ute53_domain_automatic_renewal_enabled.yml | 16 +++++
 ...-506-mq_broker_not_publicly_accessible.yml | 16 +++++
 ...-507-route53_domain_expires_in_30_days.yml | 23 +++++++
 ...-mq_broker_open_to_all_ports_protocols.yml | 34 ++++++++++
 ...d_zone_records_health_check_configured.yml | 19 ++++++
 ...ws-511-msk_data_encrypted_with_kms_cmk.yml | 17 +++++
 ...-512-msk_encryption_in_transit_enabled.yml | 17 +++++
 ...-aws-513-route53_query_logging_enabled.yml | 15 +++++
 policies/ecc-aws-514-msk_logging_enabled.yml  | 24 +++++++
 ...ecc-aws-515-rds_encrypted_with_kms_cmk.yml | 20 ++++++
 ...ecc-aws-516-sns_encrypted_with_kms_cmk.yml | 17 +++++
 ...redshift_user_activity_logging_enabled.yml | 21 +++++++
 ...ws-519-redshift_not_using_default_port.yml | 16 +++++
 ...ws-520-redshift_encrypted_with_kms_cmk.yml | 17 +++++
 ...1-redshift_parameter_group_require_ssl.yml | 16 +++++
 ...-aws-522-route53_transfer_lock_enabled.yml | 16 +++++
 ...est_api_gateway_access_logging_enabled.yml | 16 +++++
 ...25-ecs_exec_logging_encryption_enabled.yml | 28 +++++++++
 ...26-rest_api_gateway_logs_set_correctly.yml | 16 +++++
 ...cc-aws-527-mwaa_encrypted_with_kms_cmk.yml | 17 +++++
 ...is_video_stream_encrypted_with_kms_cmk.yml | 16 +++++
 ...aling_launch_config_public_ip_disabled.yml | 20 ++++++
 ...32-glue_connection_passwords_encrypted.yml | 16 +++++
 ...ecc-aws-537-fsx_lustre_logging_enabled.yml | 21 +++++++
 ...8-ds_directory_not_open_to_large_scope.yml | 17 +++++
 ...etention_period_set_at_least_to_7_days.yml | 18 ++++++
 ...42-workspaces_maintenance_mode_enabled.yml | 16 +++++
 ...cc-aws-547-cloudtrail_logs_data_events.yml | 16 +++++
 ...-workspaces_storage_encrypted_with_cmk.yml | 23 +++++++
 ...cc-aws-550-ami_without_tag_information.yml | 16 +++++
 ...cc-aws-551-ebs_without_tag_information.yml | 16 +++++
 ...2-ebs_snapshot_without_tag_information.yml | 16 +++++
 ...cc-aws-553-eip_without_tag_information.yml | 16 +++++
 ...cc-aws-555-eni_without_tag_information.yml | 16 +++++
 ...ternet_gateway_without_tag_information.yml | 16 +++++
 ...57-nat_gateway_without_tag_information.yml | 16 +++++
 ...58-network_acl_without_tag_information.yml | 16 +++++
 ...59-route_table_without_tag_information.yml | 16 +++++
 ...security_group_without_tag_information.yml | 16 +++++
 ...aws-561-subnet_without_tag_information.yml | 16 +++++
 ...ransit_gateway_without_tag_information.yml | 16 +++++
 ...way_attachment_without_tag_information.yml | 16 +++++
 ...ing_connection_without_tag_information.yml | 16 +++++
 ...cc-aws-565-vpc_without_tag_information.yml | 16 +++++
 ...6-vpc_endpoint_without_tag_information.yml | 16 +++++
 ...cc-aws-567-acm_without_tag_information.yml | 16 +++++
 ...s-568-app_flow_without_tag_information.yml | 16 +++++
 ..._scaling_group_without_tag_information.yml | 16 +++++
 ...rmation_stacks_without_tag_information.yml | 16 +++++
 ..._distributions_without_tag_information.yml | 16 +++++
 ...578-cloudtrail_without_tag_information.yml | 16 +++++
 ...-580-codebuild_without_tag_information.yml | 16 +++++
 ...2-dax_clusters_without_tag_information.yml | 16 +++++
 ...cc-aws-583-dlm_without_tag_information.yml | 16 +++++
 ...cc-aws-584-dms_without_tag_information.yml | 16 +++++
 ...cc-aws-585-ecs_without_tag_information.yml | 16 +++++
 ...cc-aws-586-eks_without_tag_information.yml | 16 +++++
 ...cc-aws-587-efs_without_tag_information.yml | 16 +++++
 ...cache_clusters_without_tag_information.yml | 16 +++++
 ...-590-beanstalk_without_tag_information.yml | 16 +++++
 ...cc-aws-591-elb_without_tag_information.yml | 16 +++++
 ...cc-aws-592-emr_without_tag_information.yml | 16 +++++
 ...-elasticsearch_without_tag_information.yml | 16 +++++
 ...cc-aws-596-fsx_without_tag_information.yml | 16 +++++
 ...597-fsx_backup_without_tag_information.yml | 16 +++++
 ...ws-599-glacier_without_tag_information.yml | 16 +++++
 ...s-600-glue_job_without_tag_information.yml | 16 +++++
 ...s-608-iam_user_without_tag_information.yml | 16 +++++
 ...s-609-iam_role_without_tag_information.yml | 16 +++++
 ...1-msk_clusters_without_tag_information.yml | 16 +++++
 ...is_data_stream_without_tag_information.yml | 16 +++++
 ...ws-615-kms_key_without_tag_information.yml | 19 ++++++
 ...mbda_functions_without_tag_information.yml | 16 +++++
 ...tsail_instance_without_tag_information.yml | 16 +++++
 ...tch_log_groups_without_tag_information.yml | 16 +++++
 ...619-mq_brokers_without_tag_information.yml | 16 +++++
 ...c-aws-620-mwaa_without_tag_information.yml | 16 +++++
 ...4-qldb_ledgers_without_tag_information.yml | 16 +++++
 ...25-rds_cluster_without_tag_information.yml | 16 +++++
 ...6-rds_snapshot_without_tag_information.yml | 16 +++++
 ...shift_clusters_without_tag_information.yml | 16 +++++
 ...aker_instances_without_tag_information.yml | 16 +++++
 ...cc-aws-632-sns_without_tag_information.yml | 16 +++++
 ...cc-aws-633-sqs_without_tag_information.yml | 16 +++++
 ...s-638-mq_broker_active_deployment_mode.yml | 21 +++++++
 .../ecc-aws-639-mq_broker_latest_version.yml  | 31 ++++++++++
 ...s-640-mq_broker_encrypted_with_kms_cmk.yml | 17 +++++
 ...streams_shard_level_monitoring_enabled.yml | 18 ++++++
 ...s-643-qldb_permission_mode_is_standard.yml | 16 +++++
 ...s-644-qldb_deletion_protection_enabled.yml | 16 +++++
 ...mwaa_dag_processing_logs_set_correctly.yml | 20 ++++++
 ...-653-mwaa_scheduler_logs_set_correctly.yml | 20 ++++++
 ...c-aws-654-mwaa_task_logs_set_correctly.yml | 20 ++++++
 ...-655-mwaa_webserver_logs_set_correctly.yml | 20 ++++++
 ...aws-656-mwaa_worker_logs_set_correctly.yml | 20 ++++++
 ...t_availability_zone_relocation_enabled.yml | 16 +++++
 ...aws-664-elasticache_redis_logs_enabled.yml | 20 ++++++
 ...-665-elasticache_notifications_enabled.yml | 16 +++++
 ...669-emr_termination_protection_enabled.yml | 16 +++++
 ...s-672-glue_spark_ui_monitoring_enabled.yml | 17 +++++
 ..._functions_enhanced_monitoring_enabled.yml | 18 ++++++
 ...ronment_variables_encrypted_in_transit.yml | 19 ++++++
 ...bda_latest_runtime_environment_version.yml | 21 +++++++
 ...ecc-aws-681-lambda_concurrency_enabled.yml | 16 +++++
 .../ecc-aws-690-ecs_exec_logging_enabled.yml  | 20 ++++++
 ...691-fsx_daily_automatic_backup_enabled.yml | 62 +++++++++++++++++++
 ...-692-fsx_netapp_ontap_multi_az_enabled.yml | 19 ++++++
 ...x_windows_file_server_multi_az_enabled.yml | 20 ++++++
 .../ecc-aws-696-alb_desync_mode_check.yml     | 16 +++++
 ...ecc-aws-697-api_gw_endpoint_type_check.yml | 17 +++++
 ...ng_groups_capacity_rebalancing_enabled.yml | 17 +++++
 ...toscaling_launchconfig_requires_imdsv2.yml | 20 ++++++
 .../ecc-aws-707-clb_desync_mode_check.yml     | 17 +++++
 policies/ecc-aws-708-clb-multiple_az.yml      | 16 +++++
 ...-clb_cross_zone_load_balancing_enabled.yml | 16 +++++
 ...dformation_stack_drift_detection_check.yml | 21 +++++++
 .../ecc-aws-712-cloudfront_sni_enabled.yml    | 23 +++++++
 ...watch_log_group_encrypted_with_kms_cmk.yml | 17 +++++
 ...-codebuild_project_artifact_encryption.yml | 16 +++++
 ...d_project_environment_privileged_check.yml | 16 +++++
 ...-719-codebuild_project_logging_enabled.yml | 20 ++++++
 ...20-codebuild_project_s3_logs_encrypted.yml | 19 ++++++
 ...dedeploy_auto_rollback_monitor_enabled.yml | 21 +++++++
 ...ambda_allatonce_traffic_shift_disabled.yml | 20 ++++++
 ...artifact_bucket_encrypted_with_kms_cmk.yml | 17 +++++
 ...watch_log_group_retention_period_check.yml | 18 ++++++
 ...2_instance_detailed_monitoring_enabled.yml | 16 +++++
 .../ecc-aws-739-ec2_token_hop_limit_check.yml | 17 +++++
 ...ansit_gateway_auto_vpc_attach_disabled.yml | 16 +++++
 ...cr_private_lifecycle_policy_configured.yml | 15 +++++
 ...44-ecs_fargate_latest_platform_version.yml | 17 +++++
 ...-ecs_task_definition_memory_hard_limit.yml | 16 +++++
 ...746-ecs_task_definition_pid_mode_check.yml | 16 +++++
 ...1-eks_cluster_oldest_supported_version.yml | 17 +++++
 policies/ecc-aws-755-elbv2_multiple_az.yml    | 16 +++++
 .../ecc-aws-760-iam_group_has_users_check.yml | 15 +++++
 .../ecc-aws-762-lambda_vpc_multi_az_check.yml | 20 ++++++
 ...-769-opensearch_access_control_enabled.yml | 16 +++++
 ...utomatic_minor_version_upgrade_enabled.yml | 16 +++++
 ...ws-771-rds_cluster_default_admin_check.yml | 20 ++++++
 ...s-773-rds_instance_default_admin_check.yml | 20 ++++++
 ...c-aws-776-redshift_default_admin_check.yml | 16 +++++
 ...aws-777-redshift_default_db_name_check.yml | 16 +++++
 ..._message_delivery_notification_enabled.yml | 16 +++++
 policies/ecc-aws-787-mwaa_latest_version.yml  | 17 +++++
 .../ecc-aws-800-dax_ecnrypted_in_transit.yml  | 16 +++++
 policies/ecc-aws-808-clb_internet_facing.yml  | 16 +++++
 policies/ecc-aws-809-elb_internet_facing.yml  | 16 +++++
 ...um_of_2048-bit_key_for_rsa_certificate.yml | 17 +++++
 ...active_iam_access_keys_are_not_deleted.yml | 16 +++++
 policies/ecc-aws-897-security_hub_enabled.yml | 15 +++++
 ...aws-899-s3_event_notifications_enabled.yml | 27 ++++++++
 policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml | 19 ++++++
 ...04-autoscaling_launch_config_hop_limit.yml | 17 +++++
 ...aws-906-ecs_containers_readonly_access.yml | 17 +++++
 ...ecc-aws-907-ecs_no_environment_secrets.yml | 17 +++++
 ...911-kms_cmk_not_scheduled_for_deletion.yml | 16 +++++
 ...cc-aws-917-waf_global_webacl_not_empty.yml | 16 +++++
 ...rtificate_transparency_logging_enabled.yml | 16 +++++
 ...s-938-cloudfront_encryption_in_transit.yml | 20 ++++++
 ...aws-939-ebs_default_encryption_enabled.yml | 19 ++++++
 ...d_acm_certificates_expire_in_one_month.yml | 18 ++++++
 ...s-949-key_pair_without_tag_information.yml | 16 +++++
 ...cc-aws-950-autoscaling_launch_template.yml | 16 +++++
 ...c-aws-951-clb_acm_certificate_required.yml | 28 +++++++++
 ...aws-953-lambda_function_settings_check.yml | 21 +++++++
 ...c-aws-955-ecs_containers_nonprivileged.yml | 23 +++++++
 ...oudfront_s3_origin_non_existent_bucket.yml | 15 +++++
 ...oudfront_origin_access_control_enabled.yml | 16 +++++
 .../ecc-aws-962-glue_job_latest_version.yml   | 17 +++++
 .../ecc-aws-963-glue_job_logging_enabled.yml  | 17 +++++
 version                                       |  1 +
 442 files changed, 8357 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 CHANGELOG.md
 create mode 100644 policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
 create mode 100644 policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
 create mode 100644 policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
 create mode 100644 policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml
 create mode 100644 policies/ecc-aws-083-rds_high-availability_zone.yml
 create mode 100644 policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml
 create mode 100644 policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml
 create mode 100644 policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml
 create mode 100644 policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml
 create mode 100644 policies/ecc-aws-093-clb_uses_https.yml
 create mode 100644 policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml
 create mode 100644 policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml
 create mode 100644 policies/ecc-aws-096-credentials_unused_for_45_days.yml
 create mode 100644 policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml
 create mode 100644 policies/ecc-aws-098-iam_password_policy_password_reuse.yml
 create mode 100644 policies/ecc-aws-099-instance_without_any_tag.yml
 create mode 100644 policies/ecc-aws-101-clb_access_logging_disabled.yml
 create mode 100644 policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml
 create mode 100644 policies/ecc-aws-103-instance_without_termination_protection.yml
 create mode 100644 policies/ecc-aws-105-rds_instance_with_no_backups.yml
 create mode 100644 policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml
 create mode 100644 policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
 create mode 100644 policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
 create mode 100644 policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
 create mode 100644 policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
 create mode 100644 policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
 create mode 100644 policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
 create mode 100644 policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
 create mode 100644 policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
 create mode 100644 policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
 create mode 100644 policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
 create mode 100644 policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
 create mode 100644 policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
 create mode 100644 policies/ecc-aws-124-eks_cluster_version_latest.yml
 create mode 100644 policies/ecc-aws-140-rds_without_tag_information.yml
 create mode 100644 policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml
 create mode 100644 policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml
 create mode 100644 policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml
 create mode 100644 policies/ecc-aws-171-iam_password_policy_one_symbol.yml
 create mode 100644 policies/ecc-aws-172-iam_password_policy_one_number.yml
 create mode 100644 policies/ecc-aws-173-iam_password_min_length_ge_14.yml
 create mode 100644 policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml
 create mode 100644 policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml
 create mode 100644 policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml
 create mode 100644 policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
 create mode 100644 policies/ecc-aws-183-config_enabled_all_regions.yml
 create mode 100644 policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
 create mode 100644 policies/ecc-aws-185-kms_key_rotation_is_enabled.yml
 create mode 100644 policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml
 create mode 100644 policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml
 create mode 100644 policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml
 create mode 100644 policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml
 create mode 100644 policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml
 create mode 100644 policies/ecc-aws-196-unused_ec2_security_groups.yml
 create mode 100644 policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml
 create mode 100644 policies/ecc-aws-198-autoscaling_group_health_checks.yml
 create mode 100644 policies/ecc-aws-199-unused_eip_should_be_removed.yml
 create mode 100644 policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml
 create mode 100644 policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml
 create mode 100644 policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml
 create mode 100644 policies/ecc-aws-210-cloud_front_waf_integration.yml
 create mode 100644 policies/ecc-aws-212-lambda_in_vpc.yml
 create mode 100644 policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml
 create mode 100644 policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml
 create mode 100644 policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml
 create mode 100644 policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml
 create mode 100644 policies/ecc-aws-222-ami_public_access.yml
 create mode 100644 policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml
 create mode 100644 policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml
 create mode 100644 policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml
 create mode 100644 policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml
 create mode 100644 policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml
 create mode 100644 policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml
 create mode 100644 policies/ecc-aws-241-acm_has_no_unused_certificates.yml
 create mode 100644 policies/ecc-aws-242-cloudfront_distribution_access_logging.yml
 create mode 100644 policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml
 create mode 100644 policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml
 create mode 100644 policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml
 create mode 100644 policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
 create mode 100644 policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml
 create mode 100644 policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml
 create mode 100644 policies/ecc-aws-251-api_key_is_required_on_method_request.yml
 create mode 100644 policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml
 create mode 100644 policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml
 create mode 100644 policies/ecc-aws-255-restrict_outbound_traffic.yml
 create mode 100644 policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml
 create mode 100644 policies/ecc-aws-257-efs_is_encrypted.yml
 create mode 100644 policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml
 create mode 100644 policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml
 create mode 100644 policies/ecc-aws-260-redshift_instances_are_encrypted.yml
 create mode 100644 policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml
 create mode 100644 policies/ecc-aws-262-expired_route53_domain_names.yml
 create mode 100644 policies/ecc-aws-263-enable_elb_access_logs.yml
 create mode 100644 policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml
 create mode 100644 policies/ecc-aws-267-guardduty_service_is_enabled.yml
 create mode 100644 policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
 create mode 100644 policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml
 create mode 100644 policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml
 create mode 100644 policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
 create mode 100644 policies/ecc-aws-289-ebs_volume_without_encrypt.yml
 create mode 100644 policies/ecc-aws-291-rds_public_access_disabled.yml
 create mode 100644 policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml
 create mode 100644 policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml
 create mode 100644 policies/ecc-aws-294-clb_connection_draining_enabled.yml
 create mode 100644 policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml
 create mode 100644 policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
 create mode 100644 policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
 create mode 100644 policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
 create mode 100644 policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
 create mode 100644 policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml
 create mode 100644 policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml
 create mode 100644 policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml
 create mode 100644 policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml
 create mode 100644 policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
 create mode 100644 policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml
 create mode 100644 policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml
 create mode 100644 policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml
 create mode 100644 policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml
 create mode 100644 policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
 create mode 100644 policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml
 create mode 100644 policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml
 create mode 100644 policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml
 create mode 100644 policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml
 create mode 100644 policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml
 create mode 100644 policies/ecc-aws-324-cloudfront_default_root_object_configured.yml
 create mode 100644 policies/ecc-aws-326-cloudfront_origin_failover_configured.yml
 create mode 100644 policies/ecc-aws-327-dms_replication_not_public.yml
 create mode 100644 policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml
 create mode 100644 policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-331-ec2_stopped_instance.yml
 create mode 100644 policies/ecc-aws-332-ec2_instance_no_public_ip.yml
 create mode 100644 policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml
 create mode 100644 policies/ecc-aws-334-vpc_unused_network_acl.yml
 create mode 100644 policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml
 create mode 100644 policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
 create mode 100644 policies/ecc-aws-337-efs_in_backup_plan.yml
 create mode 100644 policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml
 create mode 100644 policies/ecc-aws-339-alb_drop_invalid_http_header.yml
 create mode 100644 policies/ecc-aws-341-elb_deletion_protection_enabled.yml
 create mode 100644 policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml
 create mode 100644 policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml
 create mode 100644 policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml
 create mode 100644 policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml
 create mode 100644 policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml
 create mode 100644 policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml
 create mode 100644 policies/ecc-aws-349-rds_oracle_logging_enabled.yml
 create mode 100644 policies/ecc-aws-350-rds_postgresql_logging_enabled.yml
 create mode 100644 policies/ecc-aws-351-rds_mysql_logging_enabled.yml
 create mode 100644 policies/ecc-aws-353-rds_sql_server_logging_enabled.yml
 create mode 100644 policies/ecc-aws-354-rds_aurora_logging_enabled.yml
 create mode 100644 policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml
 create mode 100644 policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml
 create mode 100644 policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml
 create mode 100644 policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml
 create mode 100644 policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml
 create mode 100644 policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml
 create mode 100644 policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml
 create mode 100644 policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml
 create mode 100644 policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
 create mode 100644 policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml
 create mode 100644 policies/ecc-aws-368-sns_kms_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml
 create mode 100644 policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml
 create mode 100644 policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml
 create mode 100644 policies/ecc-aws-373-eks_control_plane_logging_enabled.yml
 create mode 100644 policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml
 create mode 100644 policies/ecc-aws-375-eks_secrets_encrypted.yml
 create mode 100644 policies/ecc-aws-376-ecr_immutable_image_tags.yml
 create mode 100644 policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml
 create mode 100644 policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml
 create mode 100644 policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml
 create mode 100644 policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml
 create mode 100644 policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml
 create mode 100644 policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml
 create mode 100644 policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml
 create mode 100644 policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml
 create mode 100644 policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml
 create mode 100644 policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml
 create mode 100644 policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml
 create mode 100644 policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml
 create mode 100644 policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml
 create mode 100644 policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml
 create mode 100644 policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml
 create mode 100644 policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml
 create mode 100644 policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml
 create mode 100644 policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml
 create mode 100644 policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml
 create mode 100644 policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml
 create mode 100644 policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml
 create mode 100644 policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml
 create mode 100644 policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
 create mode 100644 policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml
 create mode 100644 policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml
 create mode 100644 policies/ecc-aws-404-glue_s3_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml
 create mode 100644 policies/ecc-aws-407-emr_clusters_in_vpc.yml
 create mode 100644 policies/ecc-aws-408-emr_logging_to_s3_enabled.yml
 create mode 100644 policies/ecc-aws-409-vpc_unused_internet_gateway.yml
 create mode 100644 policies/ecc-aws-411-unused_virtual_private_gateways.yml
 create mode 100644 policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml
 create mode 100644 policies/ecc-aws-414-elasticache_automatic_backups.yml
 create mode 100644 policies/ecc-aws-415-elasticache_encrypted_in_transit.yml
 create mode 100644 policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml
 create mode 100644 policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml
 create mode 100644 policies/ecc-aws-419-elasticache_redis_auth_enabled.yml
 create mode 100644 policies/ecc-aws-420-elasticache_latest_version.yml
 create mode 100644 policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml
 create mode 100644 policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml
 create mode 100644 policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-430-autoscaling_group_cooldown_period.yml
 create mode 100644 policies/ecc-aws-431-elasticsearch_enforces_https.yml
 create mode 100644 policies/ecc-aws-432-elasticsearch_latest_version.yml
 create mode 100644 policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml
 create mode 100644 policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-435-workspaces_unused_instances.yml
 create mode 100644 policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml
 create mode 100644 policies/ecc-aws-437-workspaces_instances_are_healthy.yml
 create mode 100644 policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml
 create mode 100644 policies/ecc-aws-439-workspaces_storage_encrypted.yml
 create mode 100644 policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml
 create mode 100644 policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml
 create mode 100644 policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml
 create mode 100644 policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml
 create mode 100644 policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml
 create mode 100644 policies/ecc-aws-449-sqs_not_open_to_everyone.yml
 create mode 100644 policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml
 create mode 100644 policies/ecc-aws-452-cloudtrail_logs_management_events.yml
 create mode 100644 policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml
 create mode 100644 policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml
 create mode 100644 policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml
 create mode 100644 policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml
 create mode 100644 policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
 create mode 100644 policies/ecc-aws-459-config_delivery_failed.yml
 create mode 100644 policies/ecc-aws-461-dms_latest_version.yml
 create mode 100644 policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml
 create mode 100644 policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml
 create mode 100644 policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml
 create mode 100644 policies/ecc-aws-473-oracle_global_names_flag_enabled.yml
 create mode 100644 policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml
 create mode 100644 policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
 create mode 100644 policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
 create mode 100644 policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
 create mode 100644 policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml
 create mode 100644 policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml
 create mode 100644 policies/ecc-aws-480-oracle_trace_files_public.yml
 create mode 100644 policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml
 create mode 100644 policies/ecc-aws-482-dms_multi_az_enabled.yml
 create mode 100644 policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-488-ebs_snapshot_encrypted.yml
 create mode 100644 policies/ecc-aws-489-unused_ebs_volumes.yml
 create mode 100644 policies/ecc-aws-490-unused_ec2_access_keys.yml
 create mode 100644 policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml
 create mode 100644 policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml
 create mode 100644 policies/ecc-aws-494-workspaces_web_access_disabled.yml
 create mode 100644 policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
 create mode 100644 policies/ecc-aws-497-lambda_active_tracing_enabled.yml
 create mode 100644 policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml
 create mode 100644 policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-501-sagemaker_instance_root_disabled.yml
 create mode 100644 policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml
 create mode 100644 policies/ecc-aws-503-mq_broker_logging_enabled.yml
 create mode 100644 policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml
 create mode 100644 policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml
 create mode 100644 policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml
 create mode 100644 policies/ecc-aws-507-route53_domain_expires_in_30_days.yml
 create mode 100644 policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml
 create mode 100644 policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml
 create mode 100644 policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml
 create mode 100644 policies/ecc-aws-513-route53_query_logging_enabled.yml
 create mode 100644 policies/ecc-aws-514-msk_logging_enabled.yml
 create mode 100644 policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml
 create mode 100644 policies/ecc-aws-519-redshift_not_using_default_port.yml
 create mode 100644 policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml
 create mode 100644 policies/ecc-aws-522-route53_transfer_lock_enabled.yml
 create mode 100644 policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml
 create mode 100644 policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml
 create mode 100644 policies/ecc-aws-532-glue_connection_passwords_encrypted.yml
 create mode 100644 policies/ecc-aws-537-fsx_lustre_logging_enabled.yml
 create mode 100644 policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml
 create mode 100644 policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml
 create mode 100644 policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml
 create mode 100644 policies/ecc-aws-547-cloudtrail_logs_data_events.yml
 create mode 100644 policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml
 create mode 100644 policies/ecc-aws-550-ami_without_tag_information.yml
 create mode 100644 policies/ecc-aws-551-ebs_without_tag_information.yml
 create mode 100644 policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml
 create mode 100644 policies/ecc-aws-553-eip_without_tag_information.yml
 create mode 100644 policies/ecc-aws-555-eni_without_tag_information.yml
 create mode 100644 policies/ecc-aws-556-internet_gateway_without_tag_information.yml
 create mode 100644 policies/ecc-aws-557-nat_gateway_without_tag_information.yml
 create mode 100644 policies/ecc-aws-558-network_acl_without_tag_information.yml
 create mode 100644 policies/ecc-aws-559-route_table_without_tag_information.yml
 create mode 100644 policies/ecc-aws-560-security_group_without_tag_information.yml
 create mode 100644 policies/ecc-aws-561-subnet_without_tag_information.yml
 create mode 100644 policies/ecc-aws-562-transit_gateway_without_tag_information.yml
 create mode 100644 policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml
 create mode 100644 policies/ecc-aws-564-peering_connection_without_tag_information.yml
 create mode 100644 policies/ecc-aws-565-vpc_without_tag_information.yml
 create mode 100644 policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml
 create mode 100644 policies/ecc-aws-567-acm_without_tag_information.yml
 create mode 100644 policies/ecc-aws-568-app_flow_without_tag_information.yml
 create mode 100644 policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml
 create mode 100644 policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml
 create mode 100644 policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml
 create mode 100644 policies/ecc-aws-578-cloudtrail_without_tag_information.yml
 create mode 100644 policies/ecc-aws-580-codebuild_without_tag_information.yml
 create mode 100644 policies/ecc-aws-582-dax_clusters_without_tag_information.yml
 create mode 100644 policies/ecc-aws-583-dlm_without_tag_information.yml
 create mode 100644 policies/ecc-aws-584-dms_without_tag_information.yml
 create mode 100644 policies/ecc-aws-585-ecs_without_tag_information.yml
 create mode 100644 policies/ecc-aws-586-eks_without_tag_information.yml
 create mode 100644 policies/ecc-aws-587-efs_without_tag_information.yml
 create mode 100644 policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml
 create mode 100644 policies/ecc-aws-590-beanstalk_without_tag_information.yml
 create mode 100644 policies/ecc-aws-591-elb_without_tag_information.yml
 create mode 100644 policies/ecc-aws-592-emr_without_tag_information.yml
 create mode 100644 policies/ecc-aws-593-elasticsearch_without_tag_information.yml
 create mode 100644 policies/ecc-aws-596-fsx_without_tag_information.yml
 create mode 100644 policies/ecc-aws-597-fsx_backup_without_tag_information.yml
 create mode 100644 policies/ecc-aws-599-glacier_without_tag_information.yml
 create mode 100644 policies/ecc-aws-600-glue_job_without_tag_information.yml
 create mode 100644 policies/ecc-aws-608-iam_user_without_tag_information.yml
 create mode 100644 policies/ecc-aws-609-iam_role_without_tag_information.yml
 create mode 100644 policies/ecc-aws-611-msk_clusters_without_tag_information.yml
 create mode 100644 policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml
 create mode 100644 policies/ecc-aws-615-kms_key_without_tag_information.yml
 create mode 100644 policies/ecc-aws-616-lambda_functions_without_tag_information.yml
 create mode 100644 policies/ecc-aws-617-lightsail_instance_without_tag_information.yml
 create mode 100644 policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml
 create mode 100644 policies/ecc-aws-619-mq_brokers_without_tag_information.yml
 create mode 100644 policies/ecc-aws-620-mwaa_without_tag_information.yml
 create mode 100644 policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml
 create mode 100644 policies/ecc-aws-625-rds_cluster_without_tag_information.yml
 create mode 100644 policies/ecc-aws-626-rds_snapshot_without_tag_information.yml
 create mode 100644 policies/ecc-aws-627-redshift_clusters_without_tag_information.yml
 create mode 100644 policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml
 create mode 100644 policies/ecc-aws-632-sns_without_tag_information.yml
 create mode 100644 policies/ecc-aws-633-sqs_without_tag_information.yml
 create mode 100644 policies/ecc-aws-638-mq_broker_active_deployment_mode.yml
 create mode 100644 policies/ecc-aws-639-mq_broker_latest_version.yml
 create mode 100644 policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml
 create mode 100644 policies/ecc-aws-643-qldb_permission_mode_is_standard.yml
 create mode 100644 policies/ecc-aws-644-qldb_deletion_protection_enabled.yml
 create mode 100644 policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml
 create mode 100644 policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml
 create mode 100644 policies/ecc-aws-664-elasticache_redis_logs_enabled.yml
 create mode 100644 policies/ecc-aws-665-elasticache_notifications_enabled.yml
 create mode 100644 policies/ecc-aws-669-emr_termination_protection_enabled.yml
 create mode 100644 policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml
 create mode 100644 policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
 create mode 100644 policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml
 create mode 100644 policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml
 create mode 100644 policies/ecc-aws-681-lambda_concurrency_enabled.yml
 create mode 100644 policies/ecc-aws-690-ecs_exec_logging_enabled.yml
 create mode 100644 policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml
 create mode 100644 policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml
 create mode 100644 policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml
 create mode 100644 policies/ecc-aws-696-alb_desync_mode_check.yml
 create mode 100644 policies/ecc-aws-697-api_gw_endpoint_type_check.yml
 create mode 100644 policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml
 create mode 100644 policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml
 create mode 100644 policies/ecc-aws-707-clb_desync_mode_check.yml
 create mode 100644 policies/ecc-aws-708-clb-multiple_az.yml
 create mode 100644 policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml
 create mode 100644 policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml
 create mode 100644 policies/ecc-aws-712-cloudfront_sni_enabled.yml
 create mode 100644 policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-717-codebuild_project_artifact_encryption.yml
 create mode 100644 policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml
 create mode 100644 policies/ecc-aws-719-codebuild_project_logging_enabled.yml
 create mode 100644 policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml
 create mode 100644 policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml
 create mode 100644 policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
 create mode 100644 policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
 create mode 100644 policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml
 create mode 100644 policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml
 create mode 100644 policies/ecc-aws-739-ec2_token_hop_limit_check.yml
 create mode 100644 policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml
 create mode 100644 policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml
 create mode 100644 policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml
 create mode 100644 policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml
 create mode 100644 policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml
 create mode 100644 policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml
 create mode 100644 policies/ecc-aws-755-elbv2_multiple_az.yml
 create mode 100644 policies/ecc-aws-760-iam_group_has_users_check.yml
 create mode 100644 policies/ecc-aws-762-lambda_vpc_multi_az_check.yml
 create mode 100644 policies/ecc-aws-769-opensearch_access_control_enabled.yml
 create mode 100644 policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml
 create mode 100644 policies/ecc-aws-771-rds_cluster_default_admin_check.yml
 create mode 100644 policies/ecc-aws-773-rds_instance_default_admin_check.yml
 create mode 100644 policies/ecc-aws-776-redshift_default_admin_check.yml
 create mode 100644 policies/ecc-aws-777-redshift_default_db_name_check.yml
 create mode 100644 policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml
 create mode 100644 policies/ecc-aws-787-mwaa_latest_version.yml
 create mode 100644 policies/ecc-aws-800-dax_ecnrypted_in_transit.yml
 create mode 100644 policies/ecc-aws-808-clb_internet_facing.yml
 create mode 100644 policies/ecc-aws-809-elb_internet_facing.yml
 create mode 100644 policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
 create mode 100644 policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml
 create mode 100644 policies/ecc-aws-897-security_hub_enabled.yml
 create mode 100644 policies/ecc-aws-899-s3_event_notifications_enabled.yml
 create mode 100644 policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml
 create mode 100644 policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml
 create mode 100644 policies/ecc-aws-906-ecs_containers_readonly_access.yml
 create mode 100644 policies/ecc-aws-907-ecs_no_environment_secrets.yml
 create mode 100644 policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml
 create mode 100644 policies/ecc-aws-917-waf_global_webacl_not_empty.yml
 create mode 100644 policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml
 create mode 100644 policies/ecc-aws-938-cloudfront_encryption_in_transit.yml
 create mode 100644 policies/ecc-aws-939-ebs_default_encryption_enabled.yml
 create mode 100644 policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml
 create mode 100644 policies/ecc-aws-949-key_pair_without_tag_information.yml
 create mode 100644 policies/ecc-aws-950-autoscaling_launch_template.yml
 create mode 100644 policies/ecc-aws-951-clb_acm_certificate_required.yml
 create mode 100644 policies/ecc-aws-953-lambda_function_settings_check.yml
 create mode 100644 policies/ecc-aws-955-ecs_containers_nonprivileged.yml
 create mode 100644 policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml
 create mode 100644 policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml
 create mode 100644 policies/ecc-aws-962-glue_job_latest_version.yml
 create mode 100644 policies/ecc-aws-963-glue_job_logging_enabled.yml
 create mode 100644 version

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 000000000..21b6c3f13
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,9 @@
+tf_runner/*
+*.tfstate*
+.terraform/*
+*.log
+*report.csv
+*.terraform*
+**/tmp
+/output
+/.idea
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 000000000..8904ae862
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,8 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
+
+## [1.0] - 2023-06-14 
+
+- Initial version.  
diff --git a/policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml b/policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
new file mode 100644
index 000000000..73bcb3238
--- /dev/null
+++ b/policies/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password
+    resource: aws.iam-user
+    description: |
+      Multi-factor authentication (MFA) is not enabled for all IAM users that have console password
+    filters:
+      - type: credential
+        key: password_enabled
+        value: true
+      - type: credential
+        key: mfa_active
+        value: false
diff --git a/policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml b/policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
new file mode 100644
index 000000000..c425d4fd3
--- /dev/null
+++ b/policies/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-013-ensure_access_keys_are_rotated_every_90_days
+    resource: aws.iam-user
+    description: |
+      Access keys are not rotated every 90 days or less
+    filters:
+      - type: credential
+        key: access_keys.active
+        value: true
+      - type: credential
+        key: access_keys.last_rotated
+        value_type: age
+        value: 90
+        op: gt
diff --git a/policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml b/policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
new file mode 100644
index 000000000..c3e9b60ea
--- /dev/null
+++ b/policies/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc
+    resource: aws.vpc
+    description: |
+      VPC flow logging is not enabled in all VPCs
+    filters:
+      - not:
+          - type: flow-logs
+            enabled: true
diff --git a/policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml b/policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml
new file mode 100644
index 000000000..a7081ebaf
--- /dev/null
+++ b/policies/ecc-aws-082-rds_retention_backup_is_at_least_7_days.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-082-rds_retention_backup_is_at_least_7_days
+    resource: rds
+    description: |
+      RDS retention policy is less than 7 days
+    filters:
+      - type: value
+        key: BackupRetentionPeriod
+        value: 7
+        op: lt
diff --git a/policies/ecc-aws-083-rds_high-availability_zone.yml b/policies/ecc-aws-083-rds_high-availability_zone.yml
new file mode 100644
index 000000000..924db6be6
--- /dev/null
+++ b/policies/ecc-aws-083-rds_high-availability_zone.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-083-rds_high-availability_zone
+    resource: rds
+    description: |
+      RDS instances do not have multi-availability zone enabled
+    filters:
+      - type: value
+        key: MultiAZ
+        value: false
diff --git a/policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml b/policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml
new file mode 100644
index 000000000..601968cc2
--- /dev/null
+++ b/policies/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month
+    resource: iam-certificate
+    description: |
+      SSL/TLS certificates expire in less than a month
+    filters:
+      - type: value
+        key: Expiration
+        value_type: expiration
+        value: 30
+        op: le
diff --git a/policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml b/policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml
new file mode 100644
index 000000000..1d025c225
--- /dev/null
+++ b/policies/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week
+    resource: iam-certificate
+    description: |
+      SSL/TLS certificates expire in less than a week
+    filters:
+      - type: value
+        key: Expiration
+        value_type: expiration
+        value: 7
+        op: le
diff --git a/policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml b/policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml
new file mode 100644
index 000000000..f2bc0baa0
--- /dev/null
+++ b/policies/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution
+    description: |
+      Cloudfront Distribution uses weak ciphers
+    resource: aws.distribution
+    filters:
+      - not:
+          - type: value
+            key: ViewerCertificate.MinimumProtocolVersion
+            op: regex
+            value: 'TLSv1\.2_*'
\ No newline at end of file
diff --git a/policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml b/policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml
new file mode 100644
index 000000000..75ea886d3
--- /dev/null
+++ b/policies/ecc-aws-092-remove_weak_ciphers_for_clb.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-092-remove_weak_ciphers_for_clb
+    description: |
+      Classic Load Balancer uses weak ciphers
+    resource: elb
+    filters:
+      - type: ssl-policy
+        blacklist:
+          - "Protocol-SSLv2"
+          - "Protocol-SSLv3"
+          - "Protocol-TLSv1.1"
+          - "Protocol-TLSv1"
diff --git a/policies/ecc-aws-093-clb_uses_https.yml b/policies/ecc-aws-093-clb_uses_https.yml
new file mode 100644
index 000000000..669579c02
--- /dev/null
+++ b/policies/ecc-aws-093-clb_uses_https.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-093-clb_uses_https
+    description: |
+      Classic Load Balancer listeners are not blocking connection requests over http
+    resource: elb
+    filters:
+      - not:
+          - or:
+              - type: value
+                key: ListenerDescriptions[].Listener.Protocol
+                value_type: swap
+                value: HTTPS
+                op: in
+              - type: value
+                key: ListenerDescriptions[].Listener.Protocol
+                value_type: swap
+                value: SSL
+                op: in
diff --git a/policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml b/policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml
new file mode 100644
index 000000000..b0015a629
--- /dev/null
+++ b/policies/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account
+    resource: aws.account
+    description: |
+      Virtual MFA is not enabled for the "root" account
+    filters:
+      - type: credential
+        key: mfa_active
+        value: false
diff --git a/policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml b/policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml
new file mode 100644
index 000000000..c26a633ec
--- /dev/null
+++ b/policies/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account
+    resource: account
+    description: |
+      Hardware MFA is not enabled for the 'root' account
+    filters:
+      - type: has-virtual-mfa
+        value: false
+      - type: credential
+        key: mfa_active
+        value: true
diff --git a/policies/ecc-aws-096-credentials_unused_for_45_days.yml b/policies/ecc-aws-096-credentials_unused_for_45_days.yml
new file mode 100644
index 000000000..ec921cf37
--- /dev/null
+++ b/policies/ecc-aws-096-credentials_unused_for_45_days.yml
@@ -0,0 +1,55 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-096-credentials_unused_for_45_days
+    resource: aws.iam-user
+    description: |
+      Credentials unused for 45 days or more are not disabled
+    filters:
+      - or:
+          - and:
+              - type: credential
+                key: password_enabled
+                value: true
+              - type: credential
+                key: password_last_used
+                value_type: age
+                value: 45
+                op: ge
+          - and:
+              - type: credential
+                key: password_enabled
+                value: true
+              - type: credential
+                key: password_last_used
+                value: null
+              - type: credential
+                key: password_last_changed
+                value_type: age
+                value: 45
+                op: ge
+          - and:
+              - type: credential
+                key: access_keys.active
+                value: true
+              - type: credential
+                key: access_keys.last_used_date
+                value_type: age
+                value: 45
+                op: ge
+          - and:
+              - type: credential
+                key: access_keys.active
+                value: true
+              - type: credential
+                key: access_keys.last_used_date
+                value: null
+              - type: credential
+                key: access_keys.last_rotated
+                value: 45
+                op: ge
diff --git a/policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml b/policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml
new file mode 100644
index 000000000..29b652907
--- /dev/null
+++ b/policies/ecc-aws-097-iam_users_receive_permissions_only_through_groups.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-097-iam_users_receive_permissions_only_through_groups
+    resource: aws.iam-user
+    description: |
+      IAM Users receive permissions not only through groups
+    filters:
+      - type: policy
+        key: 'PolicyName'
+        value: present
diff --git a/policies/ecc-aws-098-iam_password_policy_password_reuse.yml b/policies/ecc-aws-098-iam_password_policy_password_reuse.yml
new file mode 100644
index 000000000..4fabdad4d
--- /dev/null
+++ b/policies/ecc-aws-098-iam_password_policy_password_reuse.yml
@@ -0,0 +1,28 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-098-iam_password_policy_password_reuse
+    resource: aws.account
+    description: |
+      IAM password policy does not prevent password reuse
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: PasswordReusePrevention
+            value: 24
+            op: lt
+          - and:
+              - type: password-policy
+                key: PasswordReusePrevention
+                value: null
+              - type: password-policy
+                key: PasswordPolicyConfigured
+                value: true
diff --git a/policies/ecc-aws-099-instance_without_any_tag.yml b/policies/ecc-aws-099-instance_without_any_tag.yml
new file mode 100644
index 000000000..c88cf5976
--- /dev/null
+++ b/policies/ecc-aws-099-instance_without_any_tag.yml
@@ -0,0 +1,26 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-099-instance_without_any_tag
+    description: |
+      Instances without any tags
+    resource: ec2
+    filters:
+      - and:
+          - not:
+              - type: value
+                key: State.Name
+                value: terminated
+          - or:
+              - type: value
+                key: Tags
+                value: absent
+              - type: value
+                key: Tags
+                value_type: size
+                value: 0
diff --git a/policies/ecc-aws-101-clb_access_logging_disabled.yml b/policies/ecc-aws-101-clb_access_logging_disabled.yml
new file mode 100644
index 000000000..20457f1ad
--- /dev/null
+++ b/policies/ecc-aws-101-clb_access_logging_disabled.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-101-clb_access_logging_disabled
+    description: |
+      Classic Load Balancer Access Logging is disabled 
+    resource: elb
+    filters:
+      - type: is-not-logging
diff --git a/policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml b/policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml
new file mode 100644
index 000000000..7c201b028
--- /dev/null
+++ b/policies/ecc-aws-102-ensures_sqs_encryption_is_enabled.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-102-ensures_sqs_encryption_is_enabled
+    description: |
+      SQS encryption is disabled
+    resource: sqs
+    filters:
+      - KmsMasterKeyId: absent
diff --git a/policies/ecc-aws-103-instance_without_termination_protection.yml b/policies/ecc-aws-103-instance_without_termination_protection.yml
new file mode 100644
index 000000000..484c28763
--- /dev/null
+++ b/policies/ecc-aws-103-instance_without_termination_protection.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-103-instance_without_termination_protection
+    description: |
+      Instances without termination protection
+    resource: ec2
+    filters:
+      - not:
+          - type: value
+            key: State.Name
+            value: terminated
+      - not:
+          - type: termination-protected
diff --git a/policies/ecc-aws-105-rds_instance_with_no_backups.yml b/policies/ecc-aws-105-rds_instance_with_no_backups.yml
new file mode 100644
index 000000000..5829ba6c1
--- /dev/null
+++ b/policies/ecc-aws-105-rds_instance_with_no_backups.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-105-rds_instance_with_no_backups
+    description: |
+      RDS instances without automated backups
+    resource: rds
+    filters:
+      - not:
+          - type: value
+            key: BackupRetentionPeriod
+            value_type: swap
+            op: ne
+            value: 0
diff --git a/policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml b/policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml
new file mode 100644
index 000000000..04362cd4c
--- /dev/null
+++ b/policies/ecc-aws-109-prevent_0-65535_ingress_and_all.yml
@@ -0,0 +1,28 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-109-prevent_0-65535_ingress_and_all
+    resource: aws.security-group
+    description: |
+      Security groups do not prevent all incoming traffic from 0-65535
+    filters:
+      - or:
+          - and:
+              - type: value
+                value_type: swap
+                key: IpPermissions[].FromPort
+                value: 0
+                op: in
+              - type: value
+                value_type: swap
+                key: IpPermissions[].ToPort
+                value: 65535
+                op: in
+          - and:
+              - type: ingress
+                IpProtocol: "-1"
\ No newline at end of file
diff --git a/policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml b/policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
new file mode 100644
index 000000000..1237a692a
--- /dev/null
+++ b/policies/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to DNS port (53)
+    filters:
+      - type: ingress
+        Ports: [53]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml b/policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
new file mode 100644
index 000000000..5c524c5a0
--- /dev/null
+++ b/policies/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to FTP port (21)
+    filters:
+      - type: ingress
+        Ports: [21]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml b/policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
new file mode 100644
index 000000000..f0f56fc42
--- /dev/null
+++ b/policies/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to HTTP port (80)
+    filters:
+      - type: ingress
+        Ports: [80]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml b/policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
new file mode 100644
index 000000000..c6da9a4a4
--- /dev/null
+++ b/policies/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to Microsoft-DS port (445)
+    filters:
+      - type: ingress
+        Ports: [445]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml b/policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
new file mode 100644
index 000000000..fedc3d95c
--- /dev/null
+++ b/policies/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to MongoDB port (27017)
+    filters:
+      - type: ingress
+        Ports: [27017]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml b/policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
new file mode 100644
index 000000000..720fbdf0b
--- /dev/null
+++ b/policies/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to MySQL DB port (3306)
+    filters:
+      - type: ingress
+        Ports: [3306]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml b/policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
new file mode 100644
index 000000000..1416af902
--- /dev/null
+++ b/policies/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to NetBIOS-SSN port (139)
+    filters:
+      - type: ingress
+        Ports: [139]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml b/policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
new file mode 100644
index 000000000..65cfd29bb
--- /dev/null
+++ b/policies/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to Oracle DB port (1521)
+    filters:
+      - type: ingress
+        Ports: [1521]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml b/policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
new file mode 100644
index 000000000..cac57c1f2
--- /dev/null
+++ b/policies/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to POP3 port (110)
+    filters:
+      - type: ingress
+        Ports: [110]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml b/policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
new file mode 100644
index 000000000..9488e0f89
--- /dev/null
+++ b/policies/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to PostgreSQL port (5432)
+    filters:
+      - type: ingress
+        Ports: [5432]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml b/policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
new file mode 100644
index 000000000..93cdd6ca5
--- /dev/null
+++ b/policies/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to SMTP port (25)
+    filters:
+      - type: ingress
+        Ports: [25]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml b/policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
new file mode 100644
index 000000000..e4bdfc6d8
--- /dev/null
+++ b/policies/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23
+    resource: aws.security-group
+    description: |
+      Security group rule allows internet traffic to Telnet port (23)
+    filters:
+      - type: ingress
+        Ports: [23]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
diff --git a/policies/ecc-aws-124-eks_cluster_version_latest.yml b/policies/ecc-aws-124-eks_cluster_version_latest.yml
new file mode 100644
index 000000000..aea19bc24
--- /dev/null
+++ b/policies/ecc-aws-124-eks_cluster_version_latest.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-124-eks_cluster_version_latest
+    description: |
+      EKS cluster is not using the latest version
+    resource: aws.eks
+    filters:
+      - type: value
+        key: version
+        value: "1.25"
+        op: lt
diff --git a/policies/ecc-aws-140-rds_without_tag_information.yml b/policies/ecc-aws-140-rds_without_tag_information.yml
new file mode 100644
index 000000000..2fa9f28c1
--- /dev/null
+++ b/policies/ecc-aws-140-rds_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-140-rds_without_tag_information
+    description: |
+      RDS Instances without tags
+    resource: rds
+    filters:
+      - type: tag-count
+        op: lt
+        count: 1
diff --git a/policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml b/policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml
new file mode 100644
index 000000000..cc55cb734
--- /dev/null
+++ b/policies/ecc-aws-168-iam_password_policy_one_uppercase_letter.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-168-iam_password_policy_one_uppercase_letter
+    resource: aws.account
+    description: |
+      Password policy does not require at least one uppercase letter
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: RequireUppercaseCharacters
+            value: false
diff --git a/policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml b/policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml
new file mode 100644
index 000000000..e0ebda245
--- /dev/null
+++ b/policies/ecc-aws-169-ensure_no_root_account_access_key_exists.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-169-ensure_no_root_account_access_key_exists
+    resource: aws.account
+    description: |
+      Root user account access key exists
+    filters:
+      - type: credential
+        key: access_keys.active
+        value: true
diff --git a/policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml b/policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml
new file mode 100644
index 000000000..7493f42a9
--- /dev/null
+++ b/policies/ecc-aws-170-iam_password_policy_one_lowercase_letter.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-170-iam_password_policy_one_lowercase_letter
+    resource: aws.account
+    description: |
+      Password policy does not require at least one lowercase letter
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: RequireLowercaseCharacters
+            value: false
diff --git a/policies/ecc-aws-171-iam_password_policy_one_symbol.yml b/policies/ecc-aws-171-iam_password_policy_one_symbol.yml
new file mode 100644
index 000000000..62074ac29
--- /dev/null
+++ b/policies/ecc-aws-171-iam_password_policy_one_symbol.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-171-iam_password_policy_one_symbol
+    resource: aws.account
+    description: |
+      Password policy does not require at least one symbol
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: RequireSymbols
+            value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-172-iam_password_policy_one_number.yml b/policies/ecc-aws-172-iam_password_policy_one_number.yml
new file mode 100644
index 000000000..ed165c8b9
--- /dev/null
+++ b/policies/ecc-aws-172-iam_password_policy_one_number.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-172-iam_password_policy_one_number
+    resource: aws.account
+    description: |
+      Password policy does not require at least one number
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: RequireNumbers
+            value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-173-iam_password_min_length_ge_14.yml b/policies/ecc-aws-173-iam_password_min_length_ge_14.yml
new file mode 100644
index 000000000..b713b0607
--- /dev/null
+++ b/policies/ecc-aws-173-iam_password_min_length_ge_14.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-173-iam_password_min_length_ge_14
+    resource: aws.account
+    description: |
+      Password policy does not require minimum length of 14 characters or greater
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: MinimumPasswordLength
+            value: 14
+            op: lt
diff --git a/policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml b/policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml
new file mode 100644
index 000000000..190bf0797
--- /dev/null
+++ b/policies/ecc-aws-174-iam_password_policy_passwd_expires_le_90.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-174-iam_password_policy_passwd_expires_le_90
+    resource: aws.account
+    description: |
+      IAM password policy is not configured to expire passwords after 90 days or less
+    filters:
+      - or:
+          - type: password-policy
+            key: PasswordPolicyConfigured
+            value: false
+          - type: password-policy
+            key: MaxPasswordAge
+            value: 90
+            op: gt
diff --git a/policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml b/policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml
new file mode 100644
index 000000000..71b69ab64
--- /dev/null
+++ b/policies/ecc-aws-176-cloudtrail_log_validation_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-176-cloudtrail_log_validation_enabled
+    resource: aws.cloudtrail
+    description: |
+      CloudTrail log file validation is disabled
+    filters:
+      - type: value
+        key: LogFileValidationEnabled
+        value: false
diff --git a/policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml b/policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml
new file mode 100644
index 000000000..43b471420
--- /dev/null
+++ b/policies/ecc-aws-179-cloudtrail_integrated_with_cloudwatch.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-179-cloudtrail_integrated_with_cloudwatch
+    resource: aws.cloudtrail
+    description: |
+      CloudTrail trails are not integrated with CloudWatch Logs
+    filters:
+      - type: value
+        key: CloudWatchLogsLogGroupArn
+        value: absent
diff --git a/policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml b/policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
new file mode 100644
index 000000000..5971f06a7
--- /dev/null
+++ b/policies/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance
+    resource: aws.ec2
+    description: |
+      IAM instance roles are not used for AWS resource access from instances
+    filters:
+      - type: value
+        key: IamInstanceProfile
+        value: absent
diff --git a/policies/ecc-aws-183-config_enabled_all_regions.yml b/policies/ecc-aws-183-config_enabled_all_regions.yml
new file mode 100644
index 000000000..a10424e5d
--- /dev/null
+++ b/policies/ecc-aws-183-config_enabled_all_regions.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-183-config_enabled_all_regions
+    resource: account
+    description: |
+      AWS Config is not enabled in all regions
+    filters:
+      - type: check-config
+        running: true
+        all-resources: true
+        global-resources: true
+        
diff --git a/policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml b/policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
new file mode 100644
index 000000000..9174e9817
--- /dev/null
+++ b/policies/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs
+    resource: aws.cloudtrail
+    description: |
+      CloudTrail logs are not encrypted at rest using KMS CMK
+    filters:
+      - not:
+          - KmsKeyId: present
diff --git a/policies/ecc-aws-185-kms_key_rotation_is_enabled.yml b/policies/ecc-aws-185-kms_key_rotation_is_enabled.yml
new file mode 100644
index 000000000..46bafe36e
--- /dev/null
+++ b/policies/ecc-aws-185-kms_key_rotation_is_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-185-kms_key_rotation_is_enabled
+    description: |
+      Rotation for symmetric customer-created CMKs is not enabled
+    resource: aws.kms-key
+    filters:
+      - type: value
+        key: 'KeyState'
+        value: Enabled
+      - type: key-rotation-status
+        key: KeyRotationEnabled
+        value: false
+      - type: value
+        key: KeySpec
+        value: SYMMETRIC_DEFAULT
diff --git a/policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml b/policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml
new file mode 100644
index 000000000..16df55a05
--- /dev/null
+++ b/policies/ecc-aws-186-security_group_ingress_is_restricted_22.yml
@@ -0,0 +1,26 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-186-security_group_ingress_is_restricted_22
+    resource: aws.security-group
+    description: |
+      Security groups allow ingress from 0.0.0.0/0 or ::/0 to remote server administration port (22)
+    filters:
+      - or:
+          - type: ingress
+            Ports: [22]
+            Cidr:
+              value:
+                - "0.0.0.0/0"
+              op: in
+          - type: ingress
+            Ports: [22]
+            CidrV6:
+              value:
+                - "::/0"
+              op: in
diff --git a/policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml b/policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml
new file mode 100644
index 000000000..c0955be42
--- /dev/null
+++ b/policies/ecc-aws-187-security_group_ingress_is_restricted_3389.yml
@@ -0,0 +1,26 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-187-security_group_ingress_is_restricted_3389
+    resource: aws.security-group
+    description: |
+      Security groups allow ingress from 0.0.0.0/0 or ::/0 to remote server administration port (3389)
+    filters:
+      - or:
+          - type: ingress
+            Ports: [3389]
+            Cidr:
+              value:
+                - "0.0.0.0/0"
+              op: in
+          - type: ingress
+            Ports: [3389]
+            CidrV6:
+              value:
+                - "::/0"
+              op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml b/policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml
new file mode 100644
index 000000000..4681d598a
--- /dev/null
+++ b/policies/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic
+    description: |
+      VPC default security group does not restrict all traffic
+    resource: aws.security-group
+    filters:
+      - type: value
+        key: "GroupName"
+        value: "default"
+      - or:
+          - type: value
+            key: IpPermissions
+            value: not-null
+          - type: value
+            key: IpPermissionsEgress
+            value: not-null
diff --git a/policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml b/policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml
new file mode 100644
index 000000000..618c2e77f
--- /dev/null
+++ b/policies/ecc-aws-190-encrypted_connection_between_cloudfront_origin.yml
@@ -0,0 +1,27 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-190-encrypted_connection_between_cloudfront_origin
+    description: |
+      Traffic between a CloudFront distribution and the origin is not enforced to allow HTTPS-only
+    resource: aws.distribution
+    filters:
+      - not:
+          - or:
+              - type: value
+                key: Origins.Items[].CustomOriginConfig.OriginProtocolPolicy
+                value_type: swap
+                value: https-only
+                op: in
+              - or:
+                  - type: value
+                    key: DefaultCacheBehavior.ViewerProtocolPolicy
+                    value: redirect-to-https
+                  - type: value
+                    key: DefaultCacheBehavior.ViewerProtocolPolicy
+                    value: https-only
diff --git a/policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml b/policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml
new file mode 100644
index 000000000..f95632693
--- /dev/null
+++ b/policies/ecc-aws-191-eks_cluster_protected_endpoint_access.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-191-eks_cluster_protected_endpoint_access
+    description: |
+      EKS cluster endpoint does not have protected access
+    resource: aws.eks
+    filters:
+      - type: value
+        key: resourcesVpcConfig.endpointPublicAccess
+        value: true
+      - type: value
+        key: resourcesVpcConfig.publicAccessCidrs
+        value: "0.0.0.0/0"
+        value_type: swap
+        op: in
diff --git a/policies/ecc-aws-196-unused_ec2_security_groups.yml b/policies/ecc-aws-196-unused_ec2_security_groups.yml
new file mode 100644
index 000000000..895ee5a5c
--- /dev/null
+++ b/policies/ecc-aws-196-unused_ec2_security_groups.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-196-unused_ec2_security_groups
+    description: |
+      Unused security groups exist
+    resource: security-group
+    filters:
+      - unused
diff --git a/policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml b/policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml
new file mode 100644
index 000000000..562e6487e
--- /dev/null
+++ b/policies/ecc-aws-197-codebuild_project_source_repo_url_check.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-197-codebuild_project_source_repo_url_check
+    description: |
+      CodeBuild GitHub or Bitbucket source repository URLs do not use OAuth
+    resource: aws.codebuild
+    filters:
+      - or:
+          - and:
+              - type: value
+                key: source.type
+                value: GITHUB
+              - type: value
+                key: source.auth.resource
+                op: regex
+                value: '^.*token.*$'
+          - and:
+              - type: value
+                key: source.type
+                value: BITBUCKET
+              - type: value
+                key: source.auth.resource
+                op: regex
+                value: '^.*token.*$'
\ No newline at end of file
diff --git a/policies/ecc-aws-198-autoscaling_group_health_checks.yml b/policies/ecc-aws-198-autoscaling_group_health_checks.yml
new file mode 100644
index 000000000..9de0c1a63
--- /dev/null
+++ b/policies/ecc-aws-198-autoscaling_group_health_checks.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-198-autoscaling_group_health_checks
+    description: |
+      Auto scaling groups associated with a load balancer do not use health checks
+    resource: asg
+    filters:
+      - not:
+          - type: value
+            key: HealthCheckType
+            value: ELB
+          - type: value
+            key: HealthCheckGracePeriod
+            value: 300
diff --git a/policies/ecc-aws-199-unused_eip_should_be_removed.yml b/policies/ecc-aws-199-unused_eip_should_be_removed.yml
new file mode 100644
index 000000000..fe5cddc9c
--- /dev/null
+++ b/policies/ecc-aws-199-unused_eip_should_be_removed.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-199-unused_eip_should_be_removed
+    description: |
+       Unused EC2 EIPs exist
+    resource: network-addr
+    filters:
+      - type: value
+        key: AssociationId
+        value: absent
diff --git a/policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml b/policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml
new file mode 100644
index 000000000..e49a72ef7
--- /dev/null
+++ b/policies/ecc-aws-200-elasticsearch_service_domains_in_vpc.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-200-elasticsearch_service_domains_in_vpc
+    description: |
+      Elasticsearch Service domains are not in a VPC
+    resource: elasticsearch
+    filters:
+      - type: value
+        key: VPCOptions.VPCId
+        value: absent
diff --git a/policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml b/policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml
new file mode 100644
index 000000000..f53165645
--- /dev/null
+++ b/policies/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-201-elasticsearch_service_domains_encryption_at_rest
+    description: |
+      Elasticsearch Service domains do not have encryption at rest
+    resource: elasticsearch
+    filters:
+      - type: value
+        key: EncryptionAtRestOptions.Enabled
+        value: false
diff --git a/policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml b/policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml
new file mode 100644
index 000000000..669893fe9
--- /dev/null
+++ b/policies/ecc-aws-203-ebs_snapshots_not_publicly_restorable.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-203-ebs_snapshots_not_publicly_restorable
+    description: |
+      EBS snapshots are publicly restorable
+    resource: ebs-snapshot
+    filters:
+      - and:
+          - type: cross-account
+          - type: value
+            key: '"c7n:CrossAccountViolations"[0]'
+            value: all
\ No newline at end of file
diff --git a/policies/ecc-aws-210-cloud_front_waf_integration.yml b/policies/ecc-aws-210-cloud_front_waf_integration.yml
new file mode 100644
index 000000000..98d6a31e4
--- /dev/null
+++ b/policies/ecc-aws-210-cloud_front_waf_integration.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-210-cloud_front_waf_integration
+    description: |
+      Cloud Front is not integrated with WAF
+    resource: distribution
+    filters:
+      - or:
+          - type: value
+            key: WebACLId
+            value: ""
+          - type: value
+            key: WebACLId
+            value: None
diff --git a/policies/ecc-aws-212-lambda_in_vpc.yml b/policies/ecc-aws-212-lambda_in_vpc.yml
new file mode 100644
index 000000000..8ecad06ba
--- /dev/null
+++ b/policies/ecc-aws-212-lambda_in_vpc.yml
@@ -0,0 +1,31 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-212-lambda_in_vpc
+    description: |
+      Lambda functions are not in a VPC
+    resource: lambda
+    filters:
+      - not:
+          - and:
+              - type: value
+                key: VpcConfig.VpcId
+                op: regex
+                value: '^.*'
+              - type: value
+                key: VpcConfig.SubnetIds[0]
+                op: regex
+                value: '^.*'
+              - type: value
+                key: VpcConfig.SubnetIds[1]
+                op: regex
+                value: '^.*'
+              - type: value
+                key: VpcConfig.SecurityGroupIds[0]
+                op: regex
+                value: '^.*'
\ No newline at end of file
diff --git a/policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml b/policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml
new file mode 100644
index 000000000..8941e51e2
--- /dev/null
+++ b/policies/ecc-aws-215-redshift_cluster_prohibit_public_access.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-215-redshift_cluster_prohibit_public_access
+    description: |
+      Redshift clusters do not prohibit public access
+    resource: redshift
+    filters:
+      - type: value
+        key: PubliclyAccessible
+        value: true
diff --git a/policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml b/policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml
new file mode 100644
index 000000000..a869cd75b
--- /dev/null
+++ b/policies/ecc-aws-218-codebuild_environment_variables_contain_text_credentials.yml
@@ -0,0 +1,24 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-218-codebuild_environment_variables_contain_text_credentials
+    description: |
+      CodeBuild project environment variables contain clear text credentials
+    resource: codebuild
+    filters:
+      - or:
+          - type: value
+            key: environment.environmentVariables[].name
+            value_type: swap
+            value: AWS_ACCESS_KEY_ID
+            op: in
+          - type: value
+            key: environment.environmentVariables[].name
+            value_type: swap
+            value: AWS_SECRET_ACCESS_KEY
+            op: in
diff --git a/policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml b/policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml
new file mode 100644
index 000000000..e62cf6508
--- /dev/null
+++ b/policies/ecc-aws-219-rds_snapshot_prohibit_public_access.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-219-rds_snapshot_prohibit_public_access
+    description: |
+      RDS snapshots do not prohibit public access
+    resource: rds-snapshot
+    filters:
+      - and:
+          - type: cross-account
+          - type: value
+            key: '"c7n:CrossAccountViolations"[0]'
+            value: all
diff --git a/policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml b/policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml
new file mode 100644
index 000000000..de5ab3a9c
--- /dev/null
+++ b/policies/ecc-aws-221-ec2_managed_ssm_patch_compliance.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-221-ec2_managed_ssm_patch_compliance
+    description: |
+      Amazon EC2 instances managed by Systems Manager have a patch compliance status of NON-COMPLIANT after a patch installation
+    resource: ec2
+    filters:
+      - type: ssm-compliance
+        compliance_types:
+          - Patch
+        states:
+          - NON_COMPLIANT
diff --git a/policies/ecc-aws-222-ami_public_access.yml b/policies/ecc-aws-222-ami_public_access.yml
new file mode 100644
index 000000000..472c5caff
--- /dev/null
+++ b/policies/ecc-aws-222-ami_public_access.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-222-ami_public_access
+    description: |
+      AMIs are exposed to public access
+    resource: ami
+    filters:
+      - and:
+          - type: cross-account
+          - type: value
+            key: '"c7n:CrossAccountViolations"[0]'
+            value: all
diff --git a/policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml b/policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml
new file mode 100644
index 000000000..42d297db4
--- /dev/null
+++ b/policies/ecc-aws-223-ensure_that_sagemaker_in_vpc.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-223-ensure_that_sagemaker_in_vpc
+    description: |
+      SageMaker is not placed in VPC
+    resource: aws.sagemaker-notebook
+    filters:
+      - or:
+        - type: value
+          key: SubnetId
+          value: absent
+        - type: value
+          key: DirectInternetAccess
+          value: Enabled        
diff --git a/policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml b/policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml
new file mode 100644
index 000000000..bcbda372e
--- /dev/null
+++ b/policies/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-231-vpc-subnets_automatic_public_ip_assignment
+    description: |
+      VPC subnets automatic public ip assignment is enabled
+    resource: subnet
+    filters:
+      - type: value
+        key: MapPublicIpOnLaunch
+        value: true
diff --git a/policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml b/policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml
new file mode 100644
index 000000000..04224f222
--- /dev/null
+++ b/policies/ecc-aws-232-sagemaker_does_not_have_direct_internet_access.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-232-sagemaker_does_not_have_direct_internet_access
+    description: |
+      SageMaker Notebook has direct internet access
+    resource: aws.sagemaker-notebook
+    filters:
+      - type: value
+        key: DirectInternetAccess
+        value: Enabled
diff --git a/policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml b/policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml
new file mode 100644
index 000000000..031d7d896
--- /dev/null
+++ b/policies/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates
+    description: |
+      Cloudfront web distributions do not use custom SSL certificates
+    resource: distribution
+    filters:
+      - and:
+          - type: value
+            key: ViewerCertificate.CloudFrontDefaultCertificate
+            value: true
+          - type: value
+            key: ViewerCertificate.CertificateSource
+            value: cloudfront
diff --git a/policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml b/policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml
new file mode 100644
index 000000000..47b261597
--- /dev/null
+++ b/policies/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled
+    description: |
+      Cloudfront web distribution with geo restriction is not enabled
+    resource: distribution
+    filters:
+      - type: value
+        key: Restrictions.GeoRestriction.RestrictionType
+        value: none
diff --git a/policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml b/policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml
new file mode 100644
index 000000000..dfa804fe0
--- /dev/null
+++ b/policies/ecc-aws-240-acm_has_certificates_single_domain_names.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-240-acm_has_certificates_single_domain_names
+    description: |
+      ACM has certificates with wildcard domain names
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: DomainName
+        op: regex
+        value: '.*\*.*'
\ No newline at end of file
diff --git a/policies/ecc-aws-241-acm_has_no_unused_certificates.yml b/policies/ecc-aws-241-acm_has_no_unused_certificates.yml
new file mode 100644
index 000000000..415b5435a
--- /dev/null
+++ b/policies/ecc-aws-241-acm_has_no_unused_certificates.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-241-acm_has_no_unused_certificates
+    description: |
+      AWS Certificate Manager (ACM) has unused certificates
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: InUseBy[0]
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-242-cloudfront_distribution_access_logging.yml b/policies/ecc-aws-242-cloudfront_distribution_access_logging.yml
new file mode 100644
index 000000000..62fd763e2
--- /dev/null
+++ b/policies/ecc-aws-242-cloudfront_distribution_access_logging.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-242-cloudfront_distribution_access_logging
+    description: |
+      AWS CloudFront distribution with access logging is disabled
+    resource: distribution
+    filters:
+      - type: distribution-config
+        key: Logging.Enabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml b/policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml
new file mode 100644
index 000000000..bbd697c7c
--- /dev/null
+++ b/policies/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm
+    description: |
+      Invalid or failed certificates are not removed from ACM
+    resource: acm-certificate
+    filters:
+      - or:
+          - type: value
+            key: Status
+            value: FAILED
+          - type: value
+            key: Status
+            value: VALIDATION_TIMED_OUT
\ No newline at end of file
diff --git a/policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml b/policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml
new file mode 100644
index 000000000..fed903fdb
--- /dev/null
+++ b/policies/ecc-aws-245-alb_is_protected_by_waf_regional.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-245-alb_is_protected_by_waf_regional
+    description: |
+      ALB is not protected by WAF regional
+    resource: app-elb
+    filters:
+      - type: value
+        key: Type
+        value: "application"
+        op: in
+      - type: waf-enabled
+        state: false
\ No newline at end of file
diff --git a/policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml b/policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml
new file mode 100644
index 000000000..59a0e9417
--- /dev/null
+++ b/policies/ecc-aws-247-managed_policies_instead_of_inline_iam_policies.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-247-managed_policies_instead_of_inline_iam_policies
+    description: |
+      Inline IAM policies are in use
+    resource: iam-user
+    filters:
+      - type: has-inline-policy
\ No newline at end of file
diff --git a/policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml b/policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
new file mode 100644
index 000000000..6956f50bc
--- /dev/null
+++ b/policies/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic
+    description: |
+      Kubernetes Engine Clusters network firewall inbound rule is overly permissive to all traffic
+    resource: eks
+    filters:
+      - and:
+          - type: security-group
+            key: IpPermissions[].IpProtocol
+            value_type: swap
+            op: in
+            value: "-1"
+          - or:
+              - type: security-group
+                key: IpPermissions[].IpRanges[].CidrIp
+                value_type: swap
+                op: in
+                value: "0.0.0.0/0"
+              - type: security-group
+                key: IpPermissions[].Ipv6Ranges[].CidrIpv6
+                value_type: swap
+                op: in
+                value: "::/0"
\ No newline at end of file
diff --git a/policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml b/policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml
new file mode 100644
index 000000000..84a0aeb14
--- /dev/null
+++ b/policies/ecc-aws-249-expired_certificates_are_removed_from_acm.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-249-expired_certificates_are_removed_from_acm
+    description: |
+      Expired certificates are not removed from the AWS Certificate Manager (ACM)
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: Status
+        value: EXPIRED
\ No newline at end of file
diff --git a/policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml b/policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml
new file mode 100644
index 000000000..f1f631111
--- /dev/null
+++ b/policies/ecc-aws-250-rest_api_gateway_is_set_to_private.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-250-rest_api_gateway_is_set_to_private
+    description: |
+      API endpoint type in the API gateway is not private and exposed to the public internet
+    resource: rest-api
+    filters:
+      - or:
+          - type: value
+            key: endpointConfiguration.types[0]
+            value: REGIONAL
+          - type: value
+            key: endpointConfiguration.types[0]
+            value: EDGE
\ No newline at end of file
diff --git a/policies/ecc-aws-251-api_key_is_required_on_method_request.yml b/policies/ecc-aws-251-api_key_is_required_on_method_request.yml
new file mode 100644
index 000000000..f3d151d86
--- /dev/null
+++ b/policies/ecc-aws-251-api_key_is_required_on_method_request.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-251-api_key_is_required_on_method_request
+    description: |
+      API Key is not required on Method Request
+    resource: rest-resource
+    filters:
+      - type: rest-method
+        key: apiKeyRequired
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml b/policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml
new file mode 100644
index 000000000..7a566c048
--- /dev/null
+++ b/policies/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys
+    description: |
+      Kinesis streams are not encrypted with KMS CMK
+    resource: kinesis
+    filters:
+      - type: value
+        key: KeyId
+        value: 'alias/aws/kinesis'
\ No newline at end of file
diff --git a/policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml b/policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml
new file mode 100644
index 000000000..8db26d0f0
--- /dev/null
+++ b/policies/ecc-aws-254-kinesis_server_data_at_rest_has_sse.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-254-kinesis_server_data_at_rest_has_sse
+    description: |
+      Kinesis Server data at rest has no server-side encryption
+    resource: kinesis
+    filters:
+      - type: value
+        key: EncryptionType
+        value: NONE
\ No newline at end of file
diff --git a/policies/ecc-aws-255-restrict_outbound_traffic.yml b/policies/ecc-aws-255-restrict_outbound_traffic.yml
new file mode 100644
index 000000000..13870e8ad
--- /dev/null
+++ b/policies/ecc-aws-255-restrict_outbound_traffic.yml
@@ -0,0 +1,24 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-255-restrict_outbound_traffic
+    description: |
+      Outbound traffic is allowed to all ports
+    resource: security-group
+    filters:
+      - and:
+          - type: value
+            key: IpPermissionsEgress[].IpProtocol
+            value_type: swap
+            op: in
+            value: '-1'
+          - type: value
+            key: IpPermissionsEgress[].IpRanges[0].CidrIp
+            value_type: swap
+            op: in
+            value: '0.0.0.0/0'
\ No newline at end of file
diff --git a/policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml b/policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml
new file mode 100644
index 000000000..82ce16d42
--- /dev/null
+++ b/policies/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk
+    description: |
+      DynamoDB is not encrypted using KMS CMK
+    resource: dynamodb-table
+    filters:
+      - not:
+          - type: value
+            key: SSEDescription.SSEType
+            value: KMS
\ No newline at end of file
diff --git a/policies/ecc-aws-257-efs_is_encrypted.yml b/policies/ecc-aws-257-efs_is_encrypted.yml
new file mode 100644
index 000000000..f9a7e1b7c
--- /dev/null
+++ b/policies/ecc-aws-257-efs_is_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-257-efs_is_encrypted
+    description: |
+      Amazon EFS file systems are not encrypted
+    resource: efs
+    filters:
+      - type: value
+        key: Encrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml b/policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml
new file mode 100644
index 000000000..133644ab3
--- /dev/null
+++ b/policies/ecc-aws-258-efs_is_encrypted_using_managed_cmk.yml
@@ -0,0 +1,24 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-258-efs_is_encrypted_using_managed_cmk
+    description: |
+      EFS file systems are not encrypted using KMS CMK
+    resource: efs
+    filters:
+      - or:
+          - type: value
+            key: Encrypted
+            value: false
+          - and:
+              - type: value
+                key: Encrypted
+                value: true
+              - type: kms-key
+                key: KeyManager
+                value: AWS
\ No newline at end of file
diff --git a/policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml b/policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml
new file mode 100644
index 000000000..8a42721ad
--- /dev/null
+++ b/policies/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-259-elasticache_redis_clusters_encryption_at_rest
+    description: |
+      ElastiCache Redis cluster at-rest encryption is disabled
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: Engine
+        value: "redis"
+      - type: value
+        key: AtRestEncryptionEnabled
+        value: false
diff --git a/policies/ecc-aws-260-redshift_instances_are_encrypted.yml b/policies/ecc-aws-260-redshift_instances_are_encrypted.yml
new file mode 100644
index 000000000..12ee8f03e
--- /dev/null
+++ b/policies/ecc-aws-260-redshift_instances_are_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-260-redshift_instances_are_encrypted
+    description: |
+      Redshift instances are not encrypted
+    resource: redshift
+    filters:
+      - type: value
+        key: Encrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml b/policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml
new file mode 100644
index 000000000..31b65d8c6
--- /dev/null
+++ b/policies/ecc-aws-261-rds_cluster_storage_is_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-261-rds_cluster_storage_is_encrypted
+    description: |
+      Unencrypted RDS cluster storage is in use
+    resource: rds-cluster
+    filters:
+      - type: value
+        key: StorageEncrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-262-expired_route53_domain_names.yml b/policies/ecc-aws-262-expired_route53_domain_names.yml
new file mode 100644
index 000000000..6312b3d15
--- /dev/null
+++ b/policies/ecc-aws-262-expired_route53_domain_names.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-262-expired_route53_domain_names
+    description: |
+      Expired Route53 domain name
+    resource: aws.r53domain
+    filters:
+      - type: value
+        key: Expiry
+        value_type: expiration
+        value: 0
+        op: lte
diff --git a/policies/ecc-aws-263-enable_elb_access_logs.yml b/policies/ecc-aws-263-enable_elb_access_logs.yml
new file mode 100644
index 000000000..44c6b3b6d
--- /dev/null
+++ b/policies/ecc-aws-263-enable_elb_access_logs.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-263-enable_elb_access_logs
+    description: |
+      Application or Network Load Balancer access logs is disabled
+    resource: app-elb
+    filters:
+      - not:
+          - type: value
+            key: Type
+            value: "gateway"
+            op: in
+      - type: is-not-logging
\ No newline at end of file
diff --git a/policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml b/policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml
new file mode 100644
index 000000000..5dab2febf
--- /dev/null
+++ b/policies/ecc-aws-264-update_security_policy_of_network_load_balancer.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-264-update_security_policy_of_network_load_balancer
+    description: |
+      Security Policy of the Network Load Balancer is not updated
+    resource: app-elb
+    filters:
+      - type: value
+        key: Type
+        value: "network"
+        op: in
+      - type: listener
+        key: Protocol
+        value: TLS
+      - not:
+          - type: listener
+            key: SslPolicy
+            op: regex
+            value: 'ELBSecurityPolicy-(TLS13|FS).*'
\ No newline at end of file
diff --git a/policies/ecc-aws-267-guardduty_service_is_enabled.yml b/policies/ecc-aws-267-guardduty_service_is_enabled.yml
new file mode 100644
index 000000000..ca0cf588d
--- /dev/null
+++ b/policies/ecc-aws-267-guardduty_service_is_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-267-guardduty_service_is_enabled
+    description: |
+      Amazon GuardDuty service is not enabled
+    resource: account
+    filters:
+      - not:
+          - type: guard-duty
+            Detector.Status: ENABLED
\ No newline at end of file
diff --git a/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml b/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
new file mode 100644
index 000000000..0d26d1769
--- /dev/null
+++ b/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
@@ -0,0 +1,29 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks
+    resource: aws.account
+    description: |
+      Root user is used for administrative and daily tasks
+    filters:
+      - or:
+          - and:
+              - type: credential
+                key: access_keys.active
+                value: true
+              - type: credential
+                key: access_keys.last_used_date
+                value: present
+
+          - and:
+              - type: credential
+                key: password_enabled
+                value: true
+              - type: credential
+                key: password_last_used
+                value: present
\ No newline at end of file
diff --git a/policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml b/policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml
new file mode 100644
index 000000000..eb8a70a8a
--- /dev/null
+++ b/policies/ecc-aws-276-iam_access_analyzer_is_enabled.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-276-iam_access_analyzer_is_enabled
+    resource: aws.account
+    description: |
+      IAM Access analyzer is not enabled for all regions
+    filters:
+      - not:
+          - type: access-analyzer
+            key: 'status'
+            value: ACTIVE
+            op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml b/policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml
new file mode 100644
index 000000000..e501f77fc
--- /dev/null
+++ b/policies/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user
+    resource: iam-user
+    description: |
+      More than one active access key is available for a single IAM user
+    filters:
+      - type: access-key
+        key: Status
+        value: Active
+      - and:
+          - type: value
+            key: '"c7n:AccessKeys"[0].Status'
+            value: Active
+          - type: value
+            key: '"c7n:AccessKeys"[1].Status'
+            value: Active
\ No newline at end of file
diff --git a/policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml b/policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
new file mode 100644
index 000000000..ee93427da
--- /dev/null
+++ b/policies/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed
+    resource: iam-certificate
+    description: |
+      Expired SSL/TLS certificates stored in IAM are not removed
+    filters:
+      - type: value
+        key: Expiration
+        value_type: expiration
+        op: le
+        value: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-289-ebs_volume_without_encrypt.yml b/policies/ecc-aws-289-ebs_volume_without_encrypt.yml
new file mode 100644
index 000000000..e629f450f
--- /dev/null
+++ b/policies/ecc-aws-289-ebs_volume_without_encrypt.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-289-ebs_volume_without_encrypt
+    resource: aws.ebs
+    description: |
+      EBS volume encryption is disabled
+    filters:
+      - type: value
+        key: Encrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-291-rds_public_access_disabled.yml b/policies/ecc-aws-291-rds_public_access_disabled.yml
new file mode 100644
index 000000000..4e99889ee
--- /dev/null
+++ b/policies/ecc-aws-291-rds_public_access_disabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-291-rds_public_access_disabled
+    description: |
+      RDS instance is publicly accessible 
+    resource: rds
+    filters:
+      - type: value
+        key: PubliclyAccessible
+        value: true
\ No newline at end of file
diff --git a/policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml b/policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml
new file mode 100644
index 000000000..0c7163078
--- /dev/null
+++ b/policies/ecc-aws-292-api_gateway_rest_api_encryption_at_rest.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-292-api_gateway_rest_api_encryption_at_rest
+    description: |
+      API Gateway REST API cache data is not encrypted at rest
+    resource: rest-stage
+    filters:
+      - methodSettings."*/*".cacheDataEncrypted: false
\ No newline at end of file
diff --git a/policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml b/policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml
new file mode 100644
index 000000000..ea1cc849b
--- /dev/null
+++ b/policies/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to FTP port 20 
+    filters:
+      - type: ingress
+        Ports: [20]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-294-clb_connection_draining_enabled.yml b/policies/ecc-aws-294-clb_connection_draining_enabled.yml
new file mode 100644
index 000000000..48db4d347
--- /dev/null
+++ b/policies/ecc-aws-294-clb_connection_draining_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-294-clb_connection_draining_enabled
+    description: |
+      Classic Load Balancers connection draining is not enabled
+    resource: aws.elb
+    filters:
+      - type: attributes
+        key: ConnectionDraining.Enabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml b/policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml
new file mode 100644
index 000000000..c000ac0b7
--- /dev/null
+++ b/policies/ecc-aws-295-elasticsearch_domains_audit_logging_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-295-elasticsearch_domains_audit_logging_enabled
+    resource: aws.elasticsearch
+    description: |
+      Elasticsearch domains audit logging is not enabled 
+    filters:
+      - or:
+          - type: value
+            key: LogPublishingOptions.AUDIT_LOGS.Enabled
+            value: false
+          - type: value
+            key: LogPublishingOptions.AUDIT_LOGS
+            value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml b/policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
new file mode 100644
index 000000000..6089fb499
--- /dev/null
+++ b/policies/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes
+    resource: aws.elasticsearch
+    description: |
+      Elasticsearch domains are not configured with at least three dedicated master nodes
+    filters:
+      - not:
+          - and:
+              - type: value
+                key: ElasticsearchClusterConfig.DedicatedMasterCount
+                value: 3
+                op: gte
+              - type: value
+                key: ElasticsearchClusterConfig.DedicatedMasterEnabled
+                value: true
\ No newline at end of file
diff --git a/policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml b/policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
new file mode 100644
index 000000000..2513a944e
--- /dev/null
+++ b/policies/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2
+    resource: aws.elasticsearch
+    description: |
+      Connections to Elasticsearch domains are not encrypted using TLS 1.2
+    filters:
+      - not:
+          - and:
+              - type: value
+                key: DomainEndpointOptions.TLSSecurityPolicy
+                value: Policy-Min-TLS-1-2-2019-07
+              - type: value
+                key: DomainEndpointOptions.EnforceHTTPS
+                value: true
\ No newline at end of file
diff --git a/policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml b/policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
new file mode 100644
index 000000000..a5bec33d6
--- /dev/null
+++ b/policies/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots
+    resource: aws.rds-cluster
+    description: |
+      RDS DB clusters are not configured to copy tags to snapshots
+    filters:
+      - type: value
+        key: CopyTagsToSnapshot
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml b/policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
new file mode 100644
index 000000000..a3041ec16
--- /dev/null
+++ b/policies/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots
+    resource: aws.rds
+    description: |
+      RDS DB instances are not configured to copy tags to snapshots
+    filters:
+      - type: value
+        key: CopyTagsToSnapshot
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml b/policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml
new file mode 100644
index 000000000..9ef38af19
--- /dev/null
+++ b/policies/ecc-aws-306-redshift_clusters_audit_logging_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-306-redshift_clusters_audit_logging_enabled
+    description: |
+      Redshift clusters audit logging is disabled
+    resource: redshift
+    filters:
+      - or:
+          - type: logging
+            key: LoggingEnabled
+            value: false
+          - type: param
+            key: enable_user_activity_logging
+            value: false
+            op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml b/policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml
new file mode 100644
index 000000000..f8fec60d7
--- /dev/null
+++ b/policies/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically
+    resource: aws.ecs-service
+    description: |
+      Amazon ECS services public IP addresses are assigned to them automatically 
+    filters:
+      - type: value
+        key: deployments[0].networkConfiguration.awsvpcConfiguration.assignPublicIp
+        value: ENABLED
\ No newline at end of file
diff --git a/policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml b/policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml
new file mode 100644
index 000000000..6ce773717
--- /dev/null
+++ b/policies/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to RPC port 135
+    filters:
+      - type: ingress
+        Ports: [135]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml b/policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml
new file mode 100644
index 000000000..75c1fce5b
--- /dev/null
+++ b/policies/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to IMAP port 143
+    filters:
+      - type: ingress
+        Ports: [143]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml b/policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
new file mode 100644
index 000000000..7930600f3
--- /dev/null
+++ b/policies/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to MSSQL ports 1433, 1434
+    filters:
+      - type: ingress
+        Ports: [1433, 1434]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml b/policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml
new file mode 100644
index 000000000..e85a54665
--- /dev/null
+++ b/policies/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to ahsp port 4333
+    filters:
+      - type: ingress
+        Ports: [4333]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml b/policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml
new file mode 100644
index 000000000..712392937
--- /dev/null
+++ b/policies/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to fcp-addr-srvr1 port 5500
+    filters:
+      - type: ingress
+        Ports: [5500]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml b/policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml
new file mode 100644
index 000000000..91fc09197
--- /dev/null
+++ b/policies/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to Kibana port 5601
+    filters:
+      - type: ingress
+        Ports: [5601]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml b/policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml
new file mode 100644
index 000000000..b9d3be7ce
--- /dev/null
+++ b/policies/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to proxy port 8080
+    filters:
+      - type: ingress
+        Ports: [8080]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml b/policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
new file mode 100644
index 000000000..b9a84e682
--- /dev/null
+++ b/policies/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports
+    resource: aws.security-group
+    description: |
+      Security groups allow unrestricted access to Elasticsearch service ports 9200, 9300
+    filters:
+      - type: ingress
+        Ports: [9200, 9300]
+        Cidr:
+          value:
+            - "0.0.0.0/0"
+          op: in
\ No newline at end of file
diff --git a/policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml b/policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml
new file mode 100644
index 000000000..00313e5d8
--- /dev/null
+++ b/policies/ecc-aws-318-rds_database_cluster_engine_no_default_ports.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-318-rds_database_cluster_engine_no_default_ports
+    resource: aws.rds-cluster
+    description: |
+      RDS database clusters are using a database engine default ports
+    filters:
+      - or:
+          - type: value
+            key: Port
+            op: eq
+            value: 3306
+          - type: value
+            key: Port
+            op: eq
+            value: 5432
\ No newline at end of file
diff --git a/policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml b/policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml
new file mode 100644
index 000000000..7ce9800f8
--- /dev/null
+++ b/policies/ecc-aws-319-rds_instances_storage_is_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-319-rds_instances_storage_is_encrypted
+    description: |
+      RDS instances storage not encrypted
+    resource: rds
+    filters:
+      - type: value
+        key: StorageEncrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml b/policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml
new file mode 100644
index 000000000..60998b152
--- /dev/null
+++ b/policies/ecc-aws-320-rds_snapshots_storage_is_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-320-rds_snapshots_storage_is_encrypted
+    description: |
+      RDS snapshot storage not encrypted
+    resource: rds-snapshot
+    filters:
+      - type: value
+        key: Encrypted
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml b/policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml
new file mode 100644
index 000000000..d70ebd7dc
--- /dev/null
+++ b/policies/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured
+    description: |
+      API Gateway REST API stages are not configured to use SSL certificates for backend authentication
+    resource: rest-stage
+    filters:
+      - type: value
+        key: clientCertificateId
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml b/policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml
new file mode 100644
index 000000000..1123e0383
--- /dev/null
+++ b/policies/ecc-aws-323-rest_api_aws_x_ray_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-323-rest_api_aws_x_ray_enabled
+    description: |
+      API Gateway REST API stages do not have AWS X-Ray tracing enabled
+    resource: rest-stage
+    filters:
+      - type: value
+        key: tracingEnabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-324-cloudfront_default_root_object_configured.yml b/policies/ecc-aws-324-cloudfront_default_root_object_configured.yml
new file mode 100644
index 000000000..9ebb9ed22
--- /dev/null
+++ b/policies/ecc-aws-324-cloudfront_default_root_object_configured.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-324-cloudfront_default_root_object_configured
+    description: |
+      CloudFront distributions do not have a default root object configured
+    resource: distribution
+    filters:
+      - type: distribution-config
+        key: DefaultRootObject
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-326-cloudfront_origin_failover_configured.yml b/policies/ecc-aws-326-cloudfront_origin_failover_configured.yml
new file mode 100644
index 000000000..ce0185ad2
--- /dev/null
+++ b/policies/ecc-aws-326-cloudfront_origin_failover_configured.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-326-cloudfront_origin_failover_configured
+    description: |
+      CloudFront distributions origin failover is not configured
+    resource: distribution
+    filters:
+      - type: distribution-config
+        key: OriginGroups.Quantity
+        op: eq
+        value: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-327-dms_replication_not_public.yml b/policies/ecc-aws-327-dms_replication_not_public.yml
new file mode 100644
index 000000000..c5d622933
--- /dev/null
+++ b/policies/ecc-aws-327-dms_replication_not_public.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-327-dms_replication_not_public
+    description: |
+      AWS Database Migration Service replication instances are public
+    resource: dms-instance
+    filters:
+      - type: value
+        key: PubliclyAccessible
+        value: true
\ No newline at end of file
diff --git a/policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml b/policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml
new file mode 100644
index 000000000..0f0156db0
--- /dev/null
+++ b/policies/ecc-aws-329-dynamodb_tables_pitr_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-329-dynamodb_tables_pitr_enabled
+    description: |
+      DynamoDB tables do not have point-in-time recovery enabled
+    resource: dynamodb-table
+    filters:
+      - type: continuous-backup
+        key: PointInTimeRecoveryDescription.PointInTimeRecoveryStatus
+        op: ne
+        value: ENABLED
\ No newline at end of file
diff --git a/policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml b/policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml
new file mode 100644
index 000000000..4413d5c4b
--- /dev/null
+++ b/policies/ecc-aws-330-dynamodb_dax_encryption_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-330-dynamodb_dax_encryption_enabled
+    resource: dax
+    description: |
+      DynamoDB Accelerator clusters are not encrypted at rest
+    filters:
+      - type: value
+        key: SSEDescription.Status
+        value: DISABLED
\ No newline at end of file
diff --git a/policies/ecc-aws-331-ec2_stopped_instance.yml b/policies/ecc-aws-331-ec2_stopped_instance.yml
new file mode 100644
index 000000000..bc4dc766e
--- /dev/null
+++ b/policies/ecc-aws-331-ec2_stopped_instance.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-331-ec2_stopped_instance
+    description: |
+      Stopped EC2 instances are not removed after a specified time period
+    resource: aws.ec2
+    filters:
+      - and:
+          - type: state-age
+            op: ge
+            days: 30
+          - type: value
+            key: State.Name
+            value: stopped
\ No newline at end of file
diff --git a/policies/ecc-aws-332-ec2_instance_no_public_ip.yml b/policies/ecc-aws-332-ec2_instance_no_public_ip.yml
new file mode 100644
index 000000000..30eea544a
--- /dev/null
+++ b/policies/ecc-aws-332-ec2_instance_no_public_ip.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-332-ec2_instance_no_public_ip
+    resource: aws.ec2
+    description: |
+      EC2 instances have public IP address
+    filters:
+      - type: value
+        key: NetworkInterfaces[].Association.PublicIp
+        value: not-null
\ No newline at end of file
diff --git a/policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml b/policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml
new file mode 100644
index 000000000..f27d118b9
--- /dev/null
+++ b/policies/ecc-aws-333-ec2_service_use_vpc_endpoints.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-333-ec2_service_use_vpc_endpoints
+    description: |
+      EC2 is not configured to use VPC endpoints that are created for the EC2 service
+    resource: vpc
+    filters:
+      - not:
+          - type: vpc-endpoint
+            key: ServiceName
+            op: regex
+            value: 'com\.amazonaws\.[\-a-z1-5]*\.ec2'
\ No newline at end of file
diff --git a/policies/ecc-aws-334-vpc_unused_network_acl.yml b/policies/ecc-aws-334-vpc_unused_network_acl.yml
new file mode 100644
index 000000000..fd5f371f2
--- /dev/null
+++ b/policies/ecc-aws-334-vpc_unused_network_acl.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-334-vpc_unused_network_acl
+    resource: aws.network-acl
+    description: |
+      Unused network access control lists are not removed
+    filters:
+      - not:
+          - type: value
+            key: Associations
+            value: not-null
\ No newline at end of file
diff --git a/policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml b/policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml
new file mode 100644
index 000000000..97f035dfa
--- /dev/null
+++ b/policies/ecc-aws-335-ec2_instance_should_not_use_multiple_eni.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-335-ec2_instance_should_not_use_multiple_eni
+    description: |
+      EC2 instances are using multiple ENIs
+    resource: ec2
+    filters:
+      - type: value
+        key: NetworkInterfaces[1].Status
+        value: "in-use"
\ No newline at end of file
diff --git a/policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml b/policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
new file mode 100644
index 000000000..4c79cdf44
--- /dev/null
+++ b/policies/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions.yml
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions
+    description: |
+      Amazon ECS task definitions do not have secure networking modes and user definitions
+    resource: ecs-task-definition
+    filters:
+      - and:
+          - type: value
+            key: networkMode
+            value: host
+          - or:
+              - type: value
+                key: containerDefinitions[].privileged
+                value: empty
+              - type: value
+                key: containerDefinitions[].privileged
+                value_type: swap
+                op: in
+                value: false
+          - or:
+              - type: value
+                key: containerDefinitions[].user
+                value: empty
+              - type: value
+                key: containerDefinitions[].user
+                value_type: swap
+                op: in
+                value: root
diff --git a/policies/ecc-aws-337-efs_in_backup_plan.yml b/policies/ecc-aws-337-efs_in_backup_plan.yml
new file mode 100644
index 000000000..efab2f9f8
--- /dev/null
+++ b/policies/ecc-aws-337-efs_in_backup_plan.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-337-efs_in_backup_plan
+    description: |
+      Amazon EFS volumes are not in backup plans
+    resource: efs
+    filters:
+      - "tag:aws:elasticfilesystem:default-backup": absent
\ No newline at end of file
diff --git a/policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml b/policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml
new file mode 100644
index 000000000..2ed2a582c
--- /dev/null
+++ b/policies/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled
+    description: |
+      Elastic Beanstalk environments do not have enhanced health reporting enabled
+    resource: aws.elasticbeanstalk-environment
+    filters:
+      - type: value
+        key: HealthStatus
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-339-alb_drop_invalid_http_header.yml b/policies/ecc-aws-339-alb_drop_invalid_http_header.yml
new file mode 100644
index 000000000..6106fea93
--- /dev/null
+++ b/policies/ecc-aws-339-alb_drop_invalid_http_header.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-339-alb_drop_invalid_http_header
+    description: |
+      Application load balancers are not configured to drop invalid HTTP headers
+    resource: aws.app-elb
+    filters:
+      - type: attributes
+        key: routing.http.drop_invalid_header_fields.enabled
+        value: false
+        op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-341-elb_deletion_protection_enabled.yml b/policies/ecc-aws-341-elb_deletion_protection_enabled.yml
new file mode 100644
index 000000000..f0ef69d49
--- /dev/null
+++ b/policies/ecc-aws-341-elb_deletion_protection_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-341-elb_deletion_protection_enabled
+    description: |
+      Application, Network or Gateway Load Balancer deletion protection is not enabled
+    resource: aws.app-elb
+    filters:
+      - type: attributes
+        key: deletion_protection.enabled
+        value: false
+        op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml b/policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml
new file mode 100644
index 000000000..59d73d3ba
--- /dev/null
+++ b/policies/ecc-aws-342-alb_http_to_https_redirection_enabled.yml
@@ -0,0 +1,24 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-342-alb_http_to_https_redirection_enabled
+    description: |
+      Application Load Balancer is not configured to redirect all HTTP requests to HTTPS
+    resource: app-elb
+    filters:
+      - type: value
+        key: Type
+        value: "application"
+        op: in
+      - type: listener
+        key: Protocol
+        value: HTTP
+      - not:
+          - type: listener
+            key: DefaultActions[?Type==`redirect`].RedirectConfig.Protocol
+            value: [HTTPS]
\ No newline at end of file
diff --git a/policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml b/policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml
new file mode 100644
index 000000000..129bd6f5a
--- /dev/null
+++ b/policies/ecc-aws-343-emr_master_nodes_no_public_ip.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-343-emr_master_nodes_no_public_ip
+    description: |
+      Amazon EMR cluster master nodes have public IP addresses
+    resource: emr
+    filters:
+      - and:
+          - type: value
+            key: Status.State
+            op: in
+            value: [RUNNING, WAITING]
+          - type: value
+            key: MasterPublicDnsName
+            op: regex
+            value: '^([0-9]{1,3}\.){3}[0-9]{1,3}$'
\ No newline at end of file
diff --git a/policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml b/policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml
new file mode 100644
index 000000000..0009a67e9
--- /dev/null
+++ b/policies/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-344-elasticsearch_node_to_node_encryption_enabled
+    resource: aws.elasticsearch
+    description: |
+      Elasticsearch domains data sent between nodes is not encrypted
+    filters:
+      - type: value
+        key: NodeToNodeEncryptionOptions.Enabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml b/policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml
new file mode 100644
index 000000000..8cc805a1c
--- /dev/null
+++ b/policies/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled
+    description: |
+      Elasticsearch domain error logging to CloudWatch Logs is not enabled
+    resource: aws.elasticsearch
+    filters:
+      - or:
+          - type: value
+            key: LogPublishingOptions.ES_APPLICATION_LOGS.Enabled
+            value: false
+          - type: value
+            key: LogPublishingOptions.ES_APPLICATION_LOGS
+            value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml b/policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml
new file mode 100644
index 000000000..934ecbbcd
--- /dev/null
+++ b/policies/ecc-aws-346-rds_instance_enhanced_monitoring_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-346-rds_instance_enhanced_monitoring_enabled
+    resource: aws.rds
+    description: |
+      Enhanced monitoring is not configured for RDS DB instances
+    filters:
+      - type: value
+        key: EnhancedMonitoringResourceArn
+        value: null
\ No newline at end of file
diff --git a/policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml b/policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml
new file mode 100644
index 000000000..958bbbc7f
--- /dev/null
+++ b/policies/ecc-aws-347-rds_cluster_deletion_protection_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-347-rds_cluster_deletion_protection_enabled
+    description: |
+      RDS clusters deletion protection is not enabled
+    resource: aws.rds-cluster
+    filters:
+      - type: value
+        key: DeletionProtection
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml b/policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml
new file mode 100644
index 000000000..908d4bc04
--- /dev/null
+++ b/policies/ecc-aws-348-rds_instance_deletion_protection_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-348-rds_instance_deletion_protection_enabled
+    description: |
+      RDS DB instances deletion protection is not enabled
+    resource: rds
+    filters:
+      - type: value
+        key: DeletionProtection
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-349-rds_oracle_logging_enabled.yml b/policies/ecc-aws-349-rds_oracle_logging_enabled.yml
new file mode 100644
index 000000000..6dce5d9c4
--- /dev/null
+++ b/policies/ecc-aws-349-rds_oracle_logging_enabled.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-349-rds_oracle_logging_enabled
+    resource: aws.rds
+    description: |
+      Oracle database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle'
+          - or:
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: alert
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: trace
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: listener
\ No newline at end of file
diff --git a/policies/ecc-aws-350-rds_postgresql_logging_enabled.yml b/policies/ecc-aws-350-rds_postgresql_logging_enabled.yml
new file mode 100644
index 000000000..b97fcfcee
--- /dev/null
+++ b/policies/ecc-aws-350-rds_postgresql_logging_enabled.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-350-rds_postgresql_logging_enabled
+    resource: aws.rds
+    description: |
+      PostgreSQL database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - or:
+              - type: db-parameter
+                key: log_min_duration_statement
+                value: absent
+              - type: db-parameter
+                key: log_min_duration_statement
+                op: eq
+                value: '-1'
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: postgresql
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: upgrade
+                  - type: db-parameter
+                    key: log_statement
+                    op: eq
+                    value: 'all'
\ No newline at end of file
diff --git a/policies/ecc-aws-351-rds_mysql_logging_enabled.yml b/policies/ecc-aws-351-rds_mysql_logging_enabled.yml
new file mode 100644
index 000000000..3a5514446
--- /dev/null
+++ b/policies/ecc-aws-351-rds_mysql_logging_enabled.yml
@@ -0,0 +1,51 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-351-rds_mysql_logging_enabled
+    resource: aws.rds
+    description: |
+      MySQL database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: mysql
+          - or:
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-parameter
+                    key: general_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: slow_query_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_output
+                    op: eq
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-353-rds_sql_server_logging_enabled.yml b/policies/ecc-aws-353-rds_sql_server_logging_enabled.yml
new file mode 100644
index 000000000..b14394eb4
--- /dev/null
+++ b/policies/ecc-aws-353-rds_sql_server_logging_enabled.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-353-rds_sql_server_logging_enabled
+    resource: aws.rds
+    description: |
+      SQL Server database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'sqlserver'
+          - or:
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: agent
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
\ No newline at end of file
diff --git a/policies/ecc-aws-354-rds_aurora_logging_enabled.yml b/policies/ecc-aws-354-rds_aurora_logging_enabled.yml
new file mode 100644
index 000000000..0bdfdc90c
--- /dev/null
+++ b/policies/ecc-aws-354-rds_aurora_logging_enabled.yml
@@ -0,0 +1,51 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-354-rds_aurora_logging_enabled
+    resource: rds
+    description: |
+      Aurora database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora
+          - or:
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-parameter
+                    key: general_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: slow_query_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_output
+                    op: eq
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml b/policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml
new file mode 100644
index 000000000..6e60684b9
--- /dev/null
+++ b/policies/ecc-aws-355-rds_aurora_mysql_logging_enabled.yml
@@ -0,0 +1,51 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-355-rds_aurora_mysql_logging_enabled
+    resource: rds
+    description: |
+      Aurora-MySQL database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-mysql
+          - or:
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-parameter
+                    key: general_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: slow_query_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_output
+                    op: eq
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml b/policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml
new file mode 100644
index 000000000..8fdeaf95c
--- /dev/null
+++ b/policies/ecc-aws-356-rds_aurora_postgresql_logging_enabled.yml
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-356-rds_aurora_postgresql_logging_enabled
+    resource: rds
+    description: |
+      Aurora-PostgreSQL database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-postgresql
+          - or:
+              - type: db-parameter
+                key: log_min_duration_statement
+                value: absent
+              - type: db-parameter
+                key: log_min_duration_statement
+                op: eq
+                value: '-1'
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: postgresql
+                  - type: db-parameter
+                    key: log_statement
+                    op: eq
+                    value: all
\ No newline at end of file
diff --git a/policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml b/policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml
new file mode 100644
index 000000000..48853de70
--- /dev/null
+++ b/policies/ecc-aws-357-rds_instance_iam_authentication_configured.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-357-rds_instance_iam_authentication_configured
+    resource: aws.rds
+    description: |
+      IAM authentication is not configured for RDS instances
+    filters:
+      - type: value
+        key: IAMDatabaseAuthenticationEnabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml b/policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml
new file mode 100644
index 000000000..7a4435f56
--- /dev/null
+++ b/policies/ecc-aws-358-rds_cluster_iam_authentication_configured.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-358-rds_cluster_iam_authentication_configured
+    description: |
+      IAM authentication is not configured for RDS clusters
+    resource: rds-cluster
+    filters:
+      - type: value
+        key: IAMDatabaseAuthenticationEnabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml b/policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml
new file mode 100644
index 000000000..a9082903e
--- /dev/null
+++ b/policies/ecc-aws-359-rds_aurora_mysql_backtracking_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-359-rds_aurora_mysql_backtracking_enabled
+    description: |
+      Amazon Aurora clusters backtracking is disabled
+    resource: aws.rds-cluster
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-mysql
+          - type: value
+            key: BacktrackWindow
+            value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml b/policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml
new file mode 100644
index 000000000..557859fb8
--- /dev/null
+++ b/policies/ecc-aws-360-rds_cluster_multi_az_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-360-rds_cluster_multi_az_enabled
+    description: |
+      DS DB clusters are not configured for multiple Availability Zones
+    resource: aws.rds-cluster
+    filters:
+      - type: value
+        key: MultiAZ
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml b/policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml
new file mode 100644
index 000000000..5e78e32d3
--- /dev/null
+++ b/policies/ecc-aws-361-redshift_cluster_encrypted_in_transit.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-361-redshift_cluster_encrypted_in_transit
+    description: |
+      Connections to Redshift clusters are not encrypted in transit
+    resource: redshift
+    filters:
+      - type: param
+        key: require_ssl
+        value: false
+        op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml b/policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml
new file mode 100644
index 000000000..585229d97
--- /dev/null
+++ b/policies/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-362-redshift_cluster_automatic_snapshot_enabled
+    description: |
+      Amazon Redshift clusters automatic snapshots are disabled
+    resource: redshift
+    filters:
+      - type: value
+        key: AutomatedSnapshotRetentionPeriod
+        value: 7
+        op: lt
diff --git a/policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml b/policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
new file mode 100644
index 000000000..dfdc06ded
--- /dev/null
+++ b/policies/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled
+    description: |
+      Amazon Redshift automatic upgrades to major versions are disabled 
+    resource: redshift
+    filters:
+      - type: value
+        key: AllowVersionUpgrade
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml b/policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml
new file mode 100644
index 000000000..689df5d17
--- /dev/null
+++ b/policies/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled
+    description: |
+      Amazon Redshift clusters are not using enhanced VPC routing
+    resource: redshift
+    filters:
+      - type: value
+        key: EnhancedVpcRouting
+        value: false
diff --git a/policies/ecc-aws-368-sns_kms_encryption_enabled.yml b/policies/ecc-aws-368-sns_kms_encryption_enabled.yml
new file mode 100644
index 000000000..de5bf42a7
--- /dev/null
+++ b/policies/ecc-aws-368-sns_kms_encryption_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-368-sns_kms_encryption_enabled
+    description: |
+      SNS topics are not encrypted at rest using AWS KMS
+    resource: sns
+    filters:
+      - type: value
+        key: KmsMasterKeyId
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml b/policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml
new file mode 100644
index 000000000..0bdfeaa02
--- /dev/null
+++ b/policies/ecc-aws-370-ec2_instance_managed_by_systems_manager.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-370-ec2_instance_managed_by_systems_manager
+    description: |
+      EC2 instances are not managed by AWS Systems Manager
+    resource: aws.ec2
+    filters:
+      - and:
+          - type: value
+            key: State.Name
+            op: in
+            value: [running, stopped]
+          - type: ssm
+            key: InstanceId
+            value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml b/policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml
new file mode 100644
index 000000000..e561a16c1
--- /dev/null
+++ b/policies/ecc-aws-371-ec2_managed_instance_association_compliance_status_check.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-371-ec2_managed_instance_association_compliance_status_check
+    description: |
+      Instances managed by Systems Manager do not have association compliance status of COMPLIANT
+    resource: aws.ec2
+    filters:
+      - and:
+          - type: value
+            key: State.Name
+            op: in
+            value: [running, stopped]
+          - type: ssm-compliance
+            compliance_types:
+              - Association
+            states:
+              - NON_COMPLIANT
\ No newline at end of file
diff --git a/policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml b/policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml
new file mode 100644
index 000000000..1d0a2befc
--- /dev/null
+++ b/policies/ecc-aws-372-ec2_instance_imdsv2_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-372-ec2_instance_imdsv2_enabled
+    description: |
+      EC2 instances do not use IMDSv2
+    resource: aws.ec2
+    filters:
+      - type: value
+        key: MetadataOptions.HttpTokens
+        value: optional
\ No newline at end of file
diff --git a/policies/ecc-aws-373-eks_control_plane_logging_enabled.yml b/policies/ecc-aws-373-eks_control_plane_logging_enabled.yml
new file mode 100644
index 000000000..94900594b
--- /dev/null
+++ b/policies/ecc-aws-373-eks_control_plane_logging_enabled.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-373-eks_control_plane_logging_enabled
+    description: |
+      EKS control plane logging is disabled
+    resource: aws.eks
+    filters:
+      - not:
+          - and:
+              - type: value
+                key: logging.clusterLogging[].types[]
+                value_type: swap
+                value: [api, audit, authenticator, controllerManager, scheduler]
+
+              - type: value
+                key: logging.clusterLogging[].enabled
+                op: in
+                value_type: swap
+                value: true
diff --git a/policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml b/policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml
new file mode 100644
index 000000000..adc81e768
--- /dev/null
+++ b/policies/ecc-aws-374-eks_clusters_security_group_traffic_restricted.yml
@@ -0,0 +1,55 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-374-eks_clusters_security_group_traffic_restricted
+    description: |
+      Amazon EKS clusters security group traffic is not restricted
+    resource: aws.eks
+    filters:
+      - not:
+          - and:
+              - type: security-group
+                key: IpPermissions[].FromPort
+                value_type: swap
+                op: in
+                value: 443
+              - type: security-group
+                key: IpPermissions[].ToPort
+                value_type: swap
+                op: in
+                value: 443
+              - type: security-group
+                key: IpPermissions[].FromPort
+                value_type: swap
+                op: in
+                value: 10250
+              - type: security-group
+                key: IpPermissions[].ToPort
+                value_type: swap
+                op: in
+                value: 10250
+              - type: security-group
+                key: IpPermissionsEgress[].FromPort
+                value_type: swap
+                op: in
+                value: 443
+              - type: security-group
+                key: IpPermissionsEgress[].ToPort
+                value_type: swap
+                op: in
+                value: 443
+              - type: security-group
+                key: IpPermissionsEgress[].FromPort
+                value_type: swap
+                op: in
+                value: 10250
+              - type: security-group
+                key: IpPermissionsEgress[].ToPort
+                value_type: swap
+                op: in
+                value: 10250
diff --git a/policies/ecc-aws-375-eks_secrets_encrypted.yml b/policies/ecc-aws-375-eks_secrets_encrypted.yml
new file mode 100644
index 000000000..96685a124
--- /dev/null
+++ b/policies/ecc-aws-375-eks_secrets_encrypted.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-375-eks_secrets_encrypted
+    description: |
+      Kubernetes Secrets are not encrypted using KMS CMK
+    resource: aws.eks
+    filters:
+      - not:
+          - type: value
+            key: encryptionConfig[].provider
+            value: present
diff --git a/policies/ecc-aws-376-ecr_immutable_image_tags.yml b/policies/ecc-aws-376-ecr_immutable_image_tags.yml
new file mode 100644
index 000000000..69047396e
--- /dev/null
+++ b/policies/ecc-aws-376-ecr_immutable_image_tags.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-376-ecr_immutable_image_tags
+    description: |
+      Amazon ECR is not configured with immutable tags
+    resource: ecr
+    filters:
+      - type: value
+        key: imageTagMutability
+        value: MUTABLE
diff --git a/policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml b/policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml
new file mode 100644
index 000000000..d49d7c79a
--- /dev/null
+++ b/policies/ecc-aws-377-ecr_repository_kms_encryption_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-377-ecr_repository_kms_encryption_enabled
+    description: |
+      Amazon ECR repository does not have encryption with KMS enabled
+    resource: ecr
+    filters:
+      - not:
+          - type: value
+            key: encryptionConfiguration.encryptionType
+            value: KMS
diff --git a/policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml b/policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml
new file mode 100644
index 000000000..3029b25ce
--- /dev/null
+++ b/policies/ecc-aws-378-ecr_image_scanning_on_push_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-378-ecr_image_scanning_on_push_enabled
+    description: |
+      Amazon ECR image scanning on push is disabled
+    resource: ecr
+    filters:
+      - type: value
+        key: imageScanningConfiguration.scanOnPush
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml b/policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml
new file mode 100644
index 000000000..957ba3c15
--- /dev/null
+++ b/policies/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60.yml
@@ -0,0 +1,27 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60
+    resource: aws.rds
+    description: |
+      Maximum log file lifetime is not set correctly for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - or:
+              - not:
+                  - type: db-parameter
+                    key: logging_collector
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_rotation_age
+                    op: eq
+                    value: 60
\ No newline at end of file
diff --git a/policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml b/policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml
new file mode 100644
index 000000000..300009891
--- /dev/null
+++ b/policies/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly
+    resource: aws.rds
+    description: |
+      Maximum log file size is not set correctly for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_rotation_size
+                op: eq
+                value: 1000000
diff --git a/policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml b/policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml
new file mode 100644
index 000000000..8849107e6
--- /dev/null
+++ b/policies/ecc-aws-381-postgresql_debug_print_parse_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-381-postgresql_debug_print_parse_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'debug_print_parse' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: debug_print_parse
+            value: 1
diff --git a/policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml b/policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml
new file mode 100644
index 000000000..67a85ee3d
--- /dev/null
+++ b/policies/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'debug_print_rewritten' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: debug_print_rewritten
+            value: 1
diff --git a/policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml b/policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml
new file mode 100644
index 000000000..de99c8c8a
--- /dev/null
+++ b/policies/ecc-aws-383-postgresql_debug_print_plan_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-383-postgresql_debug_print_plan_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'debug_print_plan' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: debug_print_plan
+            value: 1
diff --git a/policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml b/policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml
new file mode 100644
index 000000000..a10a7851d
--- /dev/null
+++ b/policies/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-384-postgresql_debug_pretty_print_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'debug_pretty_print' flag is disabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: debug_pretty_print
+                value: 1
diff --git a/policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml b/policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml
new file mode 100644
index 000000000..d73e70fd4
--- /dev/null
+++ b/policies/ecc-aws-385-postgresql_log_connections_flag_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-385-postgresql_log_connections_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'log_connections' flag is disabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_connections
+                value: 1
diff --git a/policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml b/policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml
new file mode 100644
index 000000000..d638a518f
--- /dev/null
+++ b/policies/ecc-aws-386-postgresql_log_disconnections_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-386-postgresql_log_disconnections_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'log_disconnections' flag is disabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_disconnections
+                op: eq
+                value: 1
diff --git a/policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml b/policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml
new file mode 100644
index 000000000..7fea46eae
--- /dev/null
+++ b/policies/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly
+    resource: aws.rds
+    description: |
+      The 'log_error_verbosity' flag is not set correctly for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_error_verbosity
+                value: default
diff --git a/policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml b/policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml
new file mode 100644
index 000000000..36b7fbaae
--- /dev/null
+++ b/policies/ecc-aws-388-postgresql_log_hostname_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-388-postgresql_log_hostname_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'log_hostname' flag is not disabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: log_hostname
+            value: 1
diff --git a/policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml b/policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml
new file mode 100644
index 000000000..f6931c980
--- /dev/null
+++ b/policies/ecc-aws-389-postgresql_log_statement_flag_set_correctly.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-389-postgresql_log_statement_flag_set_correctly
+    resource: aws.rds
+    description: |
+      The 'log_statement' flag is not set correctly for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_statement
+                value: all
diff --git a/policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml b/policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml
new file mode 100644
index 000000000..90b2121df
--- /dev/null
+++ b/policies/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog
+    resource: aws.rds
+    description: |
+      The 'log_destination' flag is not set to csvlog for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: log_destination
+            value: "stderr"
\ No newline at end of file
diff --git a/policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml b/policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml
new file mode 100644
index 000000000..9e65e5a0b
--- /dev/null
+++ b/policies/ecc-aws-391-postgresql_log_checkpoints_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-391-postgresql_log_checkpoints_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'log_checkpoints' flag is not enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_checkpoints
+                op: eq
+                value: 1
diff --git a/policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml b/policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml
new file mode 100644
index 000000000..be10d0d3f
--- /dev/null
+++ b/policies/ecc-aws-392-postgresql_log_lock_waits_flag_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-392-postgresql_log_lock_waits_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'log_lock_waits' flag is not enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_lock_waits
+                value: 1
diff --git a/policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml b/policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml
new file mode 100644
index 000000000..21656a9ea
--- /dev/null
+++ b/policies/ecc-aws-393-postgresql_log_duration_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-393-postgresql_log_duration_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'log_duration' flag is not enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_duration
+                op: eq
+                value: 1
diff --git a/policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml b/policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml
new file mode 100644
index 000000000..6ebe44bb4
--- /dev/null
+++ b/policies/ecc-aws-394-transit_gateway_default_route_table_association_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-394-transit_gateway_default_route_table_association_disabled
+    description: |
+      Transit gateway default route table association is enabled
+    resource: aws.transit-gateway
+    filters:
+      - and:
+          - type: value
+            key: Options.DefaultRouteTableAssociation
+            value: enable
+          - type: value
+            key: State
+            value: available
diff --git a/policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml b/policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml
new file mode 100644
index 000000000..ff7cca4dd
--- /dev/null
+++ b/policies/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-395-transit_gateway_default_route_table_propagation_disabled
+    description: |
+      Transit gateway default route table propagation is enabled
+    resource: aws.transit-gateway
+    filters:
+      - and:
+          - type: value
+            key: Options.DefaultRouteTablePropagation
+            value: enable
+          - type: value
+            key: State
+            value: available
diff --git a/policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml b/policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml
new file mode 100644
index 000000000..262673fba
--- /dev/null
+++ b/policies/ecc-aws-396-rest_api_gateway_is_protected_by_waf.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-396-rest_api_gateway_is_protected_by_waf
+    description: |
+      Api gateway is not protected by WAF
+    resource: rest-stage
+    filters:
+      - type: value
+        key: webAclArn
+        value: absent
diff --git a/policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml b/policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml
new file mode 100644
index 000000000..ada8f4520
--- /dev/null
+++ b/policies/ecc-aws-397-rest_api_gateway_contend_encoding_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-397-rest_api_gateway_contend_encoding_enabled
+    description: |
+      Content encoding is not enabled for API Gateway
+    resource: rest-api
+    filters:
+      - type: value
+        key: minimumCompressionSize
+        value: absent
diff --git a/policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml b/policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml
new file mode 100644
index 000000000..95443d1c9
--- /dev/null
+++ b/policies/ecc-aws-398-rest_api_gateway_cache_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-398-rest_api_gateway_cache_enabled
+    description: |
+      Cache is not enabled for api gateway
+    resource: rest-stage
+    filters:
+      - or:
+          - type: value
+            key: cacheClusterEnabled
+            value: false
+      - not:
+          - type: value
+            key: cacheClusterStatus
+            value: AVAILABLE
diff --git a/policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml b/policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml
new file mode 100644
index 000000000..8f1772444
--- /dev/null
+++ b/policies/ecc-aws-400-glue_data_catalog_encrypted_at_rest.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-400-glue_data_catalog_encrypted_at_rest
+    description: |
+      Data catalog encryption is not enabled for AWS Glue
+    resource: aws.glue-catalog
+    filters:
+      - type: glue-security-config
+        CatalogEncryptionMode: DISABLED
diff --git a/policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml b/policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
new file mode 100644
index 000000000..3141e3566
--- /dev/null
+++ b/policies/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys
+    description: |
+      Data catalog for AWS Glue is not encrypted with KMS CMK
+    resource: aws.glue-catalog
+    filters:
+      - type: glue-security-config
+        SseAwsKmsKeyId: alias/aws/glue
diff --git a/policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml b/policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml
new file mode 100644
index 000000000..f994f5302
--- /dev/null
+++ b/policies/ecc-aws-402-glue_job_bookmarks_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-402-glue_job_bookmarks_encrypted
+    description: |
+      Job bookmarks encryption is not enabled for AWS Glue
+    resource: aws.glue-security-configuration
+    filters:
+      - type: value
+        key: EncryptionConfiguration.JobBookmarksEncryption.JobBookmarksEncryptionMode
+        value: DISABLED
diff --git a/policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml b/policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml
new file mode 100644
index 000000000..e8bd785e5
--- /dev/null
+++ b/policies/ecc-aws-403-glue_cloudwatch_logs_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-403-glue_cloudwatch_logs_encrypted
+    description: |
+      CloudWatch logs are not encrypted for AWS Glue
+    resource: aws.glue-security-configuration
+    filters:
+      - type: value
+        key: EncryptionConfiguration.CloudWatchEncryption.CloudWatchEncryptionMode
+        value: DISABLED
diff --git a/policies/ecc-aws-404-glue_s3_encryption_enabled.yml b/policies/ecc-aws-404-glue_s3_encryption_enabled.yml
new file mode 100644
index 000000000..de1b853cf
--- /dev/null
+++ b/policies/ecc-aws-404-glue_s3_encryption_enabled.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-404-glue_s3_encryption_enabled
+    description: |
+      S3 is not encrypted for AWS Glue
+    resource: aws.glue-security-configuration
+    filters:
+      - type: value
+        key: EncryptionConfiguration.S3Encryption[].S3EncryptionMode
+        op: in
+        value_type: swap
+        value: DISABLED
diff --git a/policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml b/policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml
new file mode 100644
index 000000000..8609055ca
--- /dev/null
+++ b/policies/ecc-aws-405-emr_kerberos_authentication_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-405-emr_kerberos_authentication_enabled
+    description: |
+      Kerberos authentication is not enabled for EMR clusters
+    resource: emr
+    filters:
+      - and:
+          - type: value
+            key: Status.State
+            op: in
+            value: [RUNNING, WAITING]
+          - type: value
+            key: KerberosAttributes.Realm
+            value: absent
diff --git a/policies/ecc-aws-407-emr_clusters_in_vpc.yml b/policies/ecc-aws-407-emr_clusters_in_vpc.yml
new file mode 100644
index 000000000..550da8682
--- /dev/null
+++ b/policies/ecc-aws-407-emr_clusters_in_vpc.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-407-emr_clusters_in_vpc
+    description: |
+      EMR clusters are not in VPC
+    resource: emr
+    filters:
+      - and:
+          - type: value
+            key: Status.State
+            op: in
+            value: [RUNNING, WAITING]
+          - type: value
+            key: Ec2InstanceAttributes.Ec2SubnetId
+            value: empty
diff --git a/policies/ecc-aws-408-emr_logging_to_s3_enabled.yml b/policies/ecc-aws-408-emr_logging_to_s3_enabled.yml
new file mode 100644
index 000000000..38a1d11a2
--- /dev/null
+++ b/policies/ecc-aws-408-emr_logging_to_s3_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-408-emr_logging_to_s3_enabled
+    description: |
+      Logging is not enabled for EMR clusters
+    resource: emr
+    filters:
+      - and:
+          - type: value
+            key: Status.State
+            op: in
+            value: [RUNNING, WAITING]
+          - type: value
+            key: LogUri
+            value: absent
diff --git a/policies/ecc-aws-409-vpc_unused_internet_gateway.yml b/policies/ecc-aws-409-vpc_unused_internet_gateway.yml
new file mode 100644
index 000000000..44e039d5b
--- /dev/null
+++ b/policies/ecc-aws-409-vpc_unused_internet_gateway.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-409-vpc_unused_internet_gateway
+    description: |
+      Unused Internet Gateways are not removed
+    resource: internet-gateway
+    filters:
+      - type: value
+        key: Attachments
+        value: empty
diff --git a/policies/ecc-aws-411-unused_virtual_private_gateways.yml b/policies/ecc-aws-411-unused_virtual_private_gateways.yml
new file mode 100644
index 000000000..a687d2589
--- /dev/null
+++ b/policies/ecc-aws-411-unused_virtual_private_gateways.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-411-unused_virtual_private_gateways
+    description: |
+      Unused Virtual Private Gateways is not removed
+    resource: vpn-gateway
+    filters:
+      - type: value
+        key: State
+        value: "available"
+      - type: value
+        key: VpcAttachments
+        value: empty
diff --git a/policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml b/policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml
new file mode 100644
index 000000000..d0aae5be7
--- /dev/null
+++ b/policies/ecc-aws-413-elasticache_previous_generation_instances_not_used.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-413-elasticache_previous_generation_instances_not_used
+    description: |
+      Elasticache is not using last generation nodes
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: CacheNodeType
+        op: regex
+        value: 'cache.(m1|m2|m3|r3|t1|c1).[^\s]+'
diff --git a/policies/ecc-aws-414-elasticache_automatic_backups.yml b/policies/ecc-aws-414-elasticache_automatic_backups.yml
new file mode 100644
index 000000000..b4437f4c6
--- /dev/null
+++ b/policies/ecc-aws-414-elasticache_automatic_backups.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-414-elasticache_automatic_backups
+    description: |
+      ElastiCache Redis cluster automatic backups are not enabled or a retention period is not set to at least 7 days
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: SnapshotRetentionLimit
+        value: 7
+        op: lt
diff --git a/policies/ecc-aws-415-elasticache_encrypted_in_transit.yml b/policies/ecc-aws-415-elasticache_encrypted_in_transit.yml
new file mode 100644
index 000000000..a3f4ac7a4
--- /dev/null
+++ b/policies/ecc-aws-415-elasticache_encrypted_in_transit.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-415-elasticache_encrypted_in_transit
+    description: |
+      ElastiCache is not encrypted in transit
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: TransitEncryptionEnabled
+        value: false
diff --git a/policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml b/policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml
new file mode 100644
index 000000000..fb3a8d714
--- /dev/null
+++ b/policies/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-416-elasticache_encrypted_at_rest_using_cmk
+    description: |
+      Elasticache Redis replication group is not encrypted at-rest with KMS CMK
+    resource: elasticache-group
+    filters:
+      - type: value
+        key: KmsKeyId
+        value: absent
diff --git a/policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml b/policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml
new file mode 100644
index 000000000..ae6212378
--- /dev/null
+++ b/policies/ecc-aws-418-elasticache_redis_multi_az_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-418-elasticache_redis_multi_az_enabled
+    description: |
+      Elasticache Redis Multi-AZ is not enabled
+    resource: elasticache-group
+    filters:
+      - type: value
+        key: MultiAZ
+        value: disabled
diff --git a/policies/ecc-aws-419-elasticache_redis_auth_enabled.yml b/policies/ecc-aws-419-elasticache_redis_auth_enabled.yml
new file mode 100644
index 000000000..67f6b5989
--- /dev/null
+++ b/policies/ecc-aws-419-elasticache_redis_auth_enabled.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-419-elasticache_redis_auth_enabled
+    description: |
+      Elasticache redis Auth is not enabled
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: AuthTokenEnabled
+        value: false
+      - type: value
+        key: Engine
+        value: "redis"
diff --git a/policies/ecc-aws-420-elasticache_latest_version.yml b/policies/ecc-aws-420-elasticache_latest_version.yml
new file mode 100644
index 000000000..04fe78ce3
--- /dev/null
+++ b/policies/ecc-aws-420-elasticache_latest_version.yml
@@ -0,0 +1,30 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-420-elasticache_latest_version
+    description: |
+      Elasticache is not using the latest version
+    resource: cache-cluster
+    filters:
+      - not:
+          - or:
+              - and:
+                  - type: value
+                    key: Engine
+                    value: memcached
+                  - type: value
+                    key: EngineVersion
+                    value: "1.6.17"
+              - and:
+                  - type: value
+                    key: Engine
+                    value: redis
+                  - type: value
+                    key: EngineVersion
+                    op: regex
+                    value: '7.0.*'
diff --git a/policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml b/policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml
new file mode 100644
index 000000000..a05487736
--- /dev/null
+++ b/policies/ecc-aws-425-elasticsearch_slow_logs_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-425-elasticsearch_slow_logs_enabled
+    description: |
+      Elasticsearch slow logs is disabled
+    resource: aws.elasticsearch
+    filters:
+      - not:
+          - and:
+              - type: value
+                key: LogPublishingOptions.INDEX_SLOW_LOGS.Enabled
+                value: true
+              - type: value
+                key: LogPublishingOptions.SEARCH_SLOW_LOGS.Enabled
+                value: true
diff --git a/policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml b/policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml
new file mode 100644
index 000000000..b4289363b
--- /dev/null
+++ b/policies/ecc-aws-427-elasticache_auth_token_rotated_every_90_days.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-427-elasticache_auth_token_rotated_every_90_days
+    description: |
+      Elasticache AUTH token is not rotated every 90 days
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: AuthTokenLastModifiedDate
+        op: gt
+        value_type: age
+        value: 90
diff --git a/policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml b/policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..a25b5479f
--- /dev/null
+++ b/policies/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-429-elasticsearch_encrypted_with_kms_cmk
+    description: |
+      ElasticSearch is not encrypted with KMS CMK
+    resource: elasticsearch
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-430-autoscaling_group_cooldown_period.yml b/policies/ecc-aws-430-autoscaling_group_cooldown_period.yml
new file mode 100644
index 000000000..79550b3fb
--- /dev/null
+++ b/policies/ecc-aws-430-autoscaling_group_cooldown_period.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-430-autoscaling_group_cooldown_period
+    resource: aws.asg
+    description: |
+      Auto Scaling Groups are not utilizing cooldown period
+    filters:
+      - type: value
+        key: DefaultCooldown
+        op: eq
+        value: 0
diff --git a/policies/ecc-aws-431-elasticsearch_enforces_https.yml b/policies/ecc-aws-431-elasticsearch_enforces_https.yml
new file mode 100644
index 000000000..4eda47b06
--- /dev/null
+++ b/policies/ecc-aws-431-elasticsearch_enforces_https.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-431-elasticsearch_enforces_https
+    description: |
+      Elasticsearch does not enforce HTTPS
+    resource: elasticsearch
+    filters:
+      - type: value
+        key: DomainEndpointOptions.EnforceHTTPS
+        value: false
diff --git a/policies/ecc-aws-432-elasticsearch_latest_version.yml b/policies/ecc-aws-432-elasticsearch_latest_version.yml
new file mode 100644
index 000000000..960d72dc1
--- /dev/null
+++ b/policies/ecc-aws-432-elasticsearch_latest_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-432-elasticsearch_latest_version
+    description: |
+      ElasticSearch is not using the latest OpenSearch version
+    resource: elasticsearch
+    filters:
+      - not:
+          - type: value
+            key: ElasticsearchVersion
+            value: 'OpenSearch_2.3'
diff --git a/policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml b/policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml
new file mode 100644
index 000000000..65fcd48a6
--- /dev/null
+++ b/policies/ecc-aws-433-autoscaling_group_has_associated_elb.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-433-autoscaling_group_has_associated_elb
+    resource: aws.asg
+    description: |
+      Auto Scaling Groups does not have an associated Elastic Load Balancers or Target Groups
+    filters:
+      - and:
+          - type: value
+            key: LoadBalancerNames
+            value: empty
+          - type: value
+            key: TargetGroupARNs
+            value: empty
diff --git a/policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml b/policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..caadb3b7c
--- /dev/null
+++ b/policies/ecc-aws-434-xray-encrypted_with_kms_cmk.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-434-xray-encrypted_with_kms_cmk
+    resource: aws.account
+    description: |
+      AWS X-Ray is not encrypted using KMS CMK 
+    filters:
+      - or:
+          - type: xray-encrypt-key
+            key: default
+          - and:
+              - type: xray-encrypt-key
+                key: kms
+              - type: xray-encrypt-key
+                key: alias/aws/xray
diff --git a/policies/ecc-aws-435-workspaces_unused_instances.yml b/policies/ecc-aws-435-workspaces_unused_instances.yml
new file mode 100644
index 000000000..443877a25
--- /dev/null
+++ b/policies/ecc-aws-435-workspaces_unused_instances.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-435-workspaces_unused_instances
+    description: |
+      Unused Workspaces instances are not removed
+    resource: aws.workspaces
+    filters:
+      - type: connection-status
+        value_type: age
+        key: LastKnownUserConnectionTimestamp
+        op: ge
+        value: 30
diff --git a/policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml b/policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml
new file mode 100644
index 000000000..28d038948
--- /dev/null
+++ b/policies/ecc-aws-436-autoscaling_group_utilize_multi_az.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-436-autoscaling_group_utilize_multi_az
+    resource: aws.asg
+    description: |
+      Auto Scaling Groups do not utilize multiple Availability Zones
+    filters:
+      - type: value
+        key: AvailabilityZones
+        value_type: size
+        value: 1
diff --git a/policies/ecc-aws-437-workspaces_instances_are_healthy.yml b/policies/ecc-aws-437-workspaces_instances_are_healthy.yml
new file mode 100644
index 000000000..e218d31e7
--- /dev/null
+++ b/policies/ecc-aws-437-workspaces_instances_are_healthy.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-437-workspaces_instances_are_healthy
+    description: |
+      Workspaces instances are unhealthy
+    resource: aws.workspaces
+    filters:
+      - type: value
+        key: State
+        value: UNHEALTHY
diff --git a/policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml b/policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml
new file mode 100644
index 000000000..a0664da75
--- /dev/null
+++ b/policies/ecc-aws-438-autoscaling_group_has_valid_configuration.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-438-autoscaling_group_has_valid_configuration
+    resource: asg
+    description: |
+      Auto Scaling Group has invalid configuration
+    filters:
+      - invalid
diff --git a/policies/ecc-aws-439-workspaces_storage_encrypted.yml b/policies/ecc-aws-439-workspaces_storage_encrypted.yml
new file mode 100644
index 000000000..c77894133
--- /dev/null
+++ b/policies/ecc-aws-439-workspaces_storage_encrypted.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-439-workspaces_storage_encrypted
+    resource: aws.workspaces
+    description: |
+      Workspaces storage is not encrypted
+    filters:
+      - or:
+          - not:
+              - type: value
+                key: RootVolumeEncryptionEnabled
+                value: true
+              - type: value
+                key: UserVolumeEncryptionEnabled
+                value: true
diff --git a/policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml b/policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml
new file mode 100644
index 000000000..026232a02
--- /dev/null
+++ b/policies/ecc-aws-440-backup_service_compliant_lifecycle_enabled.yml
@@ -0,0 +1,26 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-440-backup_service_compliant_lifecycle_enabled
+    resource: aws.backup-plan
+    description: |
+      Amazon Backup plan has a non-compliant lifecycle configuration
+    filters:
+      - or:
+          - not:
+              - type: value
+                key: Rules[].Lifecycle.MoveToColdStorageAfterDays
+                op: in
+                value_type: swap
+                value: 90
+          - not:
+              - type: value
+                key: Rules[].Lifecycle.DeleteAfterDays
+                op: in
+                value_type: swap
+                value: 180
diff --git a/policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml b/policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml
new file mode 100644
index 000000000..9cb5dc8bd
--- /dev/null
+++ b/policies/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-442-backups_encrypted_with_kms_customer_master_keys
+    description: |
+      Backup vaults are not encrypted at rest using KMS CMK
+    resource: aws.backup-vault
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml b/policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml
new file mode 100644
index 000000000..3c0475c0d
--- /dev/null
+++ b/policies/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin
+    description: |
+      Cloudfront origin uses not latest SSL certificate
+    resource: aws.distribution
+    filters:
+      - and:
+          - type: value
+            key: Origins.Items[].CustomOriginConfig.OriginProtocolPolicy
+            value_type: swap
+            value: https-only
+            op: in
+          - not:
+              - type: value
+                key: Origins.Items[].CustomOriginConfig.OriginSslProtocols.Items[]
+                value_type: swap
+                value: TLSv1.2
+                op: in
diff --git a/policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml b/policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml
new file mode 100644
index 000000000..4cf0c9fb7
--- /dev/null
+++ b/policies/ecc-aws-445-rds_mysql_instances_latest_major_version.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-445-rds_mysql_instances_latest_major_version
+    description: |
+      RDS MySQL instances are not using latest major version
+    resource: rds
+    filters:
+      - type: value
+        key: Engine
+        value: mysql
+      - not:
+          - type: value
+            key: EngineVersion
+            op: regex
+            value: '8.0.*'
diff --git a/policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml b/policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..e3c79fd77
--- /dev/null
+++ b/policies/ecc-aws-447-sqs_encrypted_with_kms_cmk.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-447-sqs_encrypted_with_kms_cmk
+    description: |
+      Ensure SQS is not encrypted with KMS CMK
+    resource: sqs
+    filters:
+      - or:
+          - KmsMasterKeyId: absent
+          - type: kms-key
+            key: KeyManager
+            value: "AWS"
diff --git a/policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml b/policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml
new file mode 100644
index 000000000..b5f5e920c
--- /dev/null
+++ b/policies/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-448-cloudfront_distribution_fieldlevel_encryption
+    description: |
+      CloudFront distributions do not enforce field-level encryption
+    resource: aws.distribution
+    filters:
+      - type: value
+        key: DefaultCacheBehavior.FieldLevelEncryptionId
+        value: empty
diff --git a/policies/ecc-aws-449-sqs_not_open_to_everyone.yml b/policies/ecc-aws-449-sqs_not_open_to_everyone.yml
new file mode 100644
index 000000000..038d55654
--- /dev/null
+++ b/policies/ecc-aws-449-sqs_not_open_to_everyone.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-449-sqs_not_open_to_everyone
+    description: |
+      SQS queue is open to everyone
+    resource: sqs
+    filters:
+      - or:
+          - type: value
+            key: Policy
+            op: regex
+            value: ".*\\\"Principal\\\":{\\\"AWS\\\":\\\"[*]\\\"}.*"
+          - type: value
+            key: Policy
+            op: regex
+            value: ".*\\\"Principal\\\":\\\"[*]\\\".*"
diff --git a/policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml b/policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml
new file mode 100644
index 000000000..fbf226fee
--- /dev/null
+++ b/policies/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled
+    resource: aws.rds
+    description: |
+      The 'log_parser_stats' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: log_parser_stats
+            value: 1
diff --git a/policies/ecc-aws-452-cloudtrail_logs_management_events.yml b/policies/ecc-aws-452-cloudtrail_logs_management_events.yml
new file mode 100644
index 000000000..8c3952c85
--- /dev/null
+++ b/policies/ecc-aws-452-cloudtrail_logs_management_events.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-452-cloudtrail_logs_management_events
+    resource: aws.cloudtrail
+    description: |
+      Management events are not included into CloudTrail trails configuration
+    filters:
+      - type: event-selectors
+        key: EventSelectors[].IncludeManagementEvents
+        op: contains
+        value: false
diff --git a/policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml b/policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml
new file mode 100644
index 000000000..cb63b707d
--- /dev/null
+++ b/policies/ecc-aws-453-event_bus_is_exposed_to_everyone.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-453-event_bus_is_exposed_to_everyone
+    resource: aws.event-bus
+    description: |
+      AWS CloudWatch event bus is exposed to everyone
+    filters:
+      - type: cross-account
+        everyone_only: true
diff --git a/policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml b/policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml
new file mode 100644
index 000000000..625653a5f
--- /dev/null
+++ b/policies/ecc-aws-454-postgresql_log_planner_stats_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-454-postgresql_log_planner_stats_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'log_planner_stats' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: log_planner_stats
+            value: 1
diff --git a/policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml b/policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml
new file mode 100644
index 000000000..cfee6b127
--- /dev/null
+++ b/policies/ecc-aws-455-postgresql_log_executor_stats_flag_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-455-postgresql_log_executor_stats_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'log_executor_stats' flag is enabled for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - type: db-parameter
+            key: log_executor_stats
+            value: 1
diff --git a/policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml b/policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml
new file mode 100644
index 000000000..10cc48d2a
--- /dev/null
+++ b/policies/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly
+    resource: aws.rds
+    description: |
+      The 'log_min_error_statement' flag is not set correctly for PostgreSQL
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: postgres
+          - not:
+              - type: db-parameter
+                key: log_min_error_statement
+                value: error
diff --git a/policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml b/policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
new file mode 100644
index 000000000..c38f05ea6
--- /dev/null
+++ b/policies/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals
+    resource: aws.glacier
+    description: |
+      Glacier Vault policy allows actions from all principals
+    filters:
+      - type: cross-account
+        everyone_only: true
diff --git a/policies/ecc-aws-459-config_delivery_failed.yml b/policies/ecc-aws-459-config_delivery_failed.yml
new file mode 100644
index 000000000..85376a697
--- /dev/null
+++ b/policies/ecc-aws-459-config_delivery_failed.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-459-config_delivery_failed
+    description: |
+      Amazon Config recorder is failing
+    resource: aws.config-recorder
+    filters:
+      - type: value
+        key: status.recording
+        value: true
+      - type: value
+        key: status.lastStatus
+        value: FAILURE
diff --git a/policies/ecc-aws-461-dms_latest_version.yml b/policies/ecc-aws-461-dms_latest_version.yml
new file mode 100644
index 000000000..44f14ae49
--- /dev/null
+++ b/policies/ecc-aws-461-dms_latest_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-461-dms_latest_version
+    description: |
+      DMS replication instances are not using latest version
+    resource: dms-instance
+    filters:
+      - not:
+          - type: value
+            key: EngineVersion
+            value: '3.4.7'
diff --git a/policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml b/policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..f3c9ce830
--- /dev/null
+++ b/policies/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk
+    description: |
+      Ensure Sagemaker instances are not encrypted with KMS CMK
+    resource: sagemaker-notebook
+    filters:
+      - type: value
+        key: KmsKeyId
+        value: absent
diff --git a/policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml b/policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml
new file mode 100644
index 000000000..307a0848e
--- /dev/null
+++ b/policies/ecc-aws-469-dms_auto_minor_version_upgrade.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-469-dms_auto_minor_version_upgrade
+    description: |
+      Amazon DMS replication instances Auto Minor Version Upgrade feature disabled
+    resource: dms-instance
+    filters:
+      - type: value
+        key: AutoMinorVersionUpgrade
+        value: false
diff --git a/policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml b/policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..98e2c4412
--- /dev/null
+++ b/policies/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk
+    description: |
+      Amazon DMS replication instances not encrypted with KMS CMK
+    resource: dms-instance
+    filters:
+      - type: kms-key
+        key: KeyManager
+        value: AWS
diff --git a/policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml b/policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml
new file mode 100644
index 000000000..8c427b4d7
--- /dev/null
+++ b/policies/ecc-aws-471-oracle_audit_sys_operations_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-471-oracle_audit_sys_operations_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'audit_sys_operations' flag for Oracle is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: audit_sys_operations
+                value: true
diff --git a/policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml b/policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml
new file mode 100644
index 000000000..47ee81741
--- /dev/null
+++ b/policies/ecc-aws-472-oracle_audit_trail_flag_set_correctly.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-472-oracle_audit_trail_flag_set_correctly
+    resource: aws.rds
+    description: |
+      The 'audit_trail' flag is not set correctly for Oracle
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: audit_trail
+                value: XML
diff --git a/policies/ecc-aws-473-oracle_global_names_flag_enabled.yml b/policies/ecc-aws-473-oracle_global_names_flag_enabled.yml
new file mode 100644
index 000000000..405084167
--- /dev/null
+++ b/policies/ecc-aws-473-oracle_global_names_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-473-oracle_global_names_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'global_names' flag for Oracle is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: global_names
+                value: true
diff --git a/policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml b/policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml
new file mode 100644
index 000000000..a66533b12
--- /dev/null
+++ b/policies/ecc-aws-474-oracle_remote_listener_flag_empty.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-474-oracle_remote_listener_flag_empty
+    resource: aws.rds
+    description: |
+      The 'remote_listener' flag for Oracle is not empty
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: remote_listener
+                value: empty
diff --git a/policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml b/policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
new file mode 100644
index 000000000..f6674f95c
--- /dev/null
+++ b/policies/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less
+    resource: aws.rds
+    description: |
+      The 'sec_max_failed_login_attempts' flag for Oracle is not set to 3 or less
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - type: db-parameter
+            key: sec_max_failed_login_attempts
+            value: 3
+            op: gt
diff --git a/policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml b/policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
new file mode 100644
index 000000000..fc3c41063
--- /dev/null
+++ b/policies/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3
+    resource: aws.rds
+    description: |
+      The 'sec_protocol_error_further_action' flag for Oracle is not set to '(DROP,3)'
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: sec_protocol_error_further_action
+                value: '(DROP,3)'
\ No newline at end of file
diff --git a/policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml b/policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
new file mode 100644
index 000000000..f4449f632
--- /dev/null
+++ b/policies/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log
+    resource: aws.rds
+    description: |
+      The 'sec_protocol_error_trace_action' flag for Oracle is not set to 'LOG'
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: sec_protocol_error_trace_action
+                value: LOG
diff --git a/policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml b/policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml
new file mode 100644
index 000000000..dbf7a359e
--- /dev/null
+++ b/policies/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled
+    resource: aws.rds
+    description: |
+      The 'sec_return_server_release_banner' flag for Oracle is enabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: sec_return_server_release_banner
+                value: false
diff --git a/policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml b/policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml
new file mode 100644
index 000000000..141fdd688
--- /dev/null
+++ b/policies/ecc-aws-479-oracle_sql92_security_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-479-oracle_sql92_security_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'sql92_security' flag for Oracle is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: sql92_security
+                value: true
diff --git a/policies/ecc-aws-480-oracle_trace_files_public.yml b/policies/ecc-aws-480-oracle_trace_files_public.yml
new file mode 100644
index 000000000..5e2024bf8
--- /dev/null
+++ b/policies/ecc-aws-480-oracle_trace_files_public.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-480-oracle_trace_files_public
+    resource: aws.rds
+    description: |
+      The '_trace_files_public' flag for Oracle is enabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: _trace_files_public
+                value: false
diff --git a/policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml b/policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml
new file mode 100644
index 000000000..51cd5966b
--- /dev/null
+++ b/policies/ecc-aws-481-oracle_resource_limit_flag_enabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-481-oracle_resource_limit_flag_enabled
+    resource: aws.rds
+    description: |
+      The 'resource_limit' flag for Oracle is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            op: regex
+            value: 'oracle*?'
+          - not:
+              - type: db-parameter
+                key: resource_limit
+                value: true
diff --git a/policies/ecc-aws-482-dms_multi_az_enabled.yml b/policies/ecc-aws-482-dms_multi_az_enabled.yml
new file mode 100644
index 000000000..fae8b682e
--- /dev/null
+++ b/policies/ecc-aws-482-dms_multi_az_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-482-dms_multi_az_enabled
+    description: |
+      Amazon DMS replication instances do not have the Multi-AZ feature enabled
+    resource: dms-instance
+    filters:
+      - type: value
+        key: MultiAZ
+        value: false
diff --git a/policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml b/policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..828caf09e
--- /dev/null
+++ b/policies/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-487-ebs_volume_encrypted_with_kms_cmk
+    resource: aws.ebs
+    description: |
+      EBS volume not encrypted with KMS CMK
+    filters:
+      - or:
+          - type: value
+            key: Encrypted
+            value: false
+          - type: kms-alias
+            key: "AliasName"
+            value: alias/aws/ebs
diff --git a/policies/ecc-aws-488-ebs_snapshot_encrypted.yml b/policies/ecc-aws-488-ebs_snapshot_encrypted.yml
new file mode 100644
index 000000000..6ee94bc93
--- /dev/null
+++ b/policies/ecc-aws-488-ebs_snapshot_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-488-ebs_snapshot_encrypted
+    resource: aws.ebs-snapshot
+    description: |
+      EBS snapshot encryption is disabled
+    filters:
+      - type: value
+        key: Encrypted
+        value: false
diff --git a/policies/ecc-aws-489-unused_ebs_volumes.yml b/policies/ecc-aws-489-unused_ebs_volumes.yml
new file mode 100644
index 000000000..83a7e1a51
--- /dev/null
+++ b/policies/ecc-aws-489-unused_ebs_volumes.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-489-unused_ebs_volumes
+    resource: aws.ebs
+    description: |
+      Unused EBS volumes exist
+    filters:
+      - type: value
+        key: Attachments
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-490-unused_ec2_access_keys.yml b/policies/ecc-aws-490-unused_ec2_access_keys.yml
new file mode 100644
index 000000000..4f27cd533
--- /dev/null
+++ b/policies/ecc-aws-490-unused_ec2_access_keys.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-490-unused_ec2_access_keys
+    resource: aws.key-pair
+    description: |
+      Unused key pairs exist
+    filters:
+      - type: unused
\ No newline at end of file
diff --git a/policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml b/policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml
new file mode 100644
index 000000000..c2274574e
--- /dev/null
+++ b/policies/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables
+    resource: aws.rds
+    description: |
+      The 'sql_mode' flag for MySQL not contains 'strict_all_tables'
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: mysql
+          - not:
+              - type: db-parameter
+                key: sql_mode
+                op: contains
+                value: STRICT_ALL_TABLES
diff --git a/policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml b/policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml
new file mode 100644
index 000000000..d2189dd40
--- /dev/null
+++ b/policies/ecc-aws-493-workspaces_images_not_older_than_90_days.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-493-workspaces_images_not_older_than_90_days
+    resource: aws.workspaces-image
+    description: |
+      Workspaces images are older than 90 days 
+    filters:
+      - type: value
+        key: Created
+        value_type: age
+        value: 90
+        op: ge
diff --git a/policies/ecc-aws-494-workspaces_web_access_disabled.yml b/policies/ecc-aws-494-workspaces_web_access_disabled.yml
new file mode 100644
index 000000000..b0621952e
--- /dev/null
+++ b/policies/ecc-aws-494-workspaces_web_access_disabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-494-workspaces_web_access_disabled
+    resource: aws.workspaces-directory
+    description: |
+      Workspaces web access is enabled 
+    filters:
+      - type: value
+        key: WorkspaceAccessProperties.DeviceTypeWeb
+        value: ALLOW
diff --git a/policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml b/policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..b98be7492
--- /dev/null
+++ b/policies/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk
+    description: |
+      AWS FSx file system is not encrypted with KMS CMK
+    resource: aws.fsx
+    filters:
+      - type: kms-key
+        key: KeyManager
+        value: AWS
diff --git a/policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml b/policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
new file mode 100644
index 000000000..6605629b3
--- /dev/null
+++ b/policies/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE
+    description: |
+      Kinesis Data Firehose delivery streams are not encrypted using Server-side encryption
+    resource: aws.firehose
+    filters:
+      - type: value
+        key: DeliveryStreamType
+        value: DirectPut
+      - type: value
+        key: DeliveryStreamEncryptionConfiguration.Status
+        value: DISABLED
diff --git a/policies/ecc-aws-497-lambda_active_tracing_enabled.yml b/policies/ecc-aws-497-lambda_active_tracing_enabled.yml
new file mode 100644
index 000000000..0b471e090
--- /dev/null
+++ b/policies/ecc-aws-497-lambda_active_tracing_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-497-lambda_active_tracing_enabled
+    resource: lambda
+    description: |
+      Lambda has active tracing disabled
+    filters:
+      - type: value
+        key: TracingConfig.Mode
+        value: PassThrough
\ No newline at end of file
diff --git a/policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml b/policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml
new file mode 100644
index 000000000..5f9e6b4c7
--- /dev/null
+++ b/policies/ecc-aws-499-sagemaker_endpoint_configuration_encrypted.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-499-sagemaker_endpoint_configuration_encrypted
+    description: |
+      Sagemaker endpoint configurations are not encrypted with KMS CMK
+    resource: sagemaker-endpoint-config
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml b/policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..be9b0c88f
--- /dev/null
+++ b/policies/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-500-lambda_variables_encrypted_with_kms_cmk
+    description: |
+      Lambda environment variables not encrypted with KMS CMK
+    resource: lambda
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
\ No newline at end of file
diff --git a/policies/ecc-aws-501-sagemaker_instance_root_disabled.yml b/policies/ecc-aws-501-sagemaker_instance_root_disabled.yml
new file mode 100644
index 000000000..d0dd83e1b
--- /dev/null
+++ b/policies/ecc-aws-501-sagemaker_instance_root_disabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-501-sagemaker_instance_root_disabled
+    description: |
+      Sagemaker instances root access enabled
+    resource: sagemaker-notebook
+    filters:
+      - type: value
+        key: RootAccess
+        value: Enabled
diff --git a/policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml b/policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml
new file mode 100644
index 000000000..7c8cf588f
--- /dev/null
+++ b/policies/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled
+    resource: aws.message-broker
+    description: |
+      MQ auto minor version upgrade not enabled
+    filters:
+      - type: value
+        key: AutoMinorVersionUpgrade
+        value: false
diff --git a/policies/ecc-aws-503-mq_broker_logging_enabled.yml b/policies/ecc-aws-503-mq_broker_logging_enabled.yml
new file mode 100644
index 000000000..23aa6bb61
--- /dev/null
+++ b/policies/ecc-aws-503-mq_broker_logging_enabled.yml
@@ -0,0 +1,31 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-503-mq_broker_logging_enabled
+    resource: aws.message-broker
+    description: |
+      MQ broker logging not enabled
+    filters:
+      - or:
+          - and:
+              - type: value
+                key: EngineType
+                value: ActiveMQ
+              - type: value
+                key: Logs.Audit
+                value: false
+              - type: value
+                key: Logs.General
+                value: false
+          - and:
+              - type: value
+                key: EngineType
+                value: RabbitMQ
+              - type: value
+                key: Logs.General
+                value: false
diff --git a/policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml b/policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml
new file mode 100644
index 000000000..fb0edd7a9
--- /dev/null
+++ b/policies/ecc-aws-504-sagemaker_network_isolation_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-504-sagemaker_network_isolation_enabled
+    description: |
+      Sagemaker model network isolation disabled 
+    resource: sagemaker-model
+    filters:
+      - type: value
+        key: EnableNetworkIsolation
+        value: false
diff --git a/policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml b/policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml
new file mode 100644
index 000000000..03583e3f5
--- /dev/null
+++ b/policies/ecc-aws-505-route53_domain_automatic_renewal_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-505-route53_domain_automatic_renewal_enabled
+    description: |
+      Route53 has automatic domain renewal disabled
+    resource: aws.r53domain
+    filters:
+      - type: value
+        key: AutoRenew
+        value: false
diff --git a/policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml b/policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml
new file mode 100644
index 000000000..2b56275f9
--- /dev/null
+++ b/policies/ecc-aws-506-mq_broker_not_publicly_accessible.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-506-mq_broker_not_publicly_accessible
+    resource: aws.message-broker
+    description: |
+      MQ is publicly accessible
+    filters:
+      - type: value
+        key: PubliclyAccessible
+        value: true
diff --git a/policies/ecc-aws-507-route53_domain_expires_in_30_days.yml b/policies/ecc-aws-507-route53_domain_expires_in_30_days.yml
new file mode 100644
index 000000000..a447c08ca
--- /dev/null
+++ b/policies/ecc-aws-507-route53_domain_expires_in_30_days.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-507-route53_domain_expires_in_30_days
+    description: |
+      Route53 domain name expire in less 30 days
+    resource: aws.r53domain
+    filters:
+      - type: value
+        key: Expiry
+        value_type: expiration
+        value: 30
+        op: le
+      - type: value
+        key: Expiry
+        value_type: expiration
+        value: 0
+        op: ge
diff --git a/policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml b/policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml
new file mode 100644
index 000000000..34611f7c4
--- /dev/null
+++ b/policies/ecc-aws-508-mq_broker_open_to_all_ports_protocols.yml
@@ -0,0 +1,34 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-508-mq_broker_open_to_all_ports_protocols
+    resource: aws.message-broker
+    description: |
+      Mq broker not restricted only to default ports
+    filters:
+      - not:
+        - type: security-group
+          key: IpPermissions[].FromPort
+          value_type: swap
+          op: in
+          value: 8162
+        - type: security-group
+          key: IpPermissions[].FromPort
+          value_type: swap
+          op: in
+          value: 61617
+        - type: security-group
+          key: IpPermissions[].ToPort
+          value_type: swap
+          op: in
+          value: 8162
+        - type: security-group
+          key: IpPermissions[].ToPort
+          value_type: swap
+          op: in
+          value: 61617
\ No newline at end of file
diff --git a/policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml b/policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml
new file mode 100644
index 000000000..7a7c32286
--- /dev/null
+++ b/policies/ecc-aws-510-route53_hosted_zone_records_health_check_configured.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-510-route53_hosted_zone_records_health_check_configured
+    description: |
+      Route53 hosted zone records is not configured with health check
+    resource: aws.rrset
+    filters:
+      - type: value
+        key: SetIdentifier
+        value: present
+      - type: value
+        key: HealthCheckId
+        value: absent
diff --git a/policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml b/policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..a450c1a5b
--- /dev/null
+++ b/policies/ecc-aws-511-msk_data_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-511-msk_data_encrypted_with_kms_cmk
+    resource: aws.kafka
+    description: |
+      MSK not encrypted with KMS CMK
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml b/policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml
new file mode 100644
index 000000000..7b19d8aa5
--- /dev/null
+++ b/policies/ecc-aws-512-msk_encryption_in_transit_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-512-msk_encryption_in_transit_enabled
+    resource: aws.kafka
+    description: |
+      MSK encryption in transit not set only to 'TLS'.
+    filters:
+      - not:
+          - type: value
+            key: EncryptionInfo.EncryptionInTransit.ClientBroker
+            value: TLS
diff --git a/policies/ecc-aws-513-route53_query_logging_enabled.yml b/policies/ecc-aws-513-route53_query_logging_enabled.yml
new file mode 100644
index 000000000..afde543c0
--- /dev/null
+++ b/policies/ecc-aws-513-route53_query_logging_enabled.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-513-route53_query_logging_enabled
+    resource: aws.hostedzone
+    description: |
+      Route53 query logging not enabled
+    filters:
+      - type: query-logging-enabled
+        state: false
diff --git a/policies/ecc-aws-514-msk_logging_enabled.yml b/policies/ecc-aws-514-msk_logging_enabled.yml
new file mode 100644
index 000000000..55c635c94
--- /dev/null
+++ b/policies/ecc-aws-514-msk_logging_enabled.yml
@@ -0,0 +1,24 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-514-msk_logging_enabled
+    resource: aws.kafka
+    description: |
+      MSK Logging not enabled
+    filters:
+      - not:
+          - or:
+              - type: value
+                key: LoggingInfo.BrokerLogs.Firehose.Enabled
+                value: true
+              - type: value
+                key: LoggingInfo.BrokerLogs.CloudWatchLogs.Enabled
+                value: true
+              - type: value
+                key: LoggingInfo.BrokerLogs.S3.Enabled
+                value: true
diff --git a/policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml b/policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..17d29e0f6
--- /dev/null
+++ b/policies/ecc-aws-515-rds_encrypted_with_kms_cmk.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-515-rds_encrypted_with_kms_cmk
+    description: |
+      RDS instances are not encrypted with KMS CMK
+    resource: rds
+    filters:
+      - or:
+          - type: value
+            key: StorageEncrypted
+            value: false
+          - type: kms-alias
+            key: "AliasName"
+            value: alias/aws/rds
diff --git a/policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml b/policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..0c4736c11
--- /dev/null
+++ b/policies/ecc-aws-516-sns_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-516-sns_encrypted_with_kms_cmk
+    description: |
+      SNS topics are not encrypted at rest using KMS CMK
+    resource: sns
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml b/policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml
new file mode 100644
index 000000000..2e632c272
--- /dev/null
+++ b/policies/ecc-aws-517-redshift_user_activity_logging_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-517-redshift_user_activity_logging_enabled
+    description: |
+      AWS Redshift user activity logging is disabled
+    resource: redshift
+    filters:
+      - and:
+          - type: logging
+            key: LoggingEnabled
+            value: false
+          - type: param
+            key: enable_user_activity_logging
+            value: false
+            op: eq
\ No newline at end of file
diff --git a/policies/ecc-aws-519-redshift_not_using_default_port.yml b/policies/ecc-aws-519-redshift_not_using_default_port.yml
new file mode 100644
index 000000000..1929c2e06
--- /dev/null
+++ b/policies/ecc-aws-519-redshift_not_using_default_port.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-519-redshift_not_using_default_port
+    description: |
+      Amazon Redshift uses default port 5439
+    resource: redshift
+    filters:
+      - type: value
+        key: Endpoint.Port
+        value: 5439
\ No newline at end of file
diff --git a/policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml b/policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..d5e81e6b0
--- /dev/null
+++ b/policies/ecc-aws-520-redshift_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-520-redshift_encrypted_with_kms_cmk
+    description: |
+      AWS Redshift instances are not encrypted with KMS CMK
+    resource: redshift
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
\ No newline at end of file
diff --git a/policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml b/policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml
new file mode 100644
index 000000000..258315e25
--- /dev/null
+++ b/policies/ecc-aws-521-redshift_parameter_group_require_ssl.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-521-redshift_parameter_group_require_ssl
+    description: |
+      AWS Redshift parameter group not require SSL
+    resource: redshift
+    filters:
+      - type: param
+        key: require_ssl
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-522-route53_transfer_lock_enabled.yml b/policies/ecc-aws-522-route53_transfer_lock_enabled.yml
new file mode 100644
index 000000000..a4d913cca
--- /dev/null
+++ b/policies/ecc-aws-522-route53_transfer_lock_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-522-route53_transfer_lock_enabled
+    description: |
+      Route 53 domain Transfer Lock is disabled
+    resource: aws.r53domain
+    filters:
+      - type: value
+        key: TransferLock
+        value: false
diff --git a/policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml b/policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml
new file mode 100644
index 000000000..9066c35d9
--- /dev/null
+++ b/policies/ecc-aws-524-rest_api_gateway_access_logging_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-524-rest_api_gateway_access_logging_enabled
+    description: |
+      API Gateway REST API have access logging disabled
+    resource: rest-stage
+    filters:
+      - type: value
+        key: accessLogSettings
+        value: absent
diff --git a/policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml b/policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml
new file mode 100644
index 000000000..19f5802be
--- /dev/null
+++ b/policies/ecc-aws-525-ecs_exec_logging_encryption_enabled.yml
@@ -0,0 +1,28 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-525-ecs_exec_logging_encryption_enabled
+    description: |
+      ECS Cluster execute command logging encryption is disabled
+    resource: ecs
+    filters:
+      - or:
+          - and:
+              - type: value
+                key: configuration.executeCommandConfiguration.logConfiguration.cloudWatchLogGroupName
+                value: present
+              - type: value
+                key: configuration.executeCommandConfiguration.logConfiguration.cloudWatchEncryptionEnabled
+                value: false
+          - and:
+              - type: value
+                key: configuration.executeCommandConfiguration.logConfiguration.s3BucketName
+                value: present
+              - type: value
+                key: configuration.executeCommandConfiguration.logConfiguration.s3EncryptionEnabled
+                value: false
diff --git a/policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml b/policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml
new file mode 100644
index 000000000..0db5a8873
--- /dev/null
+++ b/policies/ecc-aws-526-rest_api_gateway_logs_set_correctly.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-526-rest_api_gateway_logs_set_correctly
+    description: |
+      API Gateway REST API does not have logging correctly configured
+    resource: rest-stage
+    filters:
+        - type: value
+          key: methodSettings."*/*".loggingLevel
+          value: "OFF"
diff --git a/policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml b/policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..627bc3c00
--- /dev/null
+++ b/policies/ecc-aws-527-mwaa_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-527-mwaa_encrypted_with_kms_cmk
+    description: |
+      Managed Workflows for Apache Airflow data is not encrypted with KMS CMK
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml b/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..a86621f84
--- /dev/null
+++ b/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk
+    description: |
+      AWS Kinesis Video Streams are not encrypted with KMS customer master keys
+    resource: aws.kinesis-video
+    filters:
+      - type: kms-key
+        key: KeyManager
+        value: AWS
\ No newline at end of file
diff --git a/policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml b/policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml
new file mode 100644
index 000000000..675a5b80c
--- /dev/null
+++ b/policies/ecc-aws-531-autoscaling_launch_config_public_ip_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-531-autoscaling_launch_config_public_ip_disabled
+    resource: launch-config
+    description: |
+      Auto Scaling launch configuration public ip association is enabled
+    filters:
+      - or:
+          - type: value
+            key: AssociatePublicIpAddress
+            value: true
+          - type: value
+            key: AssociatePublicIpAddress
+            value: absent
diff --git a/policies/ecc-aws-532-glue_connection_passwords_encrypted.yml b/policies/ecc-aws-532-glue_connection_passwords_encrypted.yml
new file mode 100644
index 000000000..361120121
--- /dev/null
+++ b/policies/ecc-aws-532-glue_connection_passwords_encrypted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-532-glue_connection_passwords_encrypted
+    description: |
+      Glue connection password is not encrypted
+    resource: aws.glue-catalog
+    filters:
+      - type: value
+        key: DataCatalogEncryptionSettings.ConnectionPasswordEncryption.AwsKmsKeyId
+        value: absent
diff --git a/policies/ecc-aws-537-fsx_lustre_logging_enabled.yml b/policies/ecc-aws-537-fsx_lustre_logging_enabled.yml
new file mode 100644
index 000000000..01f59ff0b
--- /dev/null
+++ b/policies/ecc-aws-537-fsx_lustre_logging_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-537-fsx_lustre_logging_enabled
+    description: |
+      FSx Lustre file logging is disabled
+    resource: aws.fsx
+    filters:
+      - or:
+          - type: value
+            key: LustreConfiguration.LogConfiguration.Level
+            op: eq
+            value: DISABLED
+          - type: value
+            key: LustreConfiguration.LogConfiguration
+            value: absent
diff --git a/policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml b/policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml
new file mode 100644
index 000000000..f2a37a02d
--- /dev/null
+++ b/policies/ecc-aws-538-ds_directory_not_open_to_large_scope.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-538-ds_directory_not_open_to_large_scope
+    description: |
+      DS directory is open to a large scope
+    resource: aws.directory
+    filters:
+      - type: security-group
+        key: length(IpPermissions[?(IpRanges[?CidrIp=='0.0.0.0/0'] || Ipv6Ranges[?CidrIpv6=='::/0']) && !UserIdGroupPairs])
+        op: ge
+        value: 1
diff --git a/policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml b/policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml
new file mode 100644
index 000000000..c0a941764
--- /dev/null
+++ b/policies/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days
+    description: |
+      FSx Lustre file system does not have retention period set at least to 7 days
+    resource: aws.fsx
+    filters:
+      - not:
+          - type: value
+            key: LustreConfiguration.AutomaticBackupRetentionDays
+            op: gte
+            value: 7
diff --git a/policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml b/policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml
new file mode 100644
index 000000000..7577760ea
--- /dev/null
+++ b/policies/ecc-aws-542-workspaces_maintenance_mode_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-542-workspaces_maintenance_mode_enabled
+    resource: aws.workspaces-directory
+    description: |
+      Workspaces maintenance mode disabled
+    filters:
+      - type: value
+        key: WorkspaceCreationProperties.EnableMaintenanceMode
+        value: false
diff --git a/policies/ecc-aws-547-cloudtrail_logs_data_events.yml b/policies/ecc-aws-547-cloudtrail_logs_data_events.yml
new file mode 100644
index 000000000..ea7770421
--- /dev/null
+++ b/policies/ecc-aws-547-cloudtrail_logs_data_events.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-547-cloudtrail_logs_data_events
+    resource: aws.cloudtrail
+    description: |
+      Data events are not included into Amazon CloudTrail trails configuration
+    filters:
+      - type: event-selectors
+        key: EventSelectors[].DataResources[]
+        value: empty
diff --git a/policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml b/policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml
new file mode 100644
index 000000000..79a031b89
--- /dev/null
+++ b/policies/ecc-aws-548-workspaces_storage_encrypted_with_cmk.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-548-workspaces_storage_encrypted_with_cmk
+    resource: aws.workspaces
+    description: |
+      Workspaces storage is not encrypted with KMS CMK
+    filters:
+      - or:
+          - type: value
+            key: RootVolumeEncryptionEnabled
+            value: true
+          - type: value
+            key: UserVolumeEncryptionEnabled
+            value: true
+      - type: kms-key
+        key: KeyManager
+        value: AWS
diff --git a/policies/ecc-aws-550-ami_without_tag_information.yml b/policies/ecc-aws-550-ami_without_tag_information.yml
new file mode 100644
index 000000000..12f930af4
--- /dev/null
+++ b/policies/ecc-aws-550-ami_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-550-ami_without_tag_information
+    description: |
+      AMI without tag information
+    resource: aws.ami
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-551-ebs_without_tag_information.yml b/policies/ecc-aws-551-ebs_without_tag_information.yml
new file mode 100644
index 000000000..3aa70d205
--- /dev/null
+++ b/policies/ecc-aws-551-ebs_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-551-ebs_without_tag_information
+    resource: aws.ebs
+    description: |
+      EBS volumes without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml b/policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml
new file mode 100644
index 000000000..cf484380f
--- /dev/null
+++ b/policies/ecc-aws-552-ebs_snapshot_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-552-ebs_snapshot_without_tag_information
+    resource: aws.ebs-snapshot
+    description: |
+      EBS snapshot without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-553-eip_without_tag_information.yml b/policies/ecc-aws-553-eip_without_tag_information.yml
new file mode 100644
index 000000000..d09636cc2
--- /dev/null
+++ b/policies/ecc-aws-553-eip_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-553-eip_without_tag_information
+    description: |
+      EIP without tag information
+    resource: elastic-ip
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-555-eni_without_tag_information.yml b/policies/ecc-aws-555-eni_without_tag_information.yml
new file mode 100644
index 000000000..225bfd443
--- /dev/null
+++ b/policies/ecc-aws-555-eni_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-555-eni_without_tag_information
+    description: |
+      ENI without tag information
+    resource: aws.eni
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
diff --git a/policies/ecc-aws-556-internet_gateway_without_tag_information.yml b/policies/ecc-aws-556-internet_gateway_without_tag_information.yml
new file mode 100644
index 000000000..4340ed8c3
--- /dev/null
+++ b/policies/ecc-aws-556-internet_gateway_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-556-internet_gateway_without_tag_information
+    description: |
+      Amazon Internet Gateway without tag information
+    resource: internet-gateway
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-557-nat_gateway_without_tag_information.yml b/policies/ecc-aws-557-nat_gateway_without_tag_information.yml
new file mode 100644
index 000000000..f7abf56ef
--- /dev/null
+++ b/policies/ecc-aws-557-nat_gateway_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-557-nat_gateway_without_tag_information
+    description: |
+      Amazon Nat Gateway without tag information
+    resource: nat-gateway
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-558-network_acl_without_tag_information.yml b/policies/ecc-aws-558-network_acl_without_tag_information.yml
new file mode 100644
index 000000000..479d2ae7e
--- /dev/null
+++ b/policies/ecc-aws-558-network_acl_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-558-network_acl_without_tag_information
+    resource: aws.network-acl
+    description: |
+      Amazon Network ACLs without tag information
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-559-route_table_without_tag_information.yml b/policies/ecc-aws-559-route_table_without_tag_information.yml
new file mode 100644
index 000000000..52a3fb41a
--- /dev/null
+++ b/policies/ecc-aws-559-route_table_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-559-route_table_without_tag_information
+    description: |
+      Amazon Route table without tag information
+    resource: aws.route-table
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-560-security_group_without_tag_information.yml b/policies/ecc-aws-560-security_group_without_tag_information.yml
new file mode 100644
index 000000000..cb9786779
--- /dev/null
+++ b/policies/ecc-aws-560-security_group_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-560-security_group_without_tag_information
+    description: |
+      Security group without tag information
+    resource: aws.security-group
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-561-subnet_without_tag_information.yml b/policies/ecc-aws-561-subnet_without_tag_information.yml
new file mode 100644
index 000000000..a167c1336
--- /dev/null
+++ b/policies/ecc-aws-561-subnet_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-561-subnet_without_tag_information
+    description: |
+      Amazon Subnet without tag information
+    resource: aws.subnet
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-562-transit_gateway_without_tag_information.yml b/policies/ecc-aws-562-transit_gateway_without_tag_information.yml
new file mode 100644
index 000000000..a410d0363
--- /dev/null
+++ b/policies/ecc-aws-562-transit_gateway_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-562-transit_gateway_without_tag_information
+    description: |
+      Amazon Transit gateway without tag information
+    resource: aws.transit-gateway
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml b/policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml
new file mode 100644
index 000000000..79c625ff2
--- /dev/null
+++ b/policies/ecc-aws-563-transit_gateway_attachment_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-563-transit_gateway_attachment_without_tag_information
+    description: |
+      Amazon Transit gateway attachment without tag information
+    resource: aws.transit-attachment
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-564-peering_connection_without_tag_information.yml b/policies/ecc-aws-564-peering_connection_without_tag_information.yml
new file mode 100644
index 000000000..ad02101cb
--- /dev/null
+++ b/policies/ecc-aws-564-peering_connection_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-564-peering_connection_without_tag_information
+    description: |
+      Amazon peering connection without tag information
+    resource: aws.peering-connection
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-565-vpc_without_tag_information.yml b/policies/ecc-aws-565-vpc_without_tag_information.yml
new file mode 100644
index 000000000..4d86e20ac
--- /dev/null
+++ b/policies/ecc-aws-565-vpc_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-565-vpc_without_tag_information
+    resource: aws.vpc
+    description: |
+      VPC without tag information
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
diff --git a/policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml b/policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml
new file mode 100644
index 000000000..2b49068ba
--- /dev/null
+++ b/policies/ecc-aws-566-vpc_endpoint_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-566-vpc_endpoint_without_tag_information
+    resource: aws.vpc-endpoint
+    description: |
+      VPC endpoint without tag information
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
diff --git a/policies/ecc-aws-567-acm_without_tag_information.yml b/policies/ecc-aws-567-acm_without_tag_information.yml
new file mode 100644
index 000000000..02f45e3b8
--- /dev/null
+++ b/policies/ecc-aws-567-acm_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-567-acm_without_tag_information
+    description: |
+      Amazon ACM without tag information
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-568-app_flow_without_tag_information.yml b/policies/ecc-aws-568-app_flow_without_tag_information.yml
new file mode 100644
index 000000000..13cee80ad
--- /dev/null
+++ b/policies/ecc-aws-568-app_flow_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-568-app_flow_without_tag_information
+    description: |
+      Amazon AppFlow without tag information
+    resource: aws.app-flow
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml b/policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml
new file mode 100644
index 000000000..35e2b1b1b
--- /dev/null
+++ b/policies/ecc-aws-569-auto_scaling_group_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-569-auto_scaling_group_without_tag_information
+    resource: aws.asg
+    description: |
+      Auto Scaling Group without tag information
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml b/policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml
new file mode 100644
index 000000000..ae08dc3b4
--- /dev/null
+++ b/policies/ecc-aws-574-cloudformation_stacks_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-574-cloudformation_stacks_without_tag_information
+    description: |
+      Amazon cloudformation stacks without tag information
+    resource: aws.cfn
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml b/policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml
new file mode 100644
index 000000000..884806f61
--- /dev/null
+++ b/policies/ecc-aws-575-cloudfront_distributions_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-575-cloudfront_distributions_without_tag_information
+    description: |
+      Cloudfront distributions without tag information
+    resource: distribution
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-578-cloudtrail_without_tag_information.yml b/policies/ecc-aws-578-cloudtrail_without_tag_information.yml
new file mode 100644
index 000000000..5c85976bb
--- /dev/null
+++ b/policies/ecc-aws-578-cloudtrail_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-578-cloudtrail_without_tag_information
+    resource: aws.cloudtrail
+    description: |
+      Cloudtrail without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-580-codebuild_without_tag_information.yml b/policies/ecc-aws-580-codebuild_without_tag_information.yml
new file mode 100644
index 000000000..9713a8e2d
--- /dev/null
+++ b/policies/ecc-aws-580-codebuild_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-580-codebuild_without_tag_information
+    description: |
+      Amazon Codebuikd without tag information
+    resource: codebuild
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-582-dax_clusters_without_tag_information.yml b/policies/ecc-aws-582-dax_clusters_without_tag_information.yml
new file mode 100644
index 000000000..f02574be7
--- /dev/null
+++ b/policies/ecc-aws-582-dax_clusters_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-582-dax_clusters_without_tag_information
+    description: |
+      DynamoDB Accelerator clusters without tag information
+    resource: dax
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-583-dlm_without_tag_information.yml b/policies/ecc-aws-583-dlm_without_tag_information.yml
new file mode 100644
index 000000000..f51052175
--- /dev/null
+++ b/policies/ecc-aws-583-dlm_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-583-dlm_without_tag_information
+    description: |
+      AWS DLM lifecycle policy without tag information
+    resource: aws.dlm-policy
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-584-dms_without_tag_information.yml b/policies/ecc-aws-584-dms_without_tag_information.yml
new file mode 100644
index 000000000..769d069e8
--- /dev/null
+++ b/policies/ecc-aws-584-dms_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-584-dms_without_tag_information
+    description: |
+      Amazon DMS instance without tag information
+    resource: aws.dms-instance
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-585-ecs_without_tag_information.yml b/policies/ecc-aws-585-ecs_without_tag_information.yml
new file mode 100644
index 000000000..9ab59a496
--- /dev/null
+++ b/policies/ecc-aws-585-ecs_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-585-ecs_without_tag_information
+    description: |
+      Amazon ECS cluster without tag information
+    resource: ecs
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-586-eks_without_tag_information.yml b/policies/ecc-aws-586-eks_without_tag_information.yml
new file mode 100644
index 000000000..1f5a4cb48
--- /dev/null
+++ b/policies/ecc-aws-586-eks_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-586-eks_without_tag_information
+    description: |
+      Amazon EKS without tag information
+    resource: eks
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-587-efs_without_tag_information.yml b/policies/ecc-aws-587-efs_without_tag_information.yml
new file mode 100644
index 000000000..12370ed5b
--- /dev/null
+++ b/policies/ecc-aws-587-efs_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-587-efs_without_tag_information
+    description: |
+      Amazon EFS without tag information
+    resource: efs
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml b/policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml
new file mode 100644
index 000000000..b36b129d4
--- /dev/null
+++ b/policies/ecc-aws-588-elasticache_clusters_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-588-elasticache_clusters_without_tag_information
+    description: |
+      Elasticache without tag information
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-590-beanstalk_without_tag_information.yml b/policies/ecc-aws-590-beanstalk_without_tag_information.yml
new file mode 100644
index 000000000..5561d6fcc
--- /dev/null
+++ b/policies/ecc-aws-590-beanstalk_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-590-beanstalk_without_tag_information
+    description: |
+      Amazon Beanstalk topic without tag information
+    resource: aws.elasticbeanstalk-environment
+    filters:
+      - type: tag-count
+        op: lt
+        count: 4
\ No newline at end of file
diff --git a/policies/ecc-aws-591-elb_without_tag_information.yml b/policies/ecc-aws-591-elb_without_tag_information.yml
new file mode 100644
index 000000000..277b4beac
--- /dev/null
+++ b/policies/ecc-aws-591-elb_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-591-elb_without_tag_information
+    description: |
+      Amazon ELB without tag information
+    resource: elb
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-592-emr_without_tag_information.yml b/policies/ecc-aws-592-emr_without_tag_information.yml
new file mode 100644
index 000000000..e7aeba910
--- /dev/null
+++ b/policies/ecc-aws-592-emr_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-592-emr_without_tag_information
+    description: |
+      Amazon EMR clusters without tag information
+    resource: emr
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-593-elasticsearch_without_tag_information.yml b/policies/ecc-aws-593-elasticsearch_without_tag_information.yml
new file mode 100644
index 000000000..a68660031
--- /dev/null
+++ b/policies/ecc-aws-593-elasticsearch_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-593-elasticsearch_without_tag_information
+    description: |
+      Amazon ElasticSearch clusters without tag information
+    resource: elasticsearch
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-596-fsx_without_tag_information.yml b/policies/ecc-aws-596-fsx_without_tag_information.yml
new file mode 100644
index 000000000..c3f2a556b
--- /dev/null
+++ b/policies/ecc-aws-596-fsx_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-596-fsx_without_tag_information
+    description: |
+      Amazon FSX without tag information
+    resource: aws.fsx
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-597-fsx_backup_without_tag_information.yml b/policies/ecc-aws-597-fsx_backup_without_tag_information.yml
new file mode 100644
index 000000000..0eab50d7e
--- /dev/null
+++ b/policies/ecc-aws-597-fsx_backup_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-597-fsx_backup_without_tag_information
+    description: |
+      Amazon FSX Lustre backup without tag information
+    resource: aws.fsx-backup
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-599-glacier_without_tag_information.yml b/policies/ecc-aws-599-glacier_without_tag_information.yml
new file mode 100644
index 000000000..7e265a4c9
--- /dev/null
+++ b/policies/ecc-aws-599-glacier_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-599-glacier_without_tag_information
+    description: |
+      Amazon Glacier without tag information
+    resource: aws.glacier
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-600-glue_job_without_tag_information.yml b/policies/ecc-aws-600-glue_job_without_tag_information.yml
new file mode 100644
index 000000000..a38dd6bcb
--- /dev/null
+++ b/policies/ecc-aws-600-glue_job_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-600-glue_job_without_tag_information
+    description: |
+      Amazon Glue Job without tag information
+    resource: glue-job
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-608-iam_user_without_tag_information.yml b/policies/ecc-aws-608-iam_user_without_tag_information.yml
new file mode 100644
index 000000000..97a3f20c6
--- /dev/null
+++ b/policies/ecc-aws-608-iam_user_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-608-iam_user_without_tag_information
+    resource: iam-user
+    description: |
+      IAM User without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-609-iam_role_without_tag_information.yml b/policies/ecc-aws-609-iam_role_without_tag_information.yml
new file mode 100644
index 000000000..bc71d4e8c
--- /dev/null
+++ b/policies/ecc-aws-609-iam_role_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-609-iam_role_without_tag_information
+    resource: iam-role
+    description: |
+      IAM Role without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-611-msk_clusters_without_tag_information.yml b/policies/ecc-aws-611-msk_clusters_without_tag_information.yml
new file mode 100644
index 000000000..128d8a311
--- /dev/null
+++ b/policies/ecc-aws-611-msk_clusters_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-611-msk_clusters_without_tag_information
+    description: |
+      Amazon MSK clusters without tag information
+    resource: kafka
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml b/policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml
new file mode 100644
index 000000000..8e10db208
--- /dev/null
+++ b/policies/ecc-aws-613-kinesis_data_stream_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-613-kinesis_data_stream_without_tag_information
+    description: |
+      Amazon Kinesis data stream without tag information
+    resource: aws.kinesis
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-615-kms_key_without_tag_information.yml b/policies/ecc-aws-615-kms_key_without_tag_information.yml
new file mode 100644
index 000000000..22280a5d1
--- /dev/null
+++ b/policies/ecc-aws-615-kms_key_without_tag_information.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-615-kms_key_without_tag_information
+    description: |
+      Customer manages key without tag information
+    resource: aws.kms-key
+    filters:
+      - type: value
+        key: KeyManager
+        value: CUSTOMER
+      - type: tag-count
+        op: eq
+        count: 0
diff --git a/policies/ecc-aws-616-lambda_functions_without_tag_information.yml b/policies/ecc-aws-616-lambda_functions_without_tag_information.yml
new file mode 100644
index 000000000..e5edd3e5f
--- /dev/null
+++ b/policies/ecc-aws-616-lambda_functions_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-616-lambda_functions_without_tag_information
+    description: |
+      Lambda functions without tag information
+    resource: lambda
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-617-lightsail_instance_without_tag_information.yml b/policies/ecc-aws-617-lightsail_instance_without_tag_information.yml
new file mode 100644
index 000000000..b31a3af18
--- /dev/null
+++ b/policies/ecc-aws-617-lightsail_instance_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-617-lightsail_instance_without_tag_information
+    description: |
+      Amazon Lightsail instance without tag information
+    resource: aws.lightsail-instance
+    filters:
+      - type: value
+        key: tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml b/policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml
new file mode 100644
index 000000000..cd1d09fa9
--- /dev/null
+++ b/policies/ecc-aws-618-cloudwatch_log_groups_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-618-cloudwatch_log_groups_without_tag_information
+    description: |
+      Amazon Log group without tag information
+    resource: log-group
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-619-mq_brokers_without_tag_information.yml b/policies/ecc-aws-619-mq_brokers_without_tag_information.yml
new file mode 100644
index 000000000..b517b7308
--- /dev/null
+++ b/policies/ecc-aws-619-mq_brokers_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-619-mq_brokers_without_tag_information
+    resource: aws.message-broker
+    description: |
+      MQ broker without tag information
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-620-mwaa_without_tag_information.yml b/policies/ecc-aws-620-mwaa_without_tag_information.yml
new file mode 100644
index 000000000..d4d4ce026
--- /dev/null
+++ b/policies/ecc-aws-620-mwaa_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-620-mwaa_without_tag_information
+    description: |
+      Amazon MWAA without tag information
+    resource: aws.airflow
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml b/policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml
new file mode 100644
index 000000000..ffb3090e0
--- /dev/null
+++ b/policies/ecc-aws-624-qldb_ledgers_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-624-qldb_ledgers_without_tag_information
+    description: |
+      Amazon QLDB ledger without tag information
+    resource: qldb
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-625-rds_cluster_without_tag_information.yml b/policies/ecc-aws-625-rds_cluster_without_tag_information.yml
new file mode 100644
index 000000000..00be7c1c1
--- /dev/null
+++ b/policies/ecc-aws-625-rds_cluster_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-625-rds_cluster_without_tag_information
+    description: |
+      RDS cluster without tag information
+    resource: aws.rds-cluster
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-626-rds_snapshot_without_tag_information.yml b/policies/ecc-aws-626-rds_snapshot_without_tag_information.yml
new file mode 100644
index 000000000..a2f52f8ee
--- /dev/null
+++ b/policies/ecc-aws-626-rds_snapshot_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-626-rds_snapshot_without_tag_information
+    description: |
+      Amazon RDS snapshot without tag information
+    resource: rds-snapshot
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-627-redshift_clusters_without_tag_information.yml b/policies/ecc-aws-627-redshift_clusters_without_tag_information.yml
new file mode 100644
index 000000000..bfc1a1d03
--- /dev/null
+++ b/policies/ecc-aws-627-redshift_clusters_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-627-redshift_clusters_without_tag_information
+    description: |
+      Amazon Redshift clusters without tag information
+    resource: redshift
+    filters:
+      - type: value
+        key: Tags
+        value: empty
diff --git a/policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml b/policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml
new file mode 100644
index 000000000..35078bd81
--- /dev/null
+++ b/policies/ecc-aws-630-sagemaker_instances_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-630-sagemaker_instances_without_tag_information
+    description: |
+      Amazon Sagemaker instances without tag information
+    resource: aws.sagemaker-notebook
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-632-sns_without_tag_information.yml b/policies/ecc-aws-632-sns_without_tag_information.yml
new file mode 100644
index 000000000..452274c44
--- /dev/null
+++ b/policies/ecc-aws-632-sns_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-632-sns_without_tag_information
+    description: |
+      Amazon SNS topic without tag information
+    resource: sns
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-633-sqs_without_tag_information.yml b/policies/ecc-aws-633-sqs_without_tag_information.yml
new file mode 100644
index 000000000..8dab468ed
--- /dev/null
+++ b/policies/ecc-aws-633-sqs_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-633-sqs_without_tag_information
+    description: |
+      Amazon SQS without tag information
+    resource: sqs
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-638-mq_broker_active_deployment_mode.yml b/policies/ecc-aws-638-mq_broker_active_deployment_mode.yml
new file mode 100644
index 000000000..fe06bac4a
--- /dev/null
+++ b/policies/ecc-aws-638-mq_broker_active_deployment_mode.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-638-mq_broker_active_deployment_mode
+    resource: aws.message-broker
+    description: |
+      MQ broker active deployment not enabled
+    filters:
+      - not:
+          - or:
+              - type: value
+                key: DeploymentMode
+                value: ACTIVE_STANDBY_MULTI_AZ
+              - type: value
+                key: DeploymentMode
+                value: CLUSTER_MULTI_AZ
diff --git a/policies/ecc-aws-639-mq_broker_latest_version.yml b/policies/ecc-aws-639-mq_broker_latest_version.yml
new file mode 100644
index 000000000..07396f8e2
--- /dev/null
+++ b/policies/ecc-aws-639-mq_broker_latest_version.yml
@@ -0,0 +1,31 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-639-mq_broker_latest_version
+    resource: aws.message-broker
+    description: |
+      MQ broker not using latest major version
+    filters:
+      - not:
+          - or:
+              - and:
+                  - type: value
+                    key: EngineVersion
+                    op: regex
+                    value: 3.10.*
+                  - type: value
+                    key: EngineType
+                    value: RabbitMQ
+              - and:
+                  - type: value
+                    key: EngineVersion
+                    op: regex
+                    value: 5.17.*
+                  - type: value
+                    key: EngineType
+                    value: ActiveMQ
diff --git a/policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml b/policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..acb792e20
--- /dev/null
+++ b/policies/ecc-aws-640-mq_broker_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-640-mq_broker_encrypted_with_kms_cmk
+    resource: aws.message-broker
+    description: |
+      MQ broker not encrypted with KMS CMK
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
diff --git a/policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml b/policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml
new file mode 100644
index 000000000..7e1cc9db4
--- /dev/null
+++ b/policies/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled
+    description: |
+      Kinesis streams shard level monitoring disabled
+    resource: kinesis
+    filters:
+      - type: value
+        key: EnhancedMonitoring[].ShardLevelMetrics[]
+        op: lt
+        value_type: size
+        value: 7
\ No newline at end of file
diff --git a/policies/ecc-aws-643-qldb_permission_mode_is_standard.yml b/policies/ecc-aws-643-qldb_permission_mode_is_standard.yml
new file mode 100644
index 000000000..9b2f2d7b6
--- /dev/null
+++ b/policies/ecc-aws-643-qldb_permission_mode_is_standard.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-643-qldb_permission_mode_is_standard
+    description: |
+      QLDB permission mode is set to 'ALLOW_ALL'
+    resource: qldb
+    filters:
+      - type: value
+        key: PermissionsMode
+        value: ALLOW_ALL
diff --git a/policies/ecc-aws-644-qldb_deletion_protection_enabled.yml b/policies/ecc-aws-644-qldb_deletion_protection_enabled.yml
new file mode 100644
index 000000000..8eb3d72f1
--- /dev/null
+++ b/policies/ecc-aws-644-qldb_deletion_protection_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-644-qldb_deletion_protection_enabled
+    description: |
+      QLDB termination protection not enabled
+    resource: qldb
+    filters:
+      - type: value
+        key: DeletionProtection
+        value: false
diff --git a/policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml b/policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml
new file mode 100644
index 000000000..35eda0b7c
--- /dev/null
+++ b/policies/ecc-aws-652-mwaa_dag_processing_logs_set_correctly.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-652-mwaa_dag_processing_logs_set_correctly
+    description: |
+      Managed Workflows for Apache Airflow dag logs not enabled or set correctly
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: LoggingConfiguration.DagProcessingLogs.Enabled
+            value: true
+          - type: value
+            key: LoggingConfiguration.DagProcessingLogs.LogLevel
+            value: 'DEBUG'
diff --git a/policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml b/policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml
new file mode 100644
index 000000000..7a641fce4
--- /dev/null
+++ b/policies/ecc-aws-653-mwaa_scheduler_logs_set_correctly.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-653-mwaa_scheduler_logs_set_correctly
+    description: |
+      Managed Workflows for Apache Airflow scheduler logs not enabled or set correctly
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: LoggingConfiguration.SchedulerLogs.Enabled
+            value: true
+          - type: value
+            key: LoggingConfiguration.SchedulerLogs.LogLevel
+            value: 'DEBUG'
diff --git a/policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml b/policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml
new file mode 100644
index 000000000..8581502b8
--- /dev/null
+++ b/policies/ecc-aws-654-mwaa_task_logs_set_correctly.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-654-mwaa_task_logs_set_correctly
+    description: |
+      Managed Workflows for Apache Airflow Task logs not enabled or set correctly
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: LoggingConfiguration.TaskLogs.Enabled
+            value: true
+          - type: value
+            key: LoggingConfiguration.TaskLogs.LogLevel
+            value: 'DEBUG'
diff --git a/policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml b/policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml
new file mode 100644
index 000000000..0a100b1ce
--- /dev/null
+++ b/policies/ecc-aws-655-mwaa_webserver_logs_set_correctly.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-655-mwaa_webserver_logs_set_correctly
+    description: |
+      Managed Workflows for Apache Airflow Webserver logs not enabled or set correctly
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: LoggingConfiguration.WebserverLogs.Enabled
+            value: true
+          - type: value
+            key: LoggingConfiguration.WebserverLogs.LogLevel
+            value: 'DEBUG'
diff --git a/policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml b/policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml
new file mode 100644
index 000000000..f69415f11
--- /dev/null
+++ b/policies/ecc-aws-656-mwaa_worker_logs_set_correctly.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-656-mwaa_worker_logs_set_correctly
+    description: |
+      Managed Workflows for Apache Airflow Worker logs not enabled or set correctly
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: LoggingConfiguration.WorkerLogs.Enabled
+            value: true
+          - type: value
+            key: LoggingConfiguration.WorkerLogs.LogLevel
+            value: 'DEBUG'
diff --git a/policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml b/policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml
new file mode 100644
index 000000000..447935467
--- /dev/null
+++ b/policies/ecc-aws-657-redshift_availability_zone_relocation_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-657-redshift_availability_zone_relocation_enabled
+    description: |
+      Amazon Redshift clusters availability zone relocation not enabled
+    resource: redshift
+    filters:
+      - type: value
+        key: AvailabilityZoneRelocationStatus
+        value: disabled
diff --git a/policies/ecc-aws-664-elasticache_redis_logs_enabled.yml b/policies/ecc-aws-664-elasticache_redis_logs_enabled.yml
new file mode 100644
index 000000000..a0861f518
--- /dev/null
+++ b/policies/ecc-aws-664-elasticache_redis_logs_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-664-elasticache_redis_logs_enabled
+    description: |
+      Elasticache Redis logs disabled
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: length(LogDeliveryConfigurations[].[LogType=='slow-log' || LogType=='engine-log'][])
+        op: lt
+        value: 2
+      - type: value
+        key: Engine
+        value: "redis"
diff --git a/policies/ecc-aws-665-elasticache_notifications_enabled.yml b/policies/ecc-aws-665-elasticache_notifications_enabled.yml
new file mode 100644
index 000000000..3ca8b7358
--- /dev/null
+++ b/policies/ecc-aws-665-elasticache_notifications_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-665-elasticache_notifications_enabled
+    description: |
+      Elasticache notification disabled
+    resource: cache-cluster
+    filters:
+      - type: value
+        key: NotificationConfiguration
+        value: absent
diff --git a/policies/ecc-aws-669-emr_termination_protection_enabled.yml b/policies/ecc-aws-669-emr_termination_protection_enabled.yml
new file mode 100644
index 000000000..7afc5b4c0
--- /dev/null
+++ b/policies/ecc-aws-669-emr_termination_protection_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-669-emr_termination_protection_enabled
+    description: |
+      EMR termination protection not enabled
+    resource: emr
+    filters:
+      - type: value
+        key: TerminationProtected
+        value: false
diff --git a/policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml b/policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml
new file mode 100644
index 000000000..13d3a8571
--- /dev/null
+++ b/policies/ecc-aws-672-glue_spark_ui_monitoring_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-672-glue_spark_ui_monitoring_enabled
+    description: |
+      Glue job spark ui disabled
+    resource: aws.glue-job
+    filters:
+      - not:
+        - type: value
+          key: DefaultArguments."--enable-spark-ui"=='true'
+          value: true
diff --git a/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml b/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
new file mode 100644
index 000000000..6c3b359f5
--- /dev/null
+++ b/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-677-lambda_functions_enhanced_monitoring_enabled
+    description: |
+      Enhanced Monitoring for Lambda Functions disabled
+    resource: aws.lambda
+    filters:
+    - not:
+      - type: value
+        key: Layers[].Arn
+        value: 'arn:aws:lambda:.*:[0-9]{12}:layer:LambdaInsightsExtension:[0-9]*'
+        op: regex
diff --git a/policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml b/policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml
new file mode 100644
index 000000000..1ec658628
--- /dev/null
+++ b/policies/ecc-aws-679-lambda_environment_variables_encrypted_in_transit.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-679-lambda_environment_variables_encrypted_in_transit
+    description: |
+      Lambda environment variables are not encrypted in transit
+    resource: aws.lambda
+    filters:
+      - type: value
+        key: Environment
+        value: present
+      - type: value
+        key: length(Environment.Variables.values(@) | [?!contains(@, 'AQICAH')]) > `0`
+        value: true
diff --git a/policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml b/policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml
new file mode 100644
index 000000000..a8dfdc937
--- /dev/null
+++ b/policies/ecc-aws-680-lambda_latest_runtime_environment_version.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-680-lambda_latest_runtime_environment_version
+    description: |
+      Lambda functions not are not using latest runtime environment versions
+    resource: lambda
+    filters:
+      - type: value
+        key: PackageType
+        value: Zip
+      - not:
+        - type: value
+          key: Runtime
+          op: regex
+          value: '(nodejs18.x|python3.9|java11|dotnetcore3.1|dotnet6|go1.x|ruby2.7)'
diff --git a/policies/ecc-aws-681-lambda_concurrency_enabled.yml b/policies/ecc-aws-681-lambda_concurrency_enabled.yml
new file mode 100644
index 000000000..ac042d169
--- /dev/null
+++ b/policies/ecc-aws-681-lambda_concurrency_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-681-lambda_concurrency_enabled
+    resource: lambda
+    description: |
+      Lambda reserved concurrency disabled
+    filters:
+      - type: reserved-concurrency
+        key: c7n:FunctionInfo.Concurrency.ReservedConcurrentExecutions
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-690-ecs_exec_logging_enabled.yml b/policies/ecc-aws-690-ecs_exec_logging_enabled.yml
new file mode 100644
index 000000000..6a4ad2790
--- /dev/null
+++ b/policies/ecc-aws-690-ecs_exec_logging_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-690-ecs_exec_logging_enabled
+    description: |
+      ECS Cluster execute command logging is disabled
+    resource: aws.ecs
+    filters:
+      - and:
+        - type: value
+          key: configuration.executeCommandConfiguration.logConfiguration.cloudWatchLogGroupName
+          value: absent
+        - type: value
+          key: configuration.executeCommandConfiguration.logConfiguration.s3BucketName
+          value: absent
diff --git a/policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml b/policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml
new file mode 100644
index 000000000..7f29af413
--- /dev/null
+++ b/policies/ecc-aws-691-fsx_daily_automatic_backup_enabled.yml
@@ -0,0 +1,62 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-691-fsx_daily_automatic_backup_enabled
+    description: |
+      FSx file systems do not have retention period set
+    resource: aws.fsx
+    filters:
+      - or: 
+        - and:
+          - type: value
+            key: FileSystemType
+            value: LUSTRE
+          - type: value
+            key: LustreConfiguration.DeploymentType
+            op: in
+            value: [PERSISTENT_1, PERSISTENT_2]
+          - or: 
+            - type: value
+              key: LustreConfiguration.AutomaticBackupRetentionDays
+              value: 0
+            - type: value
+              key: LustreConfiguration.AutomaticBackupRetentionDays
+              value: absent
+        - and: 
+            - type: value
+              key: FileSystemType
+              value: OPENZFS
+            - or: 
+              - type: value
+                key: OpenZFSConfiguration.AutomaticBackupRetentionDays
+                value: 0
+              - type: value
+                key: OpenZFSConfiguration.AutomaticBackupRetentionDays
+                value: absent
+        - and: 
+            - type: value
+              key: FileSystemType
+              value: ONTAP
+            - or: 
+              - type: value
+                key: OntapConfiguration.AutomaticBackupRetentionDays
+                value: 0
+              - type: value
+                key: OntapConfiguration.AutomaticBackupRetentionDays
+                value: absent
+        - and: 
+            - type: value
+              key: FileSystemType
+              value: WINDOWS 
+            - or:
+              - type: value
+                key: WindowsConfiguration.AutomaticBackupRetentionDays
+                value: 0
+              - type: value
+                key: WindowsConfiguration.AutomaticBackupRetentionDays
+                value: absent
diff --git a/policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml b/policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml
new file mode 100644
index 000000000..355caf99a
--- /dev/null
+++ b/policies/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-692-fsx_netapp_ontap_multi_az_enabled
+    description: |
+      FSx for NetApp ONTAP file systems do not have Multi-AZ enabled
+    resource: aws.fsx
+    filters:
+      - type: value
+        key: FileSystemType
+        value: ONTAP
+      - type: value
+        key: OntapConfiguration.DeploymentType
+        value: SINGLE_AZ_1
diff --git a/policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml b/policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml
new file mode 100644
index 000000000..3f75aa33d
--- /dev/null
+++ b/policies/ecc-aws-693-fsx_windows_file_server_multi_az_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-693-fsx_windows_file_server_multi_az_enabled
+    description: |
+      FSx for for Windows File Server file systems do not have Multi-AZ enabled
+    resource: aws.fsx
+    filters:
+      - type: value
+        key: FileSystemType
+        value: WINDOWS
+      - not:
+        - type: value
+          key: WindowsConfiguration.DeploymentType
+          value: MULTI_AZ_1
diff --git a/policies/ecc-aws-696-alb_desync_mode_check.yml b/policies/ecc-aws-696-alb_desync_mode_check.yml
new file mode 100644
index 000000000..3678e5f30
--- /dev/null
+++ b/policies/ecc-aws-696-alb_desync_mode_check.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-696-alb_desync_mode_check
+    description: |
+      Application Load Balancers are not configured with defensive or strictest desync mitigation mode
+    resource: aws.app-elb
+    filters:
+      - type: attributes
+        key: routing.http.desync_mitigation_mode
+        value: "monitor"
\ No newline at end of file
diff --git a/policies/ecc-aws-697-api_gw_endpoint_type_check.yml b/policies/ecc-aws-697-api_gw_endpoint_type_check.yml
new file mode 100644
index 000000000..e15272b7c
--- /dev/null
+++ b/policies/ecc-aws-697-api_gw_endpoint_type_check.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-697-api_gw_endpoint_type_check
+    description: |
+      API Gateway endpoint type not set correctly
+    resource: rest-api
+    filters:
+      - not:
+        - type: value
+          key: endpointConfiguration.types[0]
+          value: EDGE
\ No newline at end of file
diff --git a/policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml b/policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml
new file mode 100644
index 000000000..39fa22138
--- /dev/null
+++ b/policies/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled
+    resource: aws.asg
+    description: |
+      Auto Scaling Groups do not use rebalacing capacity
+    filters:
+      - not:
+        - type: value
+          key: CapacityRebalance
+          value: true
diff --git a/policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml b/policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml
new file mode 100644
index 000000000..b2afffd26
--- /dev/null
+++ b/policies/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-703-autoscaling_launchconfig_requires_imdsv2
+    resource: launch-config
+    description: |
+      Auto Scaling launch configuration IMDSv1 enabled
+    filters:
+      - not:
+          - type: value
+            key: MetadataOptions.HttpTokens
+            value: required
+          - type: value
+            key: MetadataOptions.HttpEndpoint
+            value: enabled
\ No newline at end of file
diff --git a/policies/ecc-aws-707-clb_desync_mode_check.yml b/policies/ecc-aws-707-clb_desync_mode_check.yml
new file mode 100644
index 000000000..ef0e6dccf
--- /dev/null
+++ b/policies/ecc-aws-707-clb_desync_mode_check.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-707-clb_desync_mode_check
+    description: |
+      Classic Load Balancers are not configured with defensive or strictest desync mitigation mode
+    resource: aws.elb
+    filters:
+      - type: attributes
+        key: AdditionalAttributes[?Key=='elb.http.desyncmitigationmode'].[Value=='monitor'][][]
+        op: contains
+        value: true
\ No newline at end of file
diff --git a/policies/ecc-aws-708-clb-multiple_az.yml b/policies/ecc-aws-708-clb-multiple_az.yml
new file mode 100644
index 000000000..fc56c2090
--- /dev/null
+++ b/policies/ecc-aws-708-clb-multiple_az.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-708-clb-multiple_az
+    description: |
+      Classic Load Balancers are not configured with multiple Availability Zones
+    resource: aws.elb
+    filters:
+      - type: value
+        key: AvailabilityZones[1]
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml b/policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml
new file mode 100644
index 000000000..dffd476eb
--- /dev/null
+++ b/policies/ecc-aws-709-clb_cross_zone_load_balancing_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-709-clb_cross_zone_load_balancing_enabled
+    description: |
+      Classic Load Balancers are not configured with cross-zone load balancing.
+    resource: aws.elb
+    filters:
+      - type: attributes
+        key: CrossZoneLoadBalancing.Enabled
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml b/policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml
new file mode 100644
index 000000000..96d6df383
--- /dev/null
+++ b/policies/ecc-aws-710-cloudformation_stack_drift_detection_check.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-710-cloudformation_stack_drift_detection_check
+    description: |
+      CloudFormation Stack has been drifted
+    resource: aws.cfn
+    filters:
+      - not:
+          - type: value
+            key: DriftInformation.StackDriftStatus
+            value: "IN_SYNC"
+      - type: value
+        key: StackStatus
+        op: in
+        value: ["CREATE_COMPLETE", "UPDATE_COMPLETE", "UPDATE_ROLLBACK_COMPLETE", "UPDATE_ROLLBACK_FAILED"]
diff --git a/policies/ecc-aws-712-cloudfront_sni_enabled.yml b/policies/ecc-aws-712-cloudfront_sni_enabled.yml
new file mode 100644
index 000000000..0187327df
--- /dev/null
+++ b/policies/ecc-aws-712-cloudfront_sni_enabled.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-712-cloudfront_sni_enabled
+    description: |
+      Cloudfront Distribution not uses SNI
+    resource: aws.distribution
+    filters:
+      - type: value
+        key: ViewerCertificate.SSLSupportMethod
+        value: vip
+      - not:
+          - type: value
+            key: ViewerCertificate.CloudFrontDefaultCertificate
+            value: true
+          - type: value
+            key: ViewerCertificate.CertificateSource
+            value: cloudfront
\ No newline at end of file
diff --git a/policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml b/policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..f79305118
--- /dev/null
+++ b/policies/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk
+    description: |
+      AWS CloudWatch log groups are not encrypted with KMS CMK
+    resource: log-group
+    filters:
+      - not:
+          - type: kms-key
+            key: KeyManager
+            value: CUSTOMER
\ No newline at end of file
diff --git a/policies/ecc-aws-717-codebuild_project_artifact_encryption.yml b/policies/ecc-aws-717-codebuild_project_artifact_encryption.yml
new file mode 100644
index 000000000..f5348ad09
--- /dev/null
+++ b/policies/ecc-aws-717-codebuild_project_artifact_encryption.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-717-codebuild_project_artifact_encryption
+    description: |
+      CodeBuild project artifact encryption disabled
+    resource: codebuild
+    filters:
+      - type: value
+        key: artifacts.encryptionDisabled
+        value: true
diff --git a/policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml b/policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml
new file mode 100644
index 000000000..1288674e0
--- /dev/null
+++ b/policies/ecc-aws-718-codebuild_project_environment_privileged_check.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-718-codebuild_project_environment_privileged_check
+    description: |
+      CodeBuild project environment privileged mode is set to true
+    resource: codebuild
+    filters:
+      - type: value
+        key: environment.privilegedMode
+        value: true
diff --git a/policies/ecc-aws-719-codebuild_project_logging_enabled.yml b/policies/ecc-aws-719-codebuild_project_logging_enabled.yml
new file mode 100644
index 000000000..8c4b320b3
--- /dev/null
+++ b/policies/ecc-aws-719-codebuild_project_logging_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-719-codebuild_project_logging_enabled
+    description: |
+      CodeBuild project logging in disabled
+    resource: codebuild
+    filters:
+      - or:
+          - type: value
+            key: logsConfig.s3Logs.status
+            value: "DISABLED"
+          - type: value
+            key: logsConfig.cloudWatchLogs.status
+            value: "DISABLED"
diff --git a/policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml b/policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml
new file mode 100644
index 000000000..27ae283c6
--- /dev/null
+++ b/policies/ecc-aws-720-codebuild_project_s3_logs_encrypted.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-720-codebuild_project_s3_logs_encrypted
+    description: |
+      CodeBuild S3 logs are not encrypted 
+    resource: aws.codebuild
+    filters:
+      - type: value
+        key: logsConfig.s3Logs.status
+        value: "ENABLED"
+      - type: value
+        key: logsConfig.s3Logs.encryptionDisabled
+        value: true
diff --git a/policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml b/policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml
new file mode 100644
index 000000000..281a8221e
--- /dev/null
+++ b/policies/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-721-codedeploy_auto_rollback_monitor_enabled
+    description: |
+      CodeDeploy AutoRollbackConfiguration or AlarmConfiguration has not been configured or is not enabled. 
+    resource: aws.codedeploy-group
+    filters:
+      - or:
+          - not:
+              - type: value
+                key: autoRollbackConfiguration.enabled
+                value: true
+              - type: value
+                key: alarmConfiguration.enabled
+                value: true
diff --git a/policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml b/policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
new file mode 100644
index 000000000..50fc61a01
--- /dev/null
+++ b/policies/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled
+    description: |
+      CodeDeploy Lambda AllAtOnce traffic shift disabled
+    resource: aws.codedeploy-group
+    filters:
+      - and:
+          - type: value
+            key: deploymentConfigName
+            value: "CodeDeployDefault.LambdaAllAtOnce"
+          - type: value
+            key: computePlatform
+            value: Lambda
diff --git a/policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml b/policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
new file mode 100644
index 000000000..1c288848f
--- /dev/null
+++ b/policies/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk
+    description: |
+      CodePipeline s3 artifact bucket is not encrypted with KMS CMK
+    resource: aws.codepipeline
+    filters:
+      - not:
+          - type: value
+            key: artifactStore.encryptionKey.type
+            value: KMS
diff --git a/policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml b/policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml
new file mode 100644
index 000000000..f1554fd39
--- /dev/null
+++ b/policies/ecc-aws-725-cloudwatch_log_group_retention_period_check.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-725-cloudwatch_log_group_retention_period_check
+    description: |
+      CloudWatch Log Group does not have retention period set correctly
+    resource: log-group
+    filters:
+      - not:
+        - type: value
+          key: retentionInDays
+          op: eq
+          value: 180
diff --git a/policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml b/policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml
new file mode 100644
index 000000000..ab100a36c
--- /dev/null
+++ b/policies/ecc-aws-734-ec2_instance_detailed_monitoring_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-734-ec2_instance_detailed_monitoring_enabled
+    description: |
+      EC2 instances detailed monitoring disabled
+    resource: aws.ec2
+    filters:
+      - type: value
+        key: Monitoring.State
+        value: disabled
\ No newline at end of file
diff --git a/policies/ecc-aws-739-ec2_token_hop_limit_check.yml b/policies/ecc-aws-739-ec2_token_hop_limit_check.yml
new file mode 100644
index 000000000..ef5508cb9
--- /dev/null
+++ b/policies/ecc-aws-739-ec2_token_hop_limit_check.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-739-ec2_token_hop_limit_check
+    resource: aws.ec2
+    description: |
+      EC2 instances token hop limit set correctly
+    filters:
+      - not:
+        - type: value
+          key: MetadataOptions.HttpPutResponseHopLimit
+          value: 1
\ No newline at end of file
diff --git a/policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml b/policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml
new file mode 100644
index 000000000..18d359023
--- /dev/null
+++ b/policies/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled
+    description: |
+      Transit gateway automatically accept VPC attachment requests
+    resource: aws.transit-gateway
+    filters:
+      - type: value
+        key: Options.AutoAcceptSharedAttachments
+        value: enable
\ No newline at end of file
diff --git a/policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml b/policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml
new file mode 100644
index 000000000..e5c4a90c2
--- /dev/null
+++ b/policies/ecc-aws-741-ecr_private_lifecycle_policy_configured.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-741-ecr_private_lifecycle_policy_configured
+    description: |
+      ECR repository does not have any lifecycle policies configured
+    resource: aws.ecr
+    filters:
+      - type: lifecycle-rule
+        state: False
diff --git a/policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml b/policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml
new file mode 100644
index 000000000..d6650547a
--- /dev/null
+++ b/policies/ecc-aws-744-ecs_fargate_latest_platform_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-744-ecs_fargate_latest_platform_version
+    description: |
+      ECS Fargate not latest platform version
+    resource: ecs-service
+    filters:
+      - not:
+          - type: value
+            key: platformVersion
+            value: LATEST
\ No newline at end of file
diff --git a/policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml b/policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml
new file mode 100644
index 000000000..6b42ec725
--- /dev/null
+++ b/policies/ecc-aws-745-ecs_task_definition_memory_hard_limit.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-745-ecs_task_definition_memory_hard_limit
+    description: |
+      Amazon ECS task definitions memory hard limit is not set
+    resource: ecs-task-definition
+    filters:
+      - type: value
+        key: containerDefinitions[].memory
+        value: empty
diff --git a/policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml b/policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml
new file mode 100644
index 000000000..8ffa976d2
--- /dev/null
+++ b/policies/ecc-aws-746-ecs_task_definition_pid_mode_check.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-746-ecs_task_definition_pid_mode_check
+    description: |
+      Amazon ECS task definitions pid mode set to 'host'
+    resource: ecs-task-definition
+    filters:
+      - type: value
+        key: pidMode
+        value: host
diff --git a/policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml b/policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml
new file mode 100644
index 000000000..a1eee782e
--- /dev/null
+++ b/policies/ecc-aws-751-eks_cluster_oldest_supported_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-751-eks_cluster_oldest_supported_version
+    description: |
+      EKS cluster is using unsupported version
+    resource: aws.eks
+    filters:
+      - type: value
+        key: version
+        value: "1.21"
+        op: lt
diff --git a/policies/ecc-aws-755-elbv2_multiple_az.yml b/policies/ecc-aws-755-elbv2_multiple_az.yml
new file mode 100644
index 000000000..69893310b
--- /dev/null
+++ b/policies/ecc-aws-755-elbv2_multiple_az.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-755-elbv2_multiple_az
+    description: |
+      Application, Gateway and Network Load Balancers are not configured with multiple Availability Zones
+    resource: aws.app-elb
+    filters:
+      - type: value
+        key: AvailabilityZones[1]
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-760-iam_group_has_users_check.yml b/policies/ecc-aws-760-iam_group_has_users_check.yml
new file mode 100644
index 000000000..6ed0e7173
--- /dev/null
+++ b/policies/ecc-aws-760-iam_group_has_users_check.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-760-iam_group_has_users_check
+    resource: aws.iam-group
+    description: |
+      IAM group doesn't have users
+    filters:
+      - type: has-users
+        value: false
diff --git a/policies/ecc-aws-762-lambda_vpc_multi_az_check.yml b/policies/ecc-aws-762-lambda_vpc_multi_az_check.yml
new file mode 100644
index 000000000..b07efc73a
--- /dev/null
+++ b/policies/ecc-aws-762-lambda_vpc_multi_az_check.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-762-lambda_vpc_multi_az_check
+    description: |
+      Lambda functions are not operate in more than one Availability Zone
+    resource: aws.lambda
+    filters:
+        - type: value
+          key: VpcConfig
+          value: present
+        - type: value
+          key: VpcConfig.SubnetIds
+          value_type: size
+          value: 1
diff --git a/policies/ecc-aws-769-opensearch_access_control_enabled.yml b/policies/ecc-aws-769-opensearch_access_control_enabled.yml
new file mode 100644
index 000000000..c4a35f70c
--- /dev/null
+++ b/policies/ecc-aws-769-opensearch_access_control_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-769-opensearch_access_control_enabled
+    description: |
+      Opensearch fine grained access control disabled
+    resource: elasticsearch
+    filters:
+      - type: value
+        key: AdvancedSecurityOptions.Enabled
+        value: false
diff --git a/policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml b/policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml
new file mode 100644
index 000000000..4cd0913b9
--- /dev/null
+++ b/policies/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-770-rds_automatic_minor_version_upgrade_enabled
+    resource: aws.rds
+    description: |
+      AUtomatic minor version upgrade is not configured for RDS DB instances
+    filters:
+      - type: value
+        key: AutoMinorVersionUpgrade
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-771-rds_cluster_default_admin_check.yml b/policies/ecc-aws-771-rds_cluster_default_admin_check.yml
new file mode 100644
index 000000000..bc940a66c
--- /dev/null
+++ b/policies/ecc-aws-771-rds_cluster_default_admin_check.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-771-rds_cluster_default_admin_check
+    description: |
+      Amazon RDS cluster uses default Admin username
+    resource: rds-cluster
+    filters:
+      - or:
+          - type: value
+            key: MasterUsername
+            value: admin
+          - type: value
+            key: MasterUsername
+            value: postgres
\ No newline at end of file
diff --git a/policies/ecc-aws-773-rds_instance_default_admin_check.yml b/policies/ecc-aws-773-rds_instance_default_admin_check.yml
new file mode 100644
index 000000000..bea646a81
--- /dev/null
+++ b/policies/ecc-aws-773-rds_instance_default_admin_check.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-773-rds_instance_default_admin_check
+    description: |
+      Amazon RDS instance uses default Admin username
+    resource: rds
+    filters:
+      - or:
+          - type: value
+            key: MasterUsername
+            value: admin
+          - type: value
+            key: MasterUsername
+            value: postgres
\ No newline at end of file
diff --git a/policies/ecc-aws-776-redshift_default_admin_check.yml b/policies/ecc-aws-776-redshift_default_admin_check.yml
new file mode 100644
index 000000000..7e4daf944
--- /dev/null
+++ b/policies/ecc-aws-776-redshift_default_admin_check.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-776-redshift_default_admin_check
+    description: |
+      Amazon Redshift uses default Admin username
+    resource: redshift
+    filters:
+      - type: value
+        key: MasterUsername
+        value: awsuser
\ No newline at end of file
diff --git a/policies/ecc-aws-777-redshift_default_db_name_check.yml b/policies/ecc-aws-777-redshift_default_db_name_check.yml
new file mode 100644
index 000000000..09073ea5b
--- /dev/null
+++ b/policies/ecc-aws-777-redshift_default_db_name_check.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-777-redshift_default_db_name_check
+    description: |
+      Redshift clusters uses the default database name
+    resource: redshift
+    filters:
+      - type: value
+        key: DBName
+        value: dev
\ No newline at end of file
diff --git a/policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml b/policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml
new file mode 100644
index 000000000..f050ad4e9
--- /dev/null
+++ b/policies/ecc-aws-780-sns_topic_message_delivery_notification_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-780-sns_topic_message_delivery_notification_enabled
+    description: |
+      Amazon SNS topic message delivery notification is disabled
+    resource: sns
+    filters:
+      - type: value
+        key: HTTPSuccessFeedbackRoleArn || FirehoseSuccessFeedbackRoleArn || LambdaSuccessFeedbackRoleArn || ApplicationSuccessFeedbackRoleArn || SQSSuccessFeedbackRoleArn
+        value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-787-mwaa_latest_version.yml b/policies/ecc-aws-787-mwaa_latest_version.yml
new file mode 100644
index 000000000..a7577d163
--- /dev/null
+++ b/policies/ecc-aws-787-mwaa_latest_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-787-mwaa_latest_version
+    description: |
+      Managed Workflows for Apache Airflow not using latest version
+    resource: aws.airflow
+    filters:
+      - not:
+          - type: value
+            key: AirflowVersion
+            value: '2.4.3'
diff --git a/policies/ecc-aws-800-dax_ecnrypted_in_transit.yml b/policies/ecc-aws-800-dax_ecnrypted_in_transit.yml
new file mode 100644
index 000000000..033daa01c
--- /dev/null
+++ b/policies/ecc-aws-800-dax_ecnrypted_in_transit.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-800-dax_ecnrypted_in_transit
+    resource: aws.dax
+    description: |
+      DynamoDB Accelerator clusters encryption in transit of data is disabled
+    filters:
+      - type: value
+        key: ClusterEndpointEncryptionType
+        value: NONE
\ No newline at end of file
diff --git a/policies/ecc-aws-808-clb_internet_facing.yml b/policies/ecc-aws-808-clb_internet_facing.yml
new file mode 100644
index 000000000..51628da6e
--- /dev/null
+++ b/policies/ecc-aws-808-clb_internet_facing.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-808-clb_internet_facing
+    description: |
+      Amazon CLB is internet facing
+    resource: aws.elb
+    filters:
+      - type: value
+        key: Scheme
+        value: "internet-facing"
\ No newline at end of file
diff --git a/policies/ecc-aws-809-elb_internet_facing.yml b/policies/ecc-aws-809-elb_internet_facing.yml
new file mode 100644
index 000000000..dc624f0a4
--- /dev/null
+++ b/policies/ecc-aws-809-elb_internet_facing.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-809-elb_internet_facing
+    description: |
+      Amazon ELB is internet facing
+    resource: aws.app-elb
+    filters:
+      - type: value
+        key: Scheme
+        value: "internet-facing"
\ No newline at end of file
diff --git a/policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml b/policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
new file mode 100644
index 000000000..16bdf64ff
--- /dev/null
+++ b/policies/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate
+    description: |
+      ACM has certificates minimum rsa key is not 2048 bit
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: KeyAlgorithm
+        op: regex
+        value: RSA-1024
\ No newline at end of file
diff --git a/policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml b/policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml
new file mode 100644
index 000000000..1fe0a28a4
--- /dev/null
+++ b/policies/ecc-aws-835-inactive_iam_access_keys_are_not_deleted.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-835-inactive_iam_access_keys_are_not_deleted
+    resource: aws.iam-user
+    description: |
+      Inactive access keys are not deleted
+    filters:
+      - type: credential
+        key: access_keys.active
+        value: false
diff --git a/policies/ecc-aws-897-security_hub_enabled.yml b/policies/ecc-aws-897-security_hub_enabled.yml
new file mode 100644
index 000000000..163ac5135
--- /dev/null
+++ b/policies/ecc-aws-897-security_hub_enabled.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-897-security_hub_enabled
+    resource: aws.account
+    description: |
+      Security Hub is not enabled
+    filters:
+     - type: securityhub
+       enabled: false
\ No newline at end of file
diff --git a/policies/ecc-aws-899-s3_event_notifications_enabled.yml b/policies/ecc-aws-899-s3_event_notifications_enabled.yml
new file mode 100644
index 000000000..9a1ac086d
--- /dev/null
+++ b/policies/ecc-aws-899-s3_event_notifications_enabled.yml
@@ -0,0 +1,27 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-899-s3_event_notifications_enabled
+    description: |
+      S3 buckets should have event notifications enabled
+    resource: aws.s3
+    filters:
+    - not:
+      - or:
+        - type: bucket-notification
+          kind: sns
+          key: Id
+          value: present
+        - type: bucket-notification
+          kind: sqs
+          key: Id
+          value: present
+        - type: bucket-notification
+          kind: lambda
+          key: Id
+          value: present
\ No newline at end of file
diff --git a/policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml b/policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml
new file mode 100644
index 000000000..44d2175d6
--- /dev/null
+++ b/policies/ecc-aws-902-vpc_vpn_2_tunnels_up.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-902-vpc_vpn_2_tunnels_up
+    description: |
+      One or both VPN tunnels for an AWS Site-to-Site VPN connection are in DOWN status
+    resource: aws.vpn-connection
+    filters:
+      - type: value
+        key: State
+        value: available
+      - type: value
+        key: length(VgwTelemetry[?Status=='UP'])==`2`
+        value: false
diff --git a/policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml b/policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml
new file mode 100644
index 000000000..47088d738
--- /dev/null
+++ b/policies/ecc-aws-904-autoscaling_launch_config_hop_limit.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-904-autoscaling_launch_config_hop_limit
+    resource: launch-config
+    description: |
+      Auto Scaling launch configuration hop limit is greater than 1
+    filters:
+      - type: value
+        key: MetadataOptions.HttpPutResponseHopLimit
+        op: gt
+        value: 1
\ No newline at end of file
diff --git a/policies/ecc-aws-906-ecs_containers_readonly_access.yml b/policies/ecc-aws-906-ecs_containers_readonly_access.yml
new file mode 100644
index 000000000..0292561c2
--- /dev/null
+++ b/policies/ecc-aws-906-ecs_containers_readonly_access.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-906-ecs_containers_readonly_access
+    description: |
+      ECS container is not limited to read-only access to root file systems
+    resource: ecs-task-definition
+    filters:
+      - not:
+          - type: value
+            key: containerDefinitions[0].readonlyRootFilesystem
+            value: true
diff --git a/policies/ecc-aws-907-ecs_no_environment_secrets.yml b/policies/ecc-aws-907-ecs_no_environment_secrets.yml
new file mode 100644
index 000000000..ccdad5e85
--- /dev/null
+++ b/policies/ecc-aws-907-ecs_no_environment_secrets.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-907-ecs_no_environment_secrets
+    description: |
+      Amazon ECS secrets passed as container environment variables
+    resource: ecs-task-definition
+    filters:
+      - type: value
+        key: containerDefinitions[].environment[?name == 'AWS_ACCESS_KEY_ID' || name == 'ECS_ENGINE_AUTH_DATA' || name == 'AWS_SECRET_ACCESS_KEY'].[starts_with(value, 'arn')][][]
+        op: contains
+        value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml b/policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml
new file mode 100644
index 000000000..17a2b7de6
--- /dev/null
+++ b/policies/ecc-aws-911-kms_cmk_not_scheduled_for_deletion.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-911-kms_cmk_not_scheduled_for_deletion
+    description: |
+      KMS keys should not be unintentionally deleted
+    resource: aws.kms-key
+    filters:
+      - type: value
+        key: 'KeyState'
+        value: PendingDeletion
\ No newline at end of file
diff --git a/policies/ecc-aws-917-waf_global_webacl_not_empty.yml b/policies/ecc-aws-917-waf_global_webacl_not_empty.yml
new file mode 100644
index 000000000..20f336c5b
--- /dev/null
+++ b/policies/ecc-aws-917-waf_global_webacl_not_empty.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-917-waf_global_webacl_not_empty
+    description: |
+      A WAF global web ACL does not have at least one rule or rule group
+    resource: aws.waf
+    filters:
+      - type: value
+        key: Rules
+        value: empty
diff --git a/policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml b/policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml
new file mode 100644
index 000000000..7e22f23a8
--- /dev/null
+++ b/policies/ecc-aws-922-acm_certificate_transparency_logging_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-922-acm_certificate_transparency_logging_enabled
+    description: |
+      ACM transparency logging disabled
+    resource: acm-certificate
+    filters:
+      - type: value
+        key: Options.CertificateTransparencyLoggingPreference
+        value: DISABLED
\ No newline at end of file
diff --git a/policies/ecc-aws-938-cloudfront_encryption_in_transit.yml b/policies/ecc-aws-938-cloudfront_encryption_in_transit.yml
new file mode 100644
index 000000000..7dd5235f2
--- /dev/null
+++ b/policies/ecc-aws-938-cloudfront_encryption_in_transit.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-938-cloudfront_encryption_in_transit
+    description: |
+      CloudFront distribution not encrypted in transit
+    resource: aws.distribution
+    filters:
+      - or:
+          - type: value
+            key: DefaultCacheBehavior.ViewerProtocolPolicy
+            value: allow-all
+          - type: value
+            key: CacheBehaviors.Items[].ViewerProtocolPolicy
+            value: allow-all
diff --git a/policies/ecc-aws-939-ebs_default_encryption_enabled.yml b/policies/ecc-aws-939-ebs_default_encryption_enabled.yml
new file mode 100644
index 000000000..b383d9816
--- /dev/null
+++ b/policies/ecc-aws-939-ebs_default_encryption_enabled.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-939-ebs_default_encryption_enabled
+    resource: aws.account
+    description: |
+      EBS volume default encryption disabled
+    filters:
+     - type: default-ebs-encryption
+       key:
+         type: value
+         key: Origin
+         value: AWS_KMS
+       state: false
\ No newline at end of file
diff --git a/policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml b/policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml
new file mode 100644
index 000000000..a536547aa
--- /dev/null
+++ b/policies/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-948-imported_and_acm_certificates_expire_in_one_month
+    description: |
+      Imported and ACM-issued certificates expire in less than a month
+    resource: aws.acm-certificate
+    filters:
+      - type: value
+        key: NotAfter
+        value_type: expiration
+        op: lt
+        value: 30
diff --git a/policies/ecc-aws-949-key_pair_without_tag_information.yml b/policies/ecc-aws-949-key_pair_without_tag_information.yml
new file mode 100644
index 000000000..49bc7c6c4
--- /dev/null
+++ b/policies/ecc-aws-949-key_pair_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-949-key_pair_without_tag_information
+    description: |
+      Amazon Key pair without tag information
+    resource: key-pair
+    filters:
+      - type: tag-count
+        op: eq
+        count: 0
\ No newline at end of file
diff --git a/policies/ecc-aws-950-autoscaling_launch_template.yml b/policies/ecc-aws-950-autoscaling_launch_template.yml
new file mode 100644
index 000000000..b9b84477a
--- /dev/null
+++ b/policies/ecc-aws-950-autoscaling_launch_template.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-950-autoscaling_launch_template
+    description: |
+      EC2 Auto Scaling groups is not using EC2 launch templates
+    resource: aws.asg
+    filters:
+      - type: value
+        key: LaunchConfigurationName
+        value: present
diff --git a/policies/ecc-aws-951-clb_acm_certificate_required.yml b/policies/ecc-aws-951-clb_acm_certificate_required.yml
new file mode 100644
index 000000000..c632ae637
--- /dev/null
+++ b/policies/ecc-aws-951-clb_acm_certificate_required.yml
@@ -0,0 +1,28 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-951-clb_acm_certificate_required
+    description: |
+      Classic Load Balancers with HTTPS/SSL listeners do not use certificate provided by AWS Certificate Manager
+    resource: aws.elb
+    filters:
+      - or:
+          - type: value
+            key: ListenerDescriptions[].Listener.Protocol
+            value_type: swap
+            value: HTTPS
+            op: in
+          - type: value
+            key: ListenerDescriptions[].Listener.Protocol
+            value_type: swap
+            value: SSL
+            op: in
+      - type: value
+        key: ListenerDescriptions[].Listener.SSLCertificateId
+        op: regex
+        value: '^arn:aws:iam::.*$' 
diff --git a/policies/ecc-aws-953-lambda_function_settings_check.yml b/policies/ecc-aws-953-lambda_function_settings_check.yml
new file mode 100644
index 000000000..a69f87e34
--- /dev/null
+++ b/policies/ecc-aws-953-lambda_function_settings_check.yml
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-953-lambda_function_settings_check
+    description: |
+      Lambda functions should not use no longer supported runtimes
+    resource: aws.lambda
+    filters:
+      - type: value
+        key: PackageType
+        value: Zip 
+      - not:
+        - type: value
+          key: Runtime
+          op: in 
+          value: [nodejs18.x, nodejs16.x, nodejs14.x, nodejs12.x, python3.9, python3.8, python3.7, ruby2.7, java11, java8, java8.al2, go1.x, dotnetcore3.1, dotnet6]
diff --git a/policies/ecc-aws-955-ecs_containers_nonprivileged.yml b/policies/ecc-aws-955-ecs_containers_nonprivileged.yml
new file mode 100644
index 000000000..2f33e8420
--- /dev/null
+++ b/policies/ecc-aws-955-ecs_containers_nonprivileged.yml
@@ -0,0 +1,23 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-955-ecs_containers_nonprivileged
+    description: |
+      ECS containers should not run in privileged parameter
+    resource: ecs-task-definition
+    filters:
+        - not:
+          - type: value
+            key: networkMode
+            value: host
+        - type: value
+          key: containerDefinitions[].privileged
+          value_type: swap
+          op: in
+          value: true
+
diff --git a/policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml b/policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml
new file mode 100644
index 000000000..25b33be2c
--- /dev/null
+++ b/policies/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-958-cloudfront_s3_origin_non_existent_bucket
+    description: |
+      CloudFront distributions are pointing to non-existent S3 origins
+    resource: aws.distribution
+    filters:
+      - type: mismatch-s3-origin
+        check_custom_origins: true
diff --git a/policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml b/policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml
new file mode 100644
index 000000000..d54903962
--- /dev/null
+++ b/policies/ecc-aws-961-cloudfront_origin_access_control_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-961-cloudfront_origin_access_control_enabled
+    description: |
+      CloudFront distributions do not have origin access control enabled
+    resource: aws.distribution
+    filters:
+      - type: value
+        key: length(Origins.Items[?!CustomOriginConfig && OriginAccessControlId==''])>=`1`
+        value: true
diff --git a/policies/ecc-aws-962-glue_job_latest_version.yml b/policies/ecc-aws-962-glue_job_latest_version.yml
new file mode 100644
index 000000000..bb928eda9
--- /dev/null
+++ b/policies/ecc-aws-962-glue_job_latest_version.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-962-glue_job_latest_version
+    description: |
+      Amazon Glue Job not latest version
+    resource: glue-job
+    filters:
+      - not:
+        - type: value
+          key: GlueVersion
+          value: '4.0'
\ No newline at end of file
diff --git a/policies/ecc-aws-963-glue_job_logging_enabled.yml b/policies/ecc-aws-963-glue_job_logging_enabled.yml
new file mode 100644
index 000000000..645664134
--- /dev/null
+++ b/policies/ecc-aws-963-glue_job_logging_enabled.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-963-glue_job_logging_enabled
+    description: |
+      Glue job logging disabled
+    resource: aws.glue-job
+    filters:
+      - not:
+        - type: value
+          key: DefaultArguments."--enable-continuous-cloudwatch-log"=='true'
+          value: true
diff --git a/version b/version
new file mode 100644
index 000000000..d3827e75a
--- /dev/null
+++ b/version
@@ -0,0 +1 @@
+1.0

From 963f7d3a52cc8203df802ee7e07e0d02b86c3030 Mon Sep 17 00:00:00 2001
From: Astr1k <astr1kyv@gmail.com>
Date: Wed, 14 Jun 2023 15:35:57 +0000
Subject: [PATCH 03/15] Added Terraform

---
 .../green/iam.tf                              |  44 +++
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/002-policy.json                       |  15 +
 .../red/iam.tf                                |  14 +
 .../red/provider.tf                           |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |  12 +
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/013-policy.json                       |  14 +
 .../red/iam.tf                                |   5 +
 .../red/provider.tf                           |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  58 ++++
 .../iam/033-policy.json                       |  14 +
 .../red/provider.tf                           |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/083-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/083-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/certificate.tf                      |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/086-policy.json                       |  10 +
 .../red/certificate.tf                        |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/certificate.tf                      |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/087-policy.json                       |  10 +
 .../red/certificate.tf                        |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  75 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/090-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  77 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/lb.tf                               |  80 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/092-policy.json                       |  13 +
 .../red/lb.tf                                 |  59 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../ecc-aws-093-clb_uses_https/green/lb.tf    |  60 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../ecc-aws-093-clb_uses_https/green1/lb.tf   |  60 ++++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/093-policy.json                       |  14 +
 .../ecc-aws-093-clb_uses_https/red/lb.tf      |  32 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/094-policy.json                       |  15 +
 .../green/iam.tf                              |  42 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/095-policy.json                       |  15 +
 .../red/iam.tf                                |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              | 100 +++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/096-policy.json                       |  17 ++
 .../green/iam.tf                              |  72 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/097-policy.json                       |  15 +
 .../red/iam.tf                                |  31 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/098-policy.json                       |  13 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  14 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/099-policy.json                       |  13 +
 .../red/ec2.tf                                |  14 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/lb.tf                               |  75 +++++
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/101-policy.json                       |  15 +
 .../red/lb.tf                                 |  59 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sqs.tf                              |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/102-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/sqs.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  15 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/103-policy.json                       |  15 +
 .../red/ec2.tf                                |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/105-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/109-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/110-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/111-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/112-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/113-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/114-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/115-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/116-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/117-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/118-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/119-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/120-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/121-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  59 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/124-policy.json                       |  14 +
 .../red/eks.tf                                |  60 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/140-policy.json                       |  13 +
 .../red/provider.tf                           |  13 +
 .../red/rds.tf                                |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/168-policy.json                       |  13 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/169-policy.json                       |  15 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/168-policy.json                       |  13 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/171-policy.json                       |  14 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/172-policy.json                       |  14 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/173-policy.json                       |  14 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   9 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/174-policy.json                       |  13 +
 .../iam/report-filter.txt                     |   1 +
 .../red/iam.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudtrail.tf                       |  51 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/176-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |  51 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudtrail.tf                       | 111 +++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/179-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |  52 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  39 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/181-policy.json                       |  13 +
 .../red/ec2.tf                                |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/config.tf                           |  27 ++
 .../green/iam.tf                              |  48 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/183-policy.json                       |  15 +
 .../red/config.tf                             |  75 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/config.tf                            |  27 ++
 .../red1/iam.tf                               |  48 +++
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/cloudtrail.tf                       |   9 +
 .../green/encryption.tf                       |  39 +++
 .../green/iam.tf                              |  77 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/184-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |   8 +
 .../red/encryption.tf                         |  39 +++
 .../red/iam.tf                                |  77 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kms.tf                              |  34 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/185-policy.json                       |  15 +
 .../red/kms.tf                                |  32 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/186-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  20 ++
 .../red1/sg.tf                                |  21 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/187-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   7 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/188-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/distribution.tf                     |  64 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/190-policy.json                       |  13 +
 .../red/distribution.tf                       |  64 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  79 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/191-policy.json                       |  14 +
 .../red/eks.tf                                |  77 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/196-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/codebuild.tf                        |  60 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   4 +
 .../green/variables.tf                        |  17 ++
 .../iam/197-policy.json                       |  12 +
 .../red/codebuild.tf                          |  81 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   7 +
 .../red/variables.tf                          |  29 ++
 .../green/asg.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/198-policy.json                       |  10 +
 .../red/asg.tf                                |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eip.tf                              |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/199-policy.json                       |  12 +
 .../red/eip.tf                                |   2 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticsearch.tf                    |  28 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/200-policy.json                       |  14 +
 .../red/elasticsearch.tf                      |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticsearch.tf                    |  13 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/201-policy.json                       |  14 +
 .../red/elasticsearch.tf                      |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/203-policy.json                       |  14 +
 .../red/ebs.tf                                |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cw.tf                               |  35 +++
 .../green/iam.tf                              |  47 +++
 .../green/provider.tf                         |  20 ++
 .../green/sns.tf                              |  18 ++
 .../green/terraform.tfvars                    |   4 +
 .../green/trail.tf                            |  52 ++++
 .../green/variables.tf                        |  19 ++
 .../iam/206-policy.json                       |  20 ++
 .../red/cw.tf                                 |   8 +
 .../red/iam.tf                                |  47 +++
 .../red/provider.tf                           |  20 ++
 .../red/sns.tf                                |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/trail.tf                              |  51 ++++
 .../red/variables.tf                          |   9 +
 .../red1/cw.tf                                |  34 +++
 .../red1/iam.tf                               |  47 +++
 .../red1/provider.tf                          |  20 ++
 .../red1/sns.tf                               |  18 ++
 .../red1/terraform.tfvars                     |   4 +
 .../red1/trail.tf                             |  51 ++++
 .../red1/variables.tf                         |  19 ++
 .../green/cloudfront.tf                       |  54 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/210-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../ecc-aws-212-lambda_in_vpc/green/func.py   |   8 +
 .../ecc-aws-212-lambda_in_vpc/green/func.zip  | Bin 0 -> 299 bytes
 .../ecc-aws-212-lambda_in_vpc/green/lambda.tf |  75 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/212-policy.json                       |  14 +
 .../ecc-aws-212-lambda_in_vpc/red/func.py     |   9 +
 .../ecc-aws-212-lambda_in_vpc/red/func.zip    | Bin 0 -> 299 bytes
 .../ecc-aws-212-lambda_in_vpc/red/lambda.tf   |  70 +++++
 .../ecc-aws-212-lambda_in_vpc/red/provider.tf |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/redshift.tf                         |  16 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/215-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/MessageUtil.zip                     | Bin 0 -> 2745 bytes
 .../green/codebuild.tf                        |  61 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/218-policy.yml                        |  12 +
 .../red/MessageUtil.zip                       | Bin 0 -> 2745 bytes
 .../red/codebuild.tf                          |  67 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  24 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/219-policy.json                       |  14 +
 .../green/ec2.tf                              |  21 ++
 .../green/iam.tf                              |  23 ++
 .../green/provider.tf                         |  20 ++
 .../green/ssm.tf                              | 107 +++++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  32 ++
 .../iam/221-policy.json                       |  13 +
 .../red/ec2.tf                                |  21 ++
 .../red/iam.tf                                |  23 ++
 .../red/provider.tf                           |  20 ++
 .../red/ssm.tf                                | 113 +++++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  32 ++
 .../green/ami.tf                              |  19 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/222-policy.json                       |  14 +
 .../ecc-aws-222-ami_public_access/red/ami.tf  |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sagemaker.tf                        |  56 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/223-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sagemaker.tf                          |  24 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  20 ++
 .../red1/sagemaker.tf                         |  56 ++++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |   8 +
 .../iam/231-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sagemaker.tf                        |  56 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/232-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sagemaker.tf                          |  56 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/237-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  48 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  45 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/238-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/acm.tf                              |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/240-policy.json                       |  14 +
 .../red/acm.tf                                |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/241-policy.json                       |  14 +
 .../red/acm.tf                                |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  89 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/242-policy.json                       |  12 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/243-policy.json                       |  14 +
 .../green/alb.tf                              |  87 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/245-policy.json                       |  15 +
 .../red/alb.tf                                |  48 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |  32 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/247-policy.json                       |  13 +
 .../red/iam.tf                                |  27 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  14 +
 .../green/iam.tf                              |  28 ++
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  37 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  36 +++
 .../iam/248-policy.json                       |  14 +
 .../red/eks.tf                                |  14 +
 .../red/iam.tf                                |  28 ++
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  36 +++
 .../red1/eks.tf                               |  14 +
 .../red1/iam.tf                               |  28 ++
 .../red1/provider.tf                          |  20 ++
 .../red1/sg.tf                                |  18 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../red1/vpc.tf                               |  35 +++
 .../green/cloudfront.tf                       |  89 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/249-policy.json                       |  14 +
 .../green/api.tf                              |   7 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/250-policy.json                       |  12 +
 .../red/api.tf                                |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  17 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/251-policy.json                       |  12 +
 .../red/api.tf                                |  17 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kinesis.tf                          |  11 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/253-policy.json                       |  14 +
 .../red/kinesis.tf                            |   6 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kinesis.tf                          |  11 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/254-policy.json                       |  14 +
 .../red/kinesis.tf                            |   5 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  26 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/255-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  26 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dynamodb.tf                         |  22 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/256-policy.json                       |  14 +
 .../red/dynamodb.tf                           |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../ecc-aws-257-efs_is_encrypted/green/efs.tf |   4 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/257-policy.json                       |  13 +
 .../ecc-aws-257-efs_is_encrypted/red/efs.tf   |   4 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/efs.tf                              |  16 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/258-policy.json                       |  15 +
 .../red/efs.tf                                |   4 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/efs.tf                               |   3 +
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/elasticache.tf                      |  15 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/259-policy.json                       |  13 +
 .../red/elasticache.tf                        |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/elasticache.tf                       |  12 +
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../red2/elasticache.tf                       |  10 +
 .../red2/provider.tf                          |  20 ++
 .../red2/terraform.tfvars                     |   2 +
 .../red2/variables.tf                         |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/redshift.tf                         |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/260-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/redshift.tf                           |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  23 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/261-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/register-domain.json                |  41 +++
 .../green/route53.tf                          |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/262-policy.json                       |  13 +
 .../green/alb.tf                              | 110 +++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/263-policy.json                       |  12 +
 .../red/alb.tf                                |  80 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/nlb.tf                              |  91 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/264-policy.json                       |  12 +
 .../red/nlb.tf                                |  89 ++++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/gd.tf                               |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/267-policy.json                       |  13 +
 .../iam/272-policy.json                       |  13 +
 .../green/iam.tf                              |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/276-policy.json                       |  11 +
 .../green/iam.tf                              |   7 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/277-policy.json                       |  12 +
 .../red/iam.tf                                |  11 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   7 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/279-policy.json                       |  10 +
 .../red/iam.tf                                |   7 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/289-policy.json                       |  12 +
 .../red/ebs.tf                                |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  23 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/291-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  23 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  50 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/292-policy.json                       |  12 +
 .../red/api.tf                                |  49 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   3 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/293-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elb.tf                              |  16 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/294-policy.json                       |  13 +
 .../red/elb.tf                                |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/es.tf                               |  83 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/295-policy.json                       |  12 +
 .../red/es.tf                                 |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/es.tf                               |  16 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/297-policy.json                       |  12 +
 .../red/es.tf                                 |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/es.tf                               |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/298-policy.json                       |  18 ++
 .../red/es.tf                                 |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds_cluster.tf                      |  24 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/299-policy.json                       |  10 +
 .../red/provider.tf                           |  20 ++
 .../red/rds_cluster.tf                        |  23 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  23 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/300-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  22 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/redshift.tf                         |  76 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/306-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/redshift.tf                           |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/route_tables.tf                     |  31 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  28 ++
 .../iam/308-policy.json                       |  18 ++
 .../red/ecs.tf                                |  40 +++
 .../red/provider.tf                           |  20 ++
 .../red/route_tables.tf                       |  31 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  28 ++
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/309-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/310-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  24 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/312-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  24 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/313-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/314-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/315-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/316-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |  25 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/317-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/sg.tf                                 |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  17 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/318-policy.json                       |  10 +
 .../red/cluster.tf                            |  16 +
 .../red/provider.tf                           |   4 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  23 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/319-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  22 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/snapshot.tf                         |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/320-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/snapshot.tf                           |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  54 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/322-policy.json                       |  12 +
 .../red/api.tf                                |  47 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   3 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/323-policy.json                       |  12 +
 .../red/api.tf                                |  40 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   3 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  45 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/324-policy.json                       |  14 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  90 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/326-policy.json                       |  14 +
 .../red/cloudfront.tf                         |  90 ++++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  75 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/327-policy.json                       |  13 +
 .../red/dms.tf                                |  75 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dynamodb.tf                         |  15 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/329-policy.json                       |  15 +
 .../red/dynamodb.tf                           |  10 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dynamodb.tf                         |  28 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/330-policy.json                       |  13 +
 .../red/dynamodb.tf                           |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  21 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/331-policy.json                       |  12 +
 .../green/ec2.tf                              |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/route_tables.tf                     |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  23 ++
 .../iam/332-policy.json                       |  12 +
 .../red/ec2.tf                                |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/route_tables.tf                       |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  23 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  23 ++
 .../iam/333-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  23 ++
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../red1/vpc.tf                               |   6 +
 .../green/acl.tf                              |  14 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/334-policy.json                       |  12 +
 .../red/acl.tf                                |   7 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/335-policy.json                       |  12 +
 .../red/ec2.tf                                |  39 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/336-policy.json                       |  13 +
 .../red/ecs.tf                                |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/efs.tf                              |  12 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/337-policy.json                       |  11 +
 .../ecc-aws-337-efs_in_backup_plan/red/efs.tf |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elastic_beanstalk.tf                |  21 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/338-policy.json                       |  13 +
 .../red/elastic_beanstalk.tf                  |  21 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/alb.tf                              |  42 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  32 ++
 .../iam/339-policy.json                       |  14 +
 .../red/alb.tf                                |  41 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  32 ++
 .../green/alb.tf                              |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/341-policy.json                       |  12 +
 .../red/alb.tf                                |  41 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/alb.tf                              |  68 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/342-policy.json                       |  13 +
 .../red/alb.tf                                |  68 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/emr.tf                              |  29 ++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 276 ++++++++++++++++++
 .../iam/343-policy.json                       |  13 +
 .../red/emr.tf                                |  31 ++
 .../red/iam.tf                                |  52 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 ++++
 .../green/es.tf                               |  20 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/344-policy.json                       |  14 +
 .../red/es.tf                                 |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/es.tf                               |  46 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/345-policy.json                       |  15 +
 .../red/es.tf                                 |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  52 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/346-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  22 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  17 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/347-policy.json                       |  10 +
 .../red/cluster.tf                            |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  25 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/348-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  23 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  26 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/349-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  41 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/350-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  38 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  46 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/351-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  38 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  24 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/353-policy.json                       |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  70 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/354-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  57 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  70 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/355-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  57 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  62 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/356-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  52 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/357-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  18 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/347-policy.json                       |  10 +
 .../red/cluster.tf                            |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  18 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/359-policy.json                       |  10 +
 .../red/cluster.tf                            |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  42 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/360-policy.json                       |  10 +
 .../red/cluster.tf                            |  28 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  26 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/361-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  26 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  16 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/362-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  15 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/363-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  16 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/364-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  16 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sns.tf                              |   4 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/368-policy.json                       |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/sns.tf                                |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  36 +++
 .../green/iam.tf                              |  23 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  32 ++
 .../iam/370-policy.json                       |  14 +
 .../red/ec2.tf                                |  18 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  36 +++
 .../green/iam.tf                              |  23 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  32 ++
 .../iam/371-policy.json                       |  13 +
 .../red/ec2.tf                                |  32 ++
 .../red/iam.tf                                |  23 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  32 ++
 .../green/ec2.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/372.json                              |  13 +
 .../red/ec2.tf                                |  25 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  44 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/373-policy.json                       |  13 +
 .../red/eks.tf                                |  43 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  18 ++
 .../red1/eks.tf                               |  43 +++
 .../red1/provider.tf                          |  19 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../red1/vpc.tf                               |  18 ++
 .../green/eks.tf                              |  44 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  47 +++
 .../iam/374-policy.json                       |  14 +
 .../red/eks.tf                                |  44 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  43 +++
 .../green/eks.tf                              |  51 ++++
 .../green/kms.tf                              |  33 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/375-policy.json                       |  13 +
 .../red/eks.tf                                |  43 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  22 ++
 .../green/ecr.tf                              |   4 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/376-policy.json                       |  13 +
 .../red/ecr.tf                                |   3 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecr.tf                              |   6 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/377-policy.json                       |  13 +
 .../red/ecr.tf                                |   3 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecr.tf                              |   7 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/378-policy.json                       |  13 +
 .../red/ecr.tf                                |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  34 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/379-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  34 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/380-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  29 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  34 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/381-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  31 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/382-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  31 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/383-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/384-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  26 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  31 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/385-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  26 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/386-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/387-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/388-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/389-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/390-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/391-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/392-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/393-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  27 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/transit_gateway.tf                  |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/394-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/transit_gateway.tf                    |   3 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/transit_gateway.tf                  |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/395-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/transit_gateway.tf                    |   3 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  84 ++++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/396-policy.json                       |  12 +
 .../red/api.tf                                |  41 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  41 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/397-policy.json                       |  12 +
 .../red/api.tf                                |  41 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  43 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/398-policy.json                       |  12 +
 .../red/api.tf                                |  41 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  11 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/400-policy.json                       |  12 +
 .../red/glue.tf                               |  10 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  17 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/401-policy.json                       |  15 +
 .../red/glue.tf                               |  10 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  22 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/402-policy.json                       |  12 +
 .../red/glue.tf                               |  18 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  22 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/403-policy.json                       |  12 +
 .../red/glue.tf                               |  18 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  22 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/404-policy.json                       |  12 +
 .../red/glue.tf                               |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/emr.tf                              |  67 +++++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  49 ++++
 .../iam/405-policy.json                       |  13 +
 .../red/emr.tf                                |  31 ++
 .../red/iam.tf                                |  52 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 ++++
 .../green/emr.tf                              |  30 ++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  45 +++
 .../iam/407-policy.json                       |  13 +
 .../green/emr.tf                              |  42 +++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  45 +++
 .../iam/408-policy.json                       |  13 +
 .../red/emr.tf                                |  32 ++
 .../red/iam.tf                                |  52 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 ++++
 .../green/internet-gateway.tf                 |   7 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/409-policy.json                       |  13 +
 .../red/internet-gateway.tf                   |   2 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpg.tf                              |   7 +
 .../iam/411-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpg.tf                                |   7 +
 .../green/elasticache.tf                      |   7 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/413-policy.json                       |  14 +
 .../red/elasticache.tf                        |   9 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |   8 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/414-policy.json                       |  13 +
 .../red/elasticache.tf                        |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  15 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/415-policy.json                       |  13 +
 .../red/elasticache.tf                        |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  16 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/416-policy.json                       |  10 +
 .../red/elasticache.tf                        |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  12 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  22 ++
 .../iam/418-policy.json                       |  13 +
 .../red/elasticache.tf                        |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  21 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  14 +
 .../iam/419-policy.json                       |  13 +
 .../red/elasticache.tf                        |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  15 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/420-policy.json                       |  14 +
 .../red/elasticache.tf                        |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/es.tf                               |  63 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/425-policy.json                       |  15 +
 .../red/es.tf                                 |  58 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  26 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |   9 +
 .../iam/427-policy.json                       |  14 +
 .../green/elasticsearch.tf                    |  47 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/429-policy.json                       |  18 ++
 .../red/elasticsearch.tf                      |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  41 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/430-policy.json                       |  10 +
 .../red/asg.tf                                |  43 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticsearch.tf                    |  16 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/431-policy.json                       |  14 +
 .../red/elasticsearch.tf                      |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticsearch.tf                    |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/432-policy.json                       |  14 +
 .../red/elasticsearch.tf                      |   9 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  34 +++
 .../green/elb.tf                              |  21 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/asg.tf                             |  33 +++
 .../green1/lb.tf                              |  16 +
 .../green1/provider.tf                        |  19 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/433-policy.json                       |  10 +
 .../red/asg.tf                                |  30 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/x-ray.tf                            |  33 +++
 .../iam/434-policy.json                       |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/x-ray.tf                              |   8 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  73 +++++
 .../green/workspace.tf                        |  51 ++++
 .../iam/435-policy.json                       |  14 +
 .../green/asg.tf                              |  42 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  20 ++
 .../iam/436-policy.json                       |  10 +
 .../red/asg.tf                                |  42 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/asg.tf                               |  43 +++
 .../red1/provider.tf                          |  19 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../red1/vpc.tf                               |  15 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  73 +++++
 .../green/workspace.tf                        |  47 +++
 .../iam/437-policy.json                       |  13 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  73 +++++
 .../red/workspace.tf                          |  58 ++++
 .../green/asg.tf                              |  41 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  19 ++
 .../iam/438-policy.json                       |  23 ++
 .../red/asg.tf                                |  54 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  14 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  72 +++++
 .../green/workspace.tf                        |  52 ++++
 .../iam/439-policy.json                       |  13 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  72 +++++
 .../red/workspace.tf                          |  51 ++++
 .../green/backup_plan.tf                      |  18 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/440-policy.json                       |  14 +
 .../red/backup_plan.tf                        |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/backup_plan.tf                      |  14 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/442-policy.json                       |  16 +
 .../red/backup_plan.tf                        |   3 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/distribution.tf                     |  64 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/444-policy.json                       |  13 +
 .../red/distribution.tf                       |  64 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/445-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sqs.tf                              |  60 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/447-policy.json                       |  16 +
 .../red/provider.tf                           |  19 ++
 .../red/sqs.tf                                |  28 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |  11 +
 .../green/cloudfront.tf                       | 102 +++++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/448-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sqs.tf                              |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/449-policy.json                       |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/sqs.tf                                |  26 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  19 ++
 .../red1/sqs.tf                               |  28 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/451-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudtrail.tf                       |  61 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/452-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |  65 +++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/event_bus.tf                        |  26 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/453-policy.json                       |  13 +
 .../red/event_bus.tf                          |  26 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/454-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  31 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  31 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/455-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  31 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/457-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glacier_vault.tf                    |  26 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/458-policy.json                       |  14 +
 .../red/glacier_vault.tf                      |  20 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/config.tf                           |  26 ++
 .../green/iam.tf                              |  48 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/459-policy.json                       |  14 +
 .../red/config.tf                             |  23 ++
 .../red/iam.tf                                |  56 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  11 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/461-policy.json                       |  13 +
 .../ecc-aws-461-dms_latest_version/red/dms.tf |  14 +
 .../ecc-aws-461-dms_latest_version/red/iam.tf |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sagemaker.tf                        |  39 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/464-policy.json                       |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/sagemaker.tf                          |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  12 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/469-policy.json                       |  13 +
 .../red/dms.tf                                |  14 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  45 +++
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/470-policy.json                       |  16 +
 .../red/dms.tf                                |  13 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/471-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/472-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/473-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/474-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/475-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/476-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/477-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  32 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/478-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  32 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/479-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/480-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/481-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  34 +++
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  20 ++
 .../iam/482-policy.json                       |  13 +
 .../red/dms.tf                                |  14 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |  42 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/487-policy.json                       |  13 +
 .../red/ebs.tf                                |   9 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |  12 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/488-policy.json                       |  12 +
 .../red/ebs.tf                                |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |  25 ++
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/489-policy.json                       |  13 +
 .../ecc-aws-489-unused_ebs_volumes/red/ebs.tf |   4 +
 .../red/provider.tf                           |  21 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  33 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/490-policy.json                       |  14 +
 .../red/ec2.tf                                |  10 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/492-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  33 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  73 +++++
 .../green/workspace.tf                        |  52 ++++
 .../iam/493-policy.json                       |  13 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  57 ++++
 .../green/workspace.tf                        |  25 ++
 .../iam/494-policy.json                       |  13 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  57 ++++
 .../red/workspace.tf                          |  29 ++
 .../green/fsx.tf                              |  22 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/495-policy.json                       |  16 +
 .../red/fsx.tf                                |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  18 ++
 .../green/iam.tf                              |  39 +++
 .../green/kinesis.tf                          |  12 +
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/iam.tf                             |  81 +++++
 .../green1/kinesis.tf                         |  19 ++
 .../green1/provider.tf                        |  20 ++
 .../green1/s3.tf                              |  13 +
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/496-policy.json                       |  14 +
 .../red/iam.tf                                |  39 +++
 .../red/kinesis.tf                            |   9 +
 .../red/provider.tf                           |  20 ++
 .../red/s3.tf                                 |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.py                             |   9 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  60 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/497-policy.json                       |  13 +
 .../red/func.py                               |   9 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  51 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sagemaker.tf                        |  54 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/499-policy.json                       |  17 ++
 .../red/provider.tf                           |  20 ++
 .../red/sagemaker.tf                          |  39 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/encryption.tf                       |  31 ++
 .../green/func.py                             |   8 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  58 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/500-policy.json                       |  16 +
 .../red/func.py                               |   9 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  57 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sagemaker.tf                        |  25 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/501-policy.json                       |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/sagemaker.tf                          |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/502-policy.json                       |   0
 .../red/mq.tf                                 |  18 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  38 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/503-policy.json                       |  14 +
 .../red/mq.tf                                 |  28 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sagemaker.tf                        |  28 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/504-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/sagemaker.tf                          |  28 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/register-domain.json                |  41 +++
 .../green/route53.tf                          |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/505-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/register-domain.json                  |  41 +++
 .../red/route53.tf                            |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/506-policy.json                       |  14 +
 .../red/mq.tf                                 |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/register-domain.json                |  41 +++
 .../green/route53.tf                          |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/507-policy.json                       |  13 +
 .../green/mq.tf                               |  20 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  38 +++
 .../iam/508-policy.json                       |  14 +
 .../red/mq.tf                                 |  20 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  32 ++
 .../green/error.html                          |   9 +
 .../green/index.html                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/route53.tf                          |  53 ++++
 .../green/s3.tf                               |  57 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/510-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/route53.tf                            |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kms.tf                              |  31 ++
 .../green/msk.tf                              |  23 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  29 ++
 .../iam/511-policy.json                       |  15 +
 .../red/msk.tf                                |  20 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  29 ++
 .../green/msk.tf                              |  26 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  29 ++
 .../iam/512-policy.json                       |  12 +
 .../red/msk.tf                                |  26 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/route53.tf                          |  36 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/513-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/route53.tf                            |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/msk.tf                              |  32 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  29 ++
 .../iam/514-policy.json                       |  12 +
 .../red/msk.tf                                |  20 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  29 ++
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  52 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/515-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sns.tf                              |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/368-policy.json                       |  16 +
 .../red/provider.tf                           |  19 ++
 .../red/sns.tf                                |   4 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  19 ++
 .../red1/sns.tf                               |   3 +
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/redshift.tf                         |  33 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/517-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  15 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/519-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/redshift.tf                         |  50 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/520-policy.json                       |  15 +
 .../red/provider.tf                           |  20 ++
 .../red/redshift.tf                           |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  25 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/521-policy.json                       |  13 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/register-domain.json                |  41 +++
 .../green/route53.tf                          |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/522-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/register-domain.json                  |  41 +++
 .../red/route53.tf                            |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  56 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/524-policy.json                       |  12 +
 .../red/api.tf                                |  60 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs-exec-task-role-policy.json      |  52 ++++
 .../green/ecs.tf                              |  69 +++++
 .../green/iam.tf                              |  54 ++++
 .../green/kms-policy.json                     |  34 +++
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  37 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  50 ++++
 .../iam/525-policy.json                       |  13 +
 .../red/ecs-exec-task-role-policy.json        |  31 ++
 .../red/ecs.tf                                |  64 ++++
 .../red/iam.tf                                |  81 +++++
 .../red/provider.tf                           |  20 ++
 .../red/s3.tf                                 |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  50 ++++
 .../green/api.tf                              |  66 +++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/526-policy.json                       |  12 +
 .../red/api.tf                                |  60 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  64 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/527-policy.json                       |  16 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/kinesis.tf                          |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/528-policy.json                       |  15 +
 .../red/kinesis.tf                            |   5 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |   7 +
 .../iam/531-policy.json                       |  12 +
 .../red/asg.tf                                |  16 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  18 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/532-policy.json                       |  15 +
 .../red/glue.tf                               |  17 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/fsx.tf                              |  19 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  10 +
 .../iam/537-policy.json                       |  12 +
 .../red/fsx.tf                                |  11 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  10 +
 .../green/directory_service.tf                |  14 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  42 +++
 .../iam/538-policy.json                       |  14 +
 .../red/directory_service.tf                  |  11 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  42 +++
 .../green/fsx.tf                              |  10 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/539-policy.json                       |  12 +
 .../red/fsx.tf                                |  10 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  18 ++
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  57 ++++
 .../green/workspace.tf                        |  25 ++
 .../iam/542-policy.json                       |  13 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  57 ++++
 .../red/workspace.tf                          |  25 ++
 .../green/cloudtrail.tf                       |  64 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/547-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |  60 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |  25 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  86 ++++++
 .../green/workspace.tf                        |  64 ++++
 .../iam/548-policy.json                       |  15 +
 .../red/iam.tf                                |  25 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  86 ++++++
 .../red/workspace.tf                          |  51 ++++
 .../green/ami.tf                              |  19 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/550-policy.json                       |  12 +
 .../red/ami.tf                                |  19 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |   4 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/551-policy.json                       |   0
 .../red/ebs.tf                                |   4 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/552-policy.json                       |  12 +
 .../red/ebs.tf                                |  10 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eip.tf                              |   7 +
 .../green/provider.tf                         |  13 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/533-policy.json                       |  12 +
 .../red/eip.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eni.tf                              |  14 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/555-policy.json                       |  14 +
 .../red/eni.tf                                |  14 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ig.tf                               |   6 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/556-policy.json                       |  12 +
 .../red/ig.tf                                 |   6 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ng.tf                               |  17 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/557-policy.json                       |  12 +
 .../red/ng.tf                                 |  17 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/acl.tf                              |   7 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/558-policy.json                       |  12 +
 .../red/acl.tf                                |   7 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rt.tf                               |   7 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/559-policy.json                       |  12 +
 .../red/provider.tf                           |  13 +
 .../red/rt.tf                                 |   7 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/sg.tf                               |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/560-policy.json                       |  12 +
 .../red/provider.tf                           |  13 +
 .../red/sg.tf                                 |   8 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/subnet.tf                           |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/561-policy.json                       |  12 +
 .../red/provider.tf                           |  13 +
 .../red/subnet.tf                             |   8 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/tg.tf                               |   1 +
 .../green/variables.tf                        |   9 +
 .../iam/562-policy.json                       |  12 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/tg.tf                                 |   1 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/tg.tf                               |  15 +
 .../green/variables.tf                        |   9 +
 .../iam/563-policy.json                       |  13 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/tg.tf                                 |  15 +
 .../red/variables.tf                          |   9 +
 .../green/pc.tf                               |  16 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/564-policy.json                       |  12 +
 .../red/pc.tf                                 |  16 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |   3 +
 .../iam/565-policy.json                       |  11 +
 .../red/provider.tf                           |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |   3 +
 .../green/endpoint.tf                         |   8 +
 .../green/provider.tf                         |  21 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/566-policy.json                       |  13 +
 .../red/endpoint.tf                           |   8 +
 .../red/provider.tf                           |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/acm.tf                              |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/567-policy.json                       |  14 +
 .../red/acm.tf                                |   8 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/568-bucket-file.csv                 |   3 +
 .../green/appflow.tf                          |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  52 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/568-policy.json                       |  13 +
 .../red/568-bucket-file.csv                   |   3 +
 .../red/appflow.tf                            |  41 +++
 .../red/provider.tf                           |  13 +
 .../red/s3.tf                                 |  52 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  41 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/569-policy.json                       |  12 +
 .../red/asg.tf                                |  30 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudformation.tf                   |  30 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/574-policy.json                       |  12 +
 .../red/cloudformation.tf                     |  30 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  44 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/575-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudtrail.tf                       |  51 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/578-policy.json                       |  14 +
 .../red/cloudtrail.tf                         |  53 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/codebuild.tf                        |  68 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/580-policy.json                       |  14 +
 .../red/codebuild.tf                          |  68 +++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/dynamodb.tf                         |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/582-policy.json                       |  13 +
 .../red/dax.tf                                |  24 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dlm.tf                              |  79 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/583-policy.json                       |  13 +
 .../red/dlm.tf                                |  82 ++++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/dms.tf                              |  12 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/584-policy.json                       |  13 +
 .../red/dms.tf                                |  14 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/585-policy.json                       |  14 +
 .../red/ecs.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  58 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/586-policy.json                       |  14 +
 .../red/eks.tf                                |  59 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/efs.tf                              |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/587-policy.json                       |  13 +
 .../red/efs.tf                                |   3 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  13 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/588-policy.json                       |  13 +
 .../red/elasticache.tf                        |  12 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elastic_beanstalk.tf                |  21 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/590-policy.json                       |  13 +
 .../red/elastic_beanstalk.tf                  |  21 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elb.tf                              |  40 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/591-policy.json                       |  14 +
 .../red/elb.tf                                |  40 +++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/emr.tf                              |  36 +++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  49 ++++
 .../iam/592-policy.json                       |  13 +
 .../red/emr.tf                                |  36 +++
 .../red/iam.tf                                |  52 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 ++++
 .../green/elasticsearch.tf                    |   8 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/593-policy.json                       |  14 +
 .../red/elasticsearch.tf                      |   8 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/fsx.tf                              |  10 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  13 +
 .../iam/596-policy.json                       |  12 +
 .../red/fsx.tf                                |   9 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  13 +
 .../green/fsx.tf                              |  14 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/597-policy.json                       |  12 +
 .../red/fsx.tf                                |  14 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  18 ++
 .../green/glacier_vault.tf                    |  20 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/599-policy.json                       |  13 +
 .../red/glacier_vault.tf                      |  20 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |   8 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/s3.tf                               |  21 ++
 .../green/script.py                           |  44 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/600-policy.json                       |  14 +
 .../red/glue.tf                               |   8 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  13 +
 .../red/s3.tf                                 |  21 ++
 .../red/script.py                             |  44 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/user.tf                             |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/608-policy.json                       |  14 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/user.tf                               |   3 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/role.tf                             |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/609-policy.json                       |  14 +
 .../red/provider.tf                           |  13 +
 .../red/role.tf                               |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/msk.tf                              |  20 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  29 ++
 .../iam/611-policy.json                       |  12 +
 .../red/msk.tf                                |  20 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  29 ++
 .../green/kinesis.tf                          |   4 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/613-policy.json                       |  14 +
 .../red/kinesis.tf                            |   4 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kms.tf                              |  33 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/615-policy.json                       |  15 +
 .../red/kms.tf                                |  32 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.py                             |   8 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  51 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/616-policy.json                       |  14 +
 .../red/func.py                               |   9 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  51 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/lightsail.tf                        |  17 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/617-policy.json                       |  12 +
 .../red/lightsail.tf                          |  17 ++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/log_group.tf                        |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/618-policy.json                       |  14 +
 .../red/log_group.tf                          |   3 +
 .../red/provider.tf                           |  14 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  17 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/619-policy.json                       |  14 +
 .../red/mq.tf                                 |  15 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  50 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/620-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/provider.tf                         |  20 ++
 .../green/qldb.tf                             |   5 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/624-policy.json                       |  14 +
 .../red/provider.tf                           |  13 +
 .../red/qldb.tf                               |   5 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  16 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/625-policy.json                       |  10 +
 .../red/cluster.tf                            |  16 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  25 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/626-policy.json                       |  13 +
 .../red/provider.tf                           |  13 +
 .../red/rds.tf                                |  25 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  16 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/627-policy.json                       |  12 +
 .../red/provider.tf                           |  13 +
 .../red/redshift.tf                           |  16 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sagemaker.tf                        |  24 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/630-policy.json                       |  14 +
 .../red/provider.tf                           |  13 +
 .../red/sagemaker.tf                          |  24 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sns.tf                              |   3 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/632-policy.json                       |  16 +
 .../red/provider.tf                           |  13 +
 .../red/sns.tf                                |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sqs.tf                              |   7 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/633-policy.json                       |  14 +
 .../red/provider.tf                           |  13 +
 .../red/sqs.tf                                |   7 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  31 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/638-policy.json                       |  14 +
 .../red/mq.tf                                 |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/639-policy.json                       |  14 +
 .../red/mq.tf                                 |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/mq.tf                               |  56 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/640-policy.json                       |  17 ++
 .../red/mq.tf                                 |  22 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kinesis.tf                          |   7 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/641-policy.json                       |  14 +
 .../red/kinesis.tf                            |   4 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/qldb.tf                             |   4 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/643-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/qldb.tf                               |   4 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/qldb.tf                             |   5 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/644-policy.json                       |  14 +
 .../red/provider.tf                           |  21 ++
 .../red/qldb.tf                               |   5 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  57 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/652-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  57 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/653-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  57 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/654-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  57 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/655-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  57 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/656-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/657-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  23 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/664-policy.json                       |  13 +
 .../red/elasticache.tf                        |   7 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elasticache.tf                      |  13 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/665-policy.json                       |  13 +
 .../red/elasticache.tf                        |   8 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/emr.tf                              |  37 +++
 .../green/iam.tf                              |  52 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  49 ++++
 .../iam/669-policy.json                       |  13 +
 .../red/emr.tf                                |  37 +++
 .../red/iam.tf                                |  52 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 ++++
 .../green/glue.tf                             |  10 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/s3.tf                               |  21 ++
 .../green/script.py                           |  44 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/672-policy.json                       |  14 +
 .../red/glue.tf                               |   8 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/s3.tf                                 |  21 ++
 .../red/script.py                             |  44 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/function.zip                        | Bin 0 -> 274 bytes
 .../green/function/lambda_function.py         |   7 +
 .../green/iam.tf                              |  47 +++
 .../green/lambda.tf                           |  17 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/677-policy.json                       |  14 +
 .../red/function.zip                          | Bin 0 -> 274 bytes
 .../red/function/lambda_function.py           |   7 +
 .../red/iam.tf                                |  37 +++
 .../red/lambda.tf                             |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/function/lambda_function.py         |  20 ++
 .../green/iam.tf                              |  51 ++++
 .../green/kms.tf                              |  13 +
 .../green/lambda.tf                           |  34 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/679-policy.json                       |  14 +
 .../red/function/lambda_function.py           |  20 ++
 .../red/iam.tf                                |  41 +++
 .../red/lambda.tf                             |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  51 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/680-policy.json                       |  13 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  51 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.py                             |   8 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  52 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/681-policy.json                       |  16 +
 .../red/func.py                               |   9 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  52 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  14 +
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |   9 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/690-policy.json                       |  13 +
 .../red/ecs.tf                                |   3 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/fsx.tf                              |  26 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  10 +
 .../green1/fsx.tf                             |  45 +++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../green1/vpc.tf                             |  10 +
 .../iam/691-policy.json                       |  12 +
 .../red/fsx.tf                                |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  10 +
 .../green/fsx.tf                              |  14 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  10 +
 .../iam/692-policy.json                       |  12 +
 .../red/fsx.tf                                |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  10 +
 .../green/fsx.tf                              |  30 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  10 +
 .../iam/693-policy.json                       |  12 +
 .../red/fsx.tf                                |  29 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  10 +
 .../green/alb.tf                              |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/696-policy.json                       |  14 +
 .../red/alb.tf                                |  41 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/api.tf                              |  52 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/697-policy.json                       |  12 +
 .../red/api.tf                                |  52 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   3 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  40 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/702-policy.json                       |  10 +
 .../red/asg.tf                                |  41 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  20 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/703-policy.json                       |  12 +
 .../red/asg.tf                                |  15 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elb.tf                              |  13 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/707-policy.json                       |  15 +
 .../red/elb.tf                                |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../ecc-aws-708-clb-multiple_az/green/elb.tf  |  11 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/708-policy.json                       |  14 +
 .../ecc-aws-708-clb-multiple_az/red/elb.tf    |  11 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elb.tf                              |  14 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/709-policy.json                       |  15 +
 .../red/elb.tf                                |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudformation.tf                   |  34 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/710-policy.json                       |  12 +
 .../red/cloudformation.tf                     |  29 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  77 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/cloudfront.tf                      |  74 +++++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/712-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  77 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/log_group.tf                        |  36 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/715-policy.json                       |  16 +
 .../red/log_group.tf                          |   3 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/codebuild.tf                        |  71 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/717-policy.json                       |  14 +
 .../red/codebuild.tf                          |  71 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/codebuild.tf                        |  69 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/718-policy.json                       |  14 +
 .../red/codebuild.tf                          |  69 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/codebuild.tf                        |  74 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/719-policy.yml                        |  14 +
 .../red/codebuild.tf                          |  68 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/codebuild.tf                        |  75 +++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/codebuild.tf                       |  70 +++++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/720-policy.json                       |  14 +
 .../red/codebuild.tf                          |  75 +++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/codedeploy.tf                       |  96 ++++++
 .../green/iam.tf                              |  64 ++++
 .../green/lambda.tf                           |  41 +++
 .../green/lambda_function_v1.py               |   8 +
 .../green/lambda_function_v2.py               |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/721-policy.json                       |  15 +
 .../red/codedeploy.tf                         |  60 ++++
 .../red/iam.tf                                |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/codedeploy.tf                        |  52 ++++
 .../red1/iam.tf                               |  24 ++
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/codedeploy.tf                       |  32 ++
 .../green/iam.tf                              |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/723-policy.json                       |  15 +
 .../red/codedeploy.tf                         |  19 ++
 .../red/iam.tf                                |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/codepipeline.tf                     | 161 ++++++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   3 +
 .../green/variables.tf                        |  14 +
 .../iam/724-policy.json                       |  15 +
 .../red/codepipeline.tf                       | 143 +++++++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   5 +
 .../red/variables.tf                          |  24 ++
 .../green/log_group.tf                        |   4 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/725-policy.json                       |  14 +
 .../red/log_group.tf                          |   4 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/734-policy.json                       |  12 +
 .../red/ec2.tf                                |  17 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ec2.tf                              |  22 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/739-policy.json                       |  12 +
 .../red/ec2.tf                                |  22 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/transit_gateway.tf                  |   3 +
 .../green/variables.tf                        |   9 +
 .../iam/740-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/transit_gateway.tf                    |   3 +
 .../red/variables.tf                          |   9 +
 .../green/ecr.tf                              |  27 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/741-policy.json                       |  14 +
 .../red/ecr.tf                                |   3 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  41 +++
 .../green/provider.tf                         |  20 ++
 .../green/route_tables.tf                     |  31 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  28 ++
 .../iam/744-policy.json                       |  15 +
 .../red/ecs.tf                                |  41 +++
 .../red/provider.tf                           |  20 ++
 .../red/route_tables.tf                       |  31 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  28 ++
 .../green/ecs.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/745-policy.json                       |  13 +
 .../red/ecs.tf                                |  28 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/746-policy.json                       |  13 +
 .../red/ecs.tf                                |  28 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/eks.tf                              |  58 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/751-policy.json                       |  13 +
 .../green/alb.tf                              |   7 +
 .../green/glb.tf                              |   6 +
 .../green/nlb.tf                              |   6 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  18 ++
 .../iam/755-policy.json                       |  13 +
 .../ecc-aws-755-elbv2_multiple_az/red/glb.tf  |   6 +
 .../ecc-aws-755-elbv2_multiple_az/red/nlb.tf  |   6 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../ecc-aws-755-elbv2_multiple_az/red/vpc.tf  |  13 +
 .../green/group.tf                            |  18 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/760-policy.json                       |  14 +
 .../red/group.tf                              |   5 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  63 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  28 ++
 .../iam/762-policy.json                       |  14 +
 .../red/func.zip                              | Bin 0 -> 299 bytes
 .../red/lambda.tf                             |  62 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  28 ++
 .../green/es.tf                               |  53 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/769-policy.json                       |  15 +
 .../red/es.tf                                 |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/770-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cluster.tf                          |  16 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/771-policy.json                       |  10 +
 .../red/cluster.tf                            |  16 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/rds.tf                              |  18 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/773-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/rds.tf                                |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  15 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/776-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/redshift.tf                         |  15 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/777-policy.json                       |  12 +
 .../red/provider.tf                           |  19 ++
 .../red/redshift.tf                           |  15 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/sns.tf                              |  47 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/780-policy.json                       |  14 +
 .../red/provider.tf                           |  19 ++
 .../red/sns.tf                                |   3 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/code.py                             |  62 ++++
 .../green/iam.tf                              |  62 ++++
 .../green/mwaa.tf                             |  50 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              | 141 +++++++++
 .../iam/787-policy.json                       |  13 +
 .../red/code.py                               |  62 ++++
 .../red/iam.tf                                |  62 ++++
 .../red/mwaa.tf                               |  49 ++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                | 141 +++++++++
 .../green/dax.tf                              |  25 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/800-policy.json                       |  13 +
 .../red/dax.tf                                |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/elb.tf                              |  47 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/808-policy.json                       |  15 +
 .../red/elb.tf                                |  47 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/alb.tf                              |  40 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/809-policy.json                       |  13 +
 .../red/alb.tf                                |  57 ++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/acm.tf                              |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/821-policy.json                       |  14 +
 .../red/acm.tf                                |  24 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/iam.tf                              |   8 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/835-policy.json                       |  17 ++
 .../red/iam.tf                                |   8 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/security-hub.tf                     |   8 +
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/897-policy.json                       |  14 +
 .../red/provider.tf                           |  20 ++
 .../red/security_hub.tf                       |   7 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.py                             |   8 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  59 ++++
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  58 ++++
 .../green/sns.tf                              |  18 ++
 .../green/sqs.tf                              |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/899-policy.json                       |  22 ++
 .../red/provider.tf                           |  20 ++
 .../red/s3.tf                                 |   8 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/902-policy.json                       |  10 +
 .../green/asg.tf                              |  20 ++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/904-policy.json                       |  12 +
 .../red/asg.tf                                |  20 ++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  27 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/906-policy.json                       |  13 +
 .../red/ecs.tf                                |  27 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ecs.tf                              |  33 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/907-policy.json                       |  13 +
 .../red/ecs.tf                                |  40 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kms.tf                              |  33 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/911-policy.json                       |  16 +
 .../red/kms.tf                                |  34 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/waf.tf                              |  80 +++++
 .../iam/917-policy.json                       |  13 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/waf.tf                                |   9 +
 .../green/acm.tf                              |  11 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/922-policy.json                       |  14 +
 .../red/acm.tf                                |  11 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/distribution.tf                     |  86 ++++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/938-policy.json                       |  13 +
 .../red/distribution.tf                       |  86 ++++++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/ebs.tf                              |   3 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/939-policy.json                       |  14 +
 .../red/ebs.tf                                |   3 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/acm.tf                              |  25 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/948-policy.json                       |  14 +
 .../red/acm.tf                                |  25 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/key-pair.tf                         |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/949-policy.json                       |  13 +
 .../red/key-pair.tf                           |   9 +
 .../red/provider.tf                           |  13 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/asg.tf                              |  29 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/asg.tf                             |  29 ++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/950-policy.json                       |  12 +
 .../red/asg.tf                                |  30 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/lb.tf                               |  38 +++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/lb.tf                              |  38 +++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../green2/lb.tf                              |  11 +
 .../green2/provider.tf                        |  20 ++
 .../green2/terraform.tfvars                   |   2 +
 .../green2/variables.tf                       |   9 +
 .../iam/951-policy.json                       |  13 +
 .../red/iam.tf                                |  36 +++
 .../red/lb.tf                                 |  12 +
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/func.zip                            | Bin 0 -> 299 bytes
 .../green/lambda.tf                           |  51 ++++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/953-policy.json                       |  14 +
 .../green/ecs.tf                              |  24 ++
 .../green/provider.tf                         |  20 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/ecs.tf                             |  29 ++
 .../green1/provider.tf                        |  20 ++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/955-policy.json                       |  13 +
 .../red/ecs.tf                                |  22 ++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/ecs.tf                               |  29 ++
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/cloudfront.tf                       |  45 +++
 .../green/error.html                          |   9 +
 .../green/index.html                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  50 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/cloudfront.tf                      |  42 +++
 .../green1/error.html                         |   9 +
 .../green1/index.html                         |   9 +
 .../green1/provider.tf                        |  20 ++
 .../green1/s3.tf                              |  70 +++++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/958-policy.json                       |  14 +
 .../red/cloudfront.tf                         |  45 +++
 .../red/error.html                            |   9 +
 .../red/index.html                            |   9 +
 .../red/provider.tf                           |  20 ++
 .../red/s3.tf                                 |  50 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/cloudfront.tf                       |  45 +++
 .../green/error.html                          |   9 +
 .../green/index.html                          |   9 +
 .../green/provider.tf                         |  20 ++
 .../green/s3.tf                               |  50 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/cloudfront.tf                      |  42 +++
 .../green1/error.html                         |   9 +
 .../green1/index.html                         |   9 +
 .../green1/provider.tf                        |  20 ++
 .../green1/s3.tf                              |  70 +++++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/961-policy.json                       |  13 +
 .../red/cloudfront.tf                         |  44 +++
 .../red/provider.tf                           |  20 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/cloudfront.tf                        |  59 ++++
 .../red1/provider.tf                          |  20 ++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/glue.tf                             |   9 +
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/s3.tf                               |  21 ++
 .../green/script.py                           |  44 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/962-policy.json                       |  14 +
 .../red/glue.tf                               |   9 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/s3.tf                                 |  21 ++
 .../red/script.py                             |  44 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/glue.tf                             |  17 ++
 .../green/iam.tf                              |  53 ++++
 .../green/provider.tf                         |  19 ++
 .../green/s3.tf                               |  21 ++
 .../green/script.py                           |  44 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/963-policy.json                       |  14 +
 .../red/glue.tf                               |   8 +
 .../red/iam.tf                                |  53 ++++
 .../red/provider.tf                           |  19 ++
 .../red/s3.tf                                 |  21 ++
 .../red/script.py                             |  44 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 4306 files changed, 71032 insertions(+)
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/iam.tf
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/provider.tf
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/variables.tf
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/iam/002-policy.json
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/iam.tf
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/provider.tf
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/variables.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/iam.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/iam/013-policy.json
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/iam.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/provider.tf
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/variables.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/provider.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/variables.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/vpc.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/iam/033-policy.json
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/provider.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/variables.tf
 create mode 100644 terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/vpc.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/rds.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/iam/083-policy.json
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/provider.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/rds.tf
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/variables.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/green/provider.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/green/rds.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/green/variables.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/iam/083-policy.json
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/red/provider.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/red/rds.tf
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-083-rds_high-availability_zone/red/variables.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/certificate.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/provider.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/variables.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/iam/086-policy.json
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/certificate.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/provider.tf
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/variables.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/certificate.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/provider.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/variables.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/iam/087-policy.json
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/certificate.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/provider.tf
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/variables.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/provider.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/variables.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/iam/090-policy.json
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/provider.tf
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/variables.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/lb.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/provider.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/variables.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/iam/092-policy.json
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/lb.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/provider.tf
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/variables.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green/lb.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green/provider.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green/variables.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green1/lb.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green1/provider.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/green1/variables.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/iam/093-policy.json
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/red/lb.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/red/provider.tf
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-093-clb_uses_https/red/variables.tf
 create mode 100644 terraform/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/iam/094-policy.json
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/iam.tf
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/provider.tf
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/variables.tf
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/iam/095-policy.json
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/iam.tf
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/provider.tf
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/variables.tf
 create mode 100644 terraform/ecc-aws-096-credentials_unused_for_45_days/green/iam.tf
 create mode 100644 terraform/ecc-aws-096-credentials_unused_for_45_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-096-credentials_unused_for_45_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-096-credentials_unused_for_45_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-096-credentials_unused_for_45_days/iam/096-policy.json
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/iam.tf
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/provider.tf
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/variables.tf
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/iam/097-policy.json
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/iam.tf
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/provider.tf
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/variables.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/green/iam.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/green/provider.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/green/variables.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/iam/098-policy.json
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/red/iam.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/red/provider.tf
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-098-iam_password_policy_password_reuse/red/variables.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/green/ec2.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/green/provider.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/green/variables.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/iam/099-policy.json
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/red/ec2.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/red/provider.tf
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-099-instance_without_any_tag/red/variables.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/green/lb.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/iam/101-policy.json
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/red/lb.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-101-clb_access_logging_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/sqs.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/iam/102-policy.json
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/sqs.tf
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/green/ec2.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/green/provider.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/green/variables.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/iam/103-policy.json
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/red/ec2.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/red/provider.tf
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-103-instance_without_deletion_protection/red/variables.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/green/provider.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/green/rds.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/green/variables.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/iam/105-policy.json
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/red/provider.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/red/rds.tf
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-105-rds_instance_with_no_backups/red/variables.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/provider.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/sg.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/variables.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/iam/109-policy.json
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/provider.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/sg.tf
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/variables.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/provider.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/sg.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/variables.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/iam/110-policy.json
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/provider.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/sg.tf
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/variables.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/provider.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/sg.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/variables.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/iam/111-policy.json
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/provider.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/sg.tf
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/variables.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/provider.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/sg.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/variables.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/iam/112-policy.json
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/provider.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/sg.tf
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/variables.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/provider.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/sg.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/variables.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/iam/113-policy.json
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/provider.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/sg.tf
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/variables.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/provider.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/sg.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/variables.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/iam/114-policy.json
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/provider.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/sg.tf
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/variables.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/provider.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/sg.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/variables.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/iam/115-policy.json
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/provider.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/sg.tf
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/variables.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/provider.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/sg.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/variables.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/iam/116-policy.json
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/provider.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/sg.tf
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/variables.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/provider.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/sg.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/variables.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/iam/117-policy.json
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/provider.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/sg.tf
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/variables.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/provider.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/sg.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/variables.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/iam/118-policy.json
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/provider.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/sg.tf
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/variables.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/provider.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/sg.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/variables.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/iam/119-policy.json
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/provider.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/sg.tf
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/variables.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/provider.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/sg.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/variables.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/iam/120-policy.json
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/provider.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/sg.tf
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/variables.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/provider.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/sg.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/variables.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/iam/121-policy.json
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/provider.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/sg.tf
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/variables.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/green/eks.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/green/provider.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/green/variables.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/iam/124-policy.json
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/red/eks.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/red/provider.tf
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-124-eks_cluster_version_latest/red/variables.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/green/rds.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/iam/140-policy.json
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/red/rds.tf
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-140-rds_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/iam.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/provider.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/variables.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/168-policy.json
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/iam.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/provider.tf
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/variables.tf
 create mode 100644 terraform/ecc-aws-169-ensure_no_root_account_access_key_exists/iam/169-policy.json
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/iam.tf
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/provider.tf
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/variables.tf
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/168-policy.json
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/iam.tf
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/provider.tf
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/variables.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/green/iam.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/green/provider.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/green/variables.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/171-policy.json
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/red/iam.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/red/provider.tf
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-171-iam_password_policy_one_symbol/red/variables.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/green/iam.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/green/provider.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/green/variables.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/iam/172-policy.json
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/red/iam.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/red/provider.tf
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-172-iam_password_policy_one_number/red/variables.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/green/iam.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/green/provider.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/green/variables.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/173-policy.json
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/red/iam.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/red/provider.tf
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-173-iam_password_min_length_ge_14/red/variables.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/iam.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/provider.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/variables.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/174-policy.json
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/report-filter.txt
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/iam.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/provider.tf
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/variables.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/iam/176-policy.json
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/provider.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/variables.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/iam/179-policy.json
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/provider.tf
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/variables.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/ec2.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/provider.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/variables.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/iam/181-policy.json
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/ec2.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/provider.tf
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/variables.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/green/config.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/green/iam.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/green/provider.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/green/variables.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/iam/183-policy.json
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red/config.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red/provider.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red/variables.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red1/config.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red1/iam.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red1/provider.tf
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-183-config_enabled_all_regions/red1/variables.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/encryption.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/iam.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/provider.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/variables.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/iam/184-policy.json
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/encryption.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/iam.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/provider.tf
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/variables.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/kms.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/iam/185-policy.json
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/kms.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/provider.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/sg.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/variables.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/iam/186-policy.json
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/provider.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/sg.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/variables.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/provider.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/sg.tf
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/variables.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/provider.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/sg.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/variables.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/iam/187-policy.json
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/provider.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/sg.tf
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/variables.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/provider.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/sg.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/variables.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/iam/188-policy.json
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/provider.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/sg.tf
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/variables.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/distribution.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/provider.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/variables.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/iam/190-policy.json
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/distribution.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/provider.tf
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/variables.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/eks.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/iam/191-policy.json
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/eks.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/green/provider.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/green/sg.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/green/variables.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/iam/196-policy.json
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/red/provider.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/red/sg.tf
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-196-unused_ec2_security_groups/red/variables.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/iam/197-policy.json
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/green/asg.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/green/provider.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/green/variables.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/iam/198-policy.json
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/red/asg.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/red/provider.tf
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-198-autoscaling_group_health_checks/red/variables.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/green/eip.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/green/provider.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/green/variables.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/iam/199-policy.json
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/red/eip.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/red/provider.tf
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-199-unused_eip_should_be_removed/red/variables.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/provider.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/variables.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/iam/200-policy.json
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/provider.tf
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/variables.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/provider.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/variables.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/iam/201-policy.json
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/provider.tf
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/variables.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/ebs.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/provider.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/variables.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/iam/203-policy.json
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/ebs.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/provider.tf
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/variables.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/cw.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/iam.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/provider.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/sns.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/trail.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/variables.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/iam/206-policy.json
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/cw.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/iam.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/provider.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/sns.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/trail.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/variables.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/cw.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/iam.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/provider.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/sns.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/trail.tf
 create mode 100644 terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/variables.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/green/provider.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/green/variables.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/iam/210-policy.json
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/red/provider.tf
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-210-cloud_front_waf_integration/red/variables.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/func.py
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/func.zip
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/lambda.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/provider.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/green/variables.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/iam/212-policy.json
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/func.py
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/func.zip
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/lambda.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/provider.tf
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-212-lambda_in_vpc/red/variables.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/redshift.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/iam/215-policy.json
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/redshift.tf
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/MessageUtil.zip
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/provider.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/variables.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/iam/218-policy.yml
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/MessageUtil.zip
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/provider.tf
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/variables.tf
 create mode 100644 terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/rds.tf
 create mode 100644 terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/iam/219-policy.json
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ec2.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/iam.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/provider.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ssm.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/variables.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/vpc.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/iam/221-policy.json
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ec2.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/iam.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/provider.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ssm.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/variables.tf
 create mode 100644 terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/vpc.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/green/ami.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-222-ami_public_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/iam/222-policy.json
 create mode 100644 terraform/ecc-aws-222-ami_public_access/red/ami.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-222-ami_public_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-222-ami_public_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/provider.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/variables.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/iam/223-policy.json
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/provider.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/variables.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/provider.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/sagemaker.tf
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/variables.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/provider.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/variables.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/vpc.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/iam/231-policy.json
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/provider.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/variables.tf
 create mode 100644 terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/vpc.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/iam/232-policy.json
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/iam/237-policy.json
 create mode 100644 terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/provider.tf
 create mode 100644 terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/variables.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/iam/238-policy.json
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/acm.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/provider.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/variables.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/iam/240-policy.json
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/acm.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/provider.tf
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/variables.tf
 create mode 100644 terraform/ecc-aws-241-acm_has_no_unused_certificates/iam/241-policy.json
 create mode 100644 terraform/ecc-aws-241-acm_has_no_unused_certificates/red/acm.tf
 create mode 100644 terraform/ecc-aws-241-acm_has_no_unused_certificates/red/provider.tf
 create mode 100644 terraform/ecc-aws-241-acm_has_no_unused_certificates/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-241-acm_has_no_unused_certificates/red/variables.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/provider.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/variables.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/iam/242-policy.json
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/provider.tf
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/variables.tf
 create mode 100644 terraform/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/iam/243-policy.json
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/alb.tf
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/provider.tf
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/variables.tf
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/iam/245-policy.json
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/alb.tf
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/provider.tf
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/variables.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/iam.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/provider.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/variables.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/iam/247-policy.json
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/iam.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/provider.tf
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/variables.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/eks.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/iam.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/provider.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/sg.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/variables.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/vpc.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/iam/248-policy.json
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/eks.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/iam.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/provider.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/sg.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/variables.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/vpc.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/eks.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/iam.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/provider.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/sg.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/variables.tf
 create mode 100644 terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/vpc.tf
 create mode 100644 terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/provider.tf
 create mode 100644 terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/variables.tf
 create mode 100644 terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/iam/249-policy.json
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/api.tf
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/provider.tf
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/variables.tf
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/iam/250-policy.json
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/api.tf
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/provider.tf
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/variables.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/green/api.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/green/provider.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/green/variables.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/iam/251-policy.json
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/red/api.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/red/provider.tf
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-251-api_key_is_required_on_method_request/red/variables.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/provider.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/variables.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/iam/253-policy.json
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/provider.tf
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/variables.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/provider.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/variables.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/iam/254-policy.json
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/provider.tf
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/variables.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/green/provider.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/green/sg.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/green/variables.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/iam/255-policy.json
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/red/provider.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/red/sg.tf
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-255-restrict_outbound_traffic/red/variables.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/dynamodb.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/iam/256-policy.json
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/dynamodb.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/green/efs.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/iam/257-policy.json
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/red/efs.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-257-efs_is_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/efs.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/iam/258-policy.json
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/efs.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/efs.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/provider.tf
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/variables.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/provider.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/variables.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/iam/259-policy.json
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/provider.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/variables.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/elasticache.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/provider.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/variables.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/elasticache.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/provider.tf
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/terraform.tfvars
 create mode 100644 terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/variables.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/green/redshift.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/iam/260-policy.json
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/red/redshift.tf
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-260-redshift_instances_are_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/rds.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/iam/261-policy.json
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/rds.tf
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/green/provider.tf
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/green/register-domain.json
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/green/route53.tf
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/green/variables.tf
 create mode 100644 terraform/ecc-aws-262-expired_route53_domain_names/iam/262-policy.json
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/green/alb.tf
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/green/provider.tf
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/green/variables.tf
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/iam/263-policy.json
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/red/alb.tf
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/red/provider.tf
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-263-enable_elb_access_logs/red/variables.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/nlb.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/provider.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/variables.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/iam/264-policy.json
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/nlb.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/provider.tf
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/variables.tf
 create mode 100644 terraform/ecc-aws-267-guardduty_service_is_enabled/green/gd.tf
 create mode 100644 terraform/ecc-aws-267-guardduty_service_is_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-267-guardduty_service_is_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-267-guardduty_service_is_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-267-guardduty_service_is_enabled/iam/267-policy.json
 create mode 100644 terraform/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/iam/272-policy.json
 create mode 100644 terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-276-iam_access_analyzer_is_enabled/iam/276-policy.json
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/iam.tf
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/provider.tf
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/variables.tf
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/iam/277-policy.json
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/iam.tf
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/provider.tf
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/variables.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/iam.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/provider.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/variables.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/iam/279-policy.json
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/iam.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/provider.tf
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/variables.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/green/ebs.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/green/provider.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/green/variables.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/iam/289-policy.json
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/red/ebs.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/red/provider.tf
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-289-ebs_volume_without_encrypt/red/variables.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/iam/291-policy.json
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-291-rds_public_access_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/api.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/provider.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/variables.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/iam/292-policy.json
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/api.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/provider.tf
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/variables.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/provider.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/sg.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/variables.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/provider.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/sg.tf
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/variables.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/green/elb.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/iam/294-policy.json
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/red/elb.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-294-clb_connection_draining_enabled/red/variables.tf
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/es.tf
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/provider.tf
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/terraform.tfvars
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/iam/295-policy.json
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/es.tf
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/provider.tf
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/terraform.tfvars
 create mode 100755 terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/es.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/provider.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/variables.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/iam/297-policy.json
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/es.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/provider.tf
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/variables.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/es.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/provider.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/variables.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/iam/298-policy.json
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/es.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/provider.tf
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/variables.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/provider.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/rds_cluster.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/variables.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/iam/299-policy.json
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/provider.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/rds_cluster.tf
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/variables.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/provider.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/rds.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/variables.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/iam/300-policy.json
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/provider.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/rds.tf
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/variables.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/iam/306-policy.json
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/ecs.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/provider.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/route_tables.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/variables.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/vpc.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/iam/308-policy.json
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/ecs.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/provider.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/route_tables.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/variables.tf
 create mode 100644 terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/vpc.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/provider.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/sg.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/variables.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/provider.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/sg.tf
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/variables.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/provider.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/sg.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/variables.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/provider.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/sg.tf
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/variables.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/provider.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/sg.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/variables.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/iam/312-policy.json
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/provider.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/sg.tf
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/variables.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/provider.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/sg.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/variables.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/provider.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/sg.tf
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/variables.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/provider.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/sg.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/variables.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/iam/314-policy.json
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/provider.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/sg.tf
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/variables.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/provider.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/sg.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/variables.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/iam/315-policy.json
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/provider.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/sg.tf
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/variables.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/provider.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/sg.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/variables.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/iam/316-policy.json
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/provider.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/sg.tf
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/variables.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/provider.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/sg.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/variables.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/iam/317-policy.json
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/provider.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/sg.tf
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/variables.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/cluster.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/provider.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/variables.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/iam/318-policy.json
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/cluster.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/provider.tf
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/variables.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/rds.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/iam/319-policy.json
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/rds.tf
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/snapshot.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/iam/320-policy.json
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/snapshot.tf
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/api.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/iam/322-policy.json
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/api.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/api.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/iam/323-policy.json
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/api.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/iam/324-policy.json
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/iam/326-policy.json
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/green/dms.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/green/provider.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/green/variables.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/iam/327-policy.json
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/red/dms.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/red/provider.tf
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-327-dms_replication_not_public/red/variables.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/dynamodb.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/iam/329-policy.json
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/dynamodb.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/dynamodb.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/iam/330-policy.json
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/dynamodb.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-331-ec2_stopped_instance/green/ec2.tf
 create mode 100644 terraform/ecc-aws-331-ec2_stopped_instance/green/provider.tf
 create mode 100644 terraform/ecc-aws-331-ec2_stopped_instance/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-331-ec2_stopped_instance/green/variables.tf
 create mode 100644 terraform/ecc-aws-331-ec2_stopped_instance/iam/331-policy.json
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/ec2.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/provider.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/route_tables.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/variables.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/green/vpc.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/iam/332-policy.json
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/ec2.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/provider.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/route_tables.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/variables.tf
 create mode 100644 terraform/ecc-aws-332-ec2_instance_no_public_ip/red/vpc.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/provider.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/variables.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/vpc.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/iam/333-policy.json
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/provider.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/variables.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/vpc.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/provider.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/variables.tf
 create mode 100644 terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/vpc.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/green/acl.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/green/provider.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/green/variables.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/iam/334-policy.json
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/red/acl.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/red/provider.tf
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-334-vpc_unsued_network_acl/red/variables.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/ec2.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/provider.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/variables.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/iam/335-policy.json
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/ec2.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/provider.tf
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/variables.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/ecs.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/provider.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/variables.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/iam/336-policy.json
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/ecs.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/provider.tf
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/variables.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/green/efs.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/green/provider.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/green/variables.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/iam/337-policy.json
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/red/efs.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/red/provider.tf
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-337-efs_in_backup_plan/red/variables.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/elastic_beanstalk.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/iam/338-policy.json
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/elastic_beanstalk.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/green/alb.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/green/provider.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/green/variables.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/green/vpc.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/iam/339-policy.json
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/red/alb.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/red/provider.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/red/variables.tf
 create mode 100644 terraform/ecc-aws-339-alb_drop_invalid_http_header/red/vpc.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/green/alb.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/iam/341-policy.json
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/red/alb.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-341-elb_deletion_protection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/alb.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/iam/342-policy.json
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/alb.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/emr.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/iam.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/provider.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/variables.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/vpc.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/iam/343-policy.json
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/emr.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/iam.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/provider.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/variables.tf
 create mode 100644 terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/vpc.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/es.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/iam/344-policy.json
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/es.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/es.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/iam/345-policy.json
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/es.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/iam/346-policy.json
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/cluster.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/iam/347-policy.json
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/cluster.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/iam/348-policy.json
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/iam/349-policy.json
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-349-rds_oracle_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/iam/350-policy.json
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/iam/351-policy.json
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-351-rds_mysql_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/iam/353-policy.json
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/iam/354-policy.json
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-354-rds_aurora_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/iam/355-policy.json
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/iam/356-policy.json
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/rds.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/iam/357-policy.json
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/rds.tf
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/cluster.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/iam/347-policy.json
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/cluster.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/cluster.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/iam/359-policy.json
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/cluster.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/cluster.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/iam/360-policy.json
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/cluster.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/redshift.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/iam/361-policy.json
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/redshift.tf
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/iam/362-policy.json
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/iam/364-policy.json
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/green/sns.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/iam/368-policy.json
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/red/sns.tf
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-368-sns_kms_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/ec2.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/iam.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/provider.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/variables.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/vpc.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/iam/370-policy.json
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/ec2.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/provider.tf
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/variables.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/ec2.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/iam.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/vpc.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/iam/371-policy.json
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/ec2.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/iam.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/vpc.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/ec2.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/iam/372.json
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/ec2.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/eks.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/iam/373-policy.json
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/eks.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/eks.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/provider.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/variables.tf
 create mode 100644 terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/vpc.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/eks.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/provider.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/variables.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/vpc.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/iam/374-policy.json
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/eks.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/provider.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/variables.tf
 create mode 100644 terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/vpc.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/eks.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/kms.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/green/vpc.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/iam/375-policy.json
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/red/eks.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-375-eks_secrets_encrypted/red/vpc.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/green/ecr.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/green/provider.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/green/variables.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/iam/376-policy.json
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/red/ecr.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/red/provider.tf
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-376-ecr_immutable_image_tags/red/variables.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/ecr.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/iam/377-policy.json
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/ecr.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/ecr.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/iam/378-policy.json
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/ecr.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/provider.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/rds.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/variables.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/iam/379-policy.json
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/provider.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/rds.tf
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/variables.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/rds.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/iam/380-policy.json
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/rds.tf
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/iam/381-policy.json
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/iam/382-policy.json
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/iam/383-policy.json
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/iam/384-policy.json
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/iam/385-policy.json
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/iam/386-policy.json
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/rds.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/iam/387-policy.json
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/rds.tf
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/iam/388-policy.json
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/rds.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/iam/389-policy.json
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/rds.tf
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/provider.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/rds.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/variables.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/iam/390-policy.json
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/provider.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/rds.tf
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/variables.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/iam/391-policy.json
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/iam/392-policy.json
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/iam/393-policy.json
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/iam/394-policy.json
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/iam/395-policy.json
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/api.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/provider.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/variables.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/iam/396-policy.json
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/api.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/provider.tf
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/variables.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/api.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/iam/397-policy.json
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/api.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/api.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/iam/398-policy.json
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/api.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/glue.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/provider.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/variables.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/iam/400-policy.json
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/glue.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/provider.tf
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/variables.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/glue.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/provider.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/variables.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/iam/401-policy.json
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/glue.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/provider.tf
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/variables.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/glue.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/iam/402-policy.json
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/glue.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/glue.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/iam/403-policy.json
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/glue.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/green/glue.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/iam/404-policy.json
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/red/glue.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-404-glue_s3_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/emr.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/iam/405-policy.json
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/emr.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/emr.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/iam.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/provider.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/variables.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/green/vpc.tf
 create mode 100644 terraform/ecc-aws-407-emr_clusters_in_vpc/iam/407-policy.json
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/emr.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/iam/408-policy.json
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/emr.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/green/internet-gateway.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/green/provider.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/green/variables.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/iam/409-policy.json
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/red/internet-gateway.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/red/provider.tf
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-409-vpc_unused_internet_gateway/red/variables.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/green/provider.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/green/variables.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/green/vpg.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/iam/411-policy.json
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/red/provider.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/red/variables.tf
 create mode 100644 terraform/ecc-aws-411-unused_virtual_private_gateways/red/vpg.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/provider.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/variables.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/iam/413-policy.json
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/provider.tf
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/variables.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/green/provider.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/green/variables.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/iam/414-policy.json
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/red/provider.tf
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-414-elasticache_automatic_backups/red/variables.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/iam/415-policy.json
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/iam/418-policy.json
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/iam/419-policy.json
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/iam/420-policy.json
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-420-elasticache_latest_version/red/variables.tf
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/es.tf
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/provider.tf
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/terraform.tfvars
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/iam/425-policy.json
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/es.tf
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/provider.tf
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/terraform.tfvars
 create mode 100755 terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/vpc.tf
 create mode 100644 terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/iam/427-policy.json
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/iam/429-policy.json
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/asg.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/provider.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/variables.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/iam/430-policy.json
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/asg.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/provider.tf
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/variables.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/green/provider.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/green/variables.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/iam/431-policy.json
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/red/provider.tf
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-431-elasticsearch_enforces_https/red/variables.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/iam/432-policy.json
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-432-elasticsearch_latest_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/asg.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/elb.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/provider.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/variables.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/asg.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/lb.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/provider.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/variables.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/iam/433-policy.json
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/asg.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/provider.tf
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/variables.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/x-ray.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/iam/434-policy.json
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/x-ray.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/iam.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/provider.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/variables.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/vpc.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/green/workspace.tf
 create mode 100644 terraform/ecc-aws-435-workspaces_unused_instances/iam/435-policy.json
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/asg.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/provider.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/variables.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/vpc.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/iam/436-policy.json
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/asg.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/provider.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/variables.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/asg.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/provider.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/variables.tf
 create mode 100644 terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/vpc.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/iam.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/provider.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/variables.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/vpc.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/green/workspace.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/iam/437-policy.json
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/iam.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/provider.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/variables.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/vpc.tf
 create mode 100644 terraform/ecc-aws-437-workspaces_instances_are_healthy/red/workspace.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/asg.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/provider.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/variables.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/vpc.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/iam/438-policy.json
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/asg.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/provider.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/variables.tf
 create mode 100644 terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/vpc.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/iam.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/vpc.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/green/workspace.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/iam/439-policy.json
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/iam.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/vpc.tf
 create mode 100644 terraform/ecc-aws-439-workspaces_storage_encrypted/red/workspace.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/backup_plan.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/iam/440-policy.json
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/backup_plan.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/backup_plan.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/provider.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/variables.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/iam/442-policy.json
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/backup_plan.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/provider.tf
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/variables.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/distribution.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/provider.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/variables.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/iam/444-policy.json
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/distribution.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/provider.tf
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/variables.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/rds.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/iam/445-policy.json
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/rds.tf
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/sqs.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/iam/447-policy.json
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/sqs.tf
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/provider.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/variables.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/iam/448-policy.json
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/provider.tf
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/variables.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/green/provider.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/green/sqs.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/green/variables.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/iam/449-policy.json
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red/provider.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red/sqs.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red/variables.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/provider.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/sqs.tf
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/variables.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/iam/451-policy.json
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/green/provider.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/green/variables.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/iam/452-policy.json
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/red/provider.tf
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-452-cloudtrail_logs_management_events/red/variables.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/event_bus.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/provider.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/variables.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/iam/453-policy.json
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/event_bus.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/provider.tf
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/variables.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/iam/454-policy.json
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/iam/455-policy.json
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/rds.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/iam/457-policy.json
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/rds.tf
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/glacier_vault.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/provider.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/variables.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/iam/458-policy.json
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/glacier_vault.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/provider.tf
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/variables.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/green/config.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/green/iam.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/green/provider.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/green/variables.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/iam/459-policy.json
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/red/config.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/red/iam.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/red/provider.tf
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-459-config_delivery_failed/red/variables.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/green/dms.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/green/iam.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/iam/461-policy.json
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/red/dms.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/red/iam.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-461-dms_latest_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/iam/464-policy.json
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/dms.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/iam.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/provider.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/variables.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/iam/469-policy.json
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/dms.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/iam.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/provider.tf
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/variables.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/dms.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/iam.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/iam/470-policy.json
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/dms.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/iam.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/iam/471-policy.json
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/rds.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/iam/472-policy.json
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/rds.tf
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/iam/473-policy.json
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/provider.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/rds.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/variables.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/iam/474-policy.json
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/provider.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/rds.tf
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/variables.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/provider.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/rds.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/variables.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/iam/475-policy.json
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/provider.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/rds.tf
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/variables.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/provider.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/rds.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/variables.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/iam/476-policy.json
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/provider.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/rds.tf
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/variables.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/provider.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/rds.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/variables.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/iam/477-policy.json
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/provider.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/rds.tf
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/variables.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/iam/478-policy.json
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/iam/479-policy.json
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/green/provider.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/green/rds.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/green/variables.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/iam/480-policy.json
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/red/provider.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/red/rds.tf
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-480-oracle_trace_files_public/red/variables.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/iam/481-policy.json
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/dms.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/iam/482-policy.json
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/red/dms.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-482-dms_multi_az_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/ebs.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/iam/487-policy.json
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/ebs.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/green/ebs.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/iam/488-policy.json
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/red/ebs.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-488-ebs_snapshot_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/green/ebs.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/green/provider.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/green/variables.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/iam/489-policy.json
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/red/ebs.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/red/provider.tf
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-489-unused_ebs_volumes/red/variables.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/green/ec2.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/green/provider.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/green/variables.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/iam/490-policy.json
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/red/ec2.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/red/provider.tf
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-490-unused_ec2_access_keys/red/variables.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/provider.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/rds.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/variables.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/iam/492-policy.json
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/provider.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/rds.tf
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/variables.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/iam.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/vpc.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/workspace.tf
 create mode 100644 terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/iam/493-policy.json
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/green/workspace.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/iam/494-policy.json
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-494-workspaces_web_access_disabled/red/workspace.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/fsx.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/vpc.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/iam/495-policy.json
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/fsx.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/vpc.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/iam.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/provider.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/s3.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/variables.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/iam.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/kinesis.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/provider.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/s3.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/variables.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/iam/496-policy.json
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/iam.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/provider.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/s3.tf
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/variables.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.py
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.zip
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/iam/497-policy.json
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.py
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.zip
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/lambda.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-497-lambda_active_tracing_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/iam/499-policy.json
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/encryption.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.py
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.zip
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/lambda.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/iam/500-policy.json
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.py
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.zip
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/lambda.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/iam/501-policy.json
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/mq.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/mq.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/green/mq.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/iam/503-policy.json
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/red/mq.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-503-mq_broker_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/iam/504-policy.json
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/register-domain.json
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/route53.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/iam/505-policy.json
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/register-domain.json
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/route53.tf
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/mq.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/provider.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/variables.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/iam/506-policy.json
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/mq.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/provider.tf
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/variables.tf
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/register-domain.json
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/route53.tf
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-507-route53_domain_expires_in_30_days/iam/507-policy.json
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/mq.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/provider.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/variables.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/vpc.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/iam/508-policy.json
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/mq.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/provider.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/variables.tf
 create mode 100644 terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/vpc.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/error.html
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/index.html
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/route53.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/s3.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/iam/510-policy.json
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/route53.tf
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/kms.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/msk.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/vpc.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/iam/511-policy.json
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/msk.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/vpc.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/msk.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/iam/512-policy.json
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/msk.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/green/route53.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/iam/513-policy.json
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/red/route53.tf
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-513-route53_query_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/green/msk.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/iam/514-policy.json
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/red/msk.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-514-msk_logging_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/rds.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/iam/515-policy.json
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/rds.tf
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/sns.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/iam/368-policy.json
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/sns.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/provider.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/sns.tf
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/variables.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/iam/517-policy.json
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/green/provider.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/green/redshift.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/green/variables.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/red/provider.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/red/redshift.tf
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-519-redshift_not_using_default_port/red/variables.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/redshift.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/iam/520-policy.json
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/redshift.tf
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/provider.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/redshift.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/variables.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/iam/521-policy.json
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/provider.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/redshift.tf
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/variables.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/green/register-domain.json
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/green/route53.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/iam/522-policy.json
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/red/register-domain.json
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/red/route53.tf
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-522-route53_transfer_lock_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/api.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/iam/524-policy.json
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/api.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs-exec-task-role-policy.json
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/kms-policy.json
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/iam/525-policy.json
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs-exec-task-role-policy.json
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/api.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/iam/526-policy.json
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/api.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/code.py
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/iam.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/vpc.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/iam/527-policy.json
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/code.py
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/iam.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/vpc.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/green/asg.tf
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/iam/531-policy.json
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/asg.tf
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/glue.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/iam/532-policy.json
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/glue.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/fsx.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/iam/537-policy.json
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/fsx.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/directory_service.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/iam.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/provider.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/variables.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/vpc.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/iam/538-policy.json
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/directory_service.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/iam.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/provider.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/variables.tf
 create mode 100644 terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/vpc.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/fsx.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/provider.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/variables.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/vpc.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/iam/539-policy.json
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/fsx.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/provider.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/variables.tf
 create mode 100644 terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/vpc.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/workspace.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/iam/542-policy.json
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/workspace.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/green/provider.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/green/variables.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/iam/547-policy.json
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/red/provider.tf
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-547-cloudtrail_logs_data_events/red/variables.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/iam.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/vpc.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/workspace.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/iam/548-policy.json
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/iam.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/vpc.tf
 create mode 100644 terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/workspace.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/green/ami.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/iam/550-policy.json
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/red/ami.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-550-ami_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/green/ebs.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/red/ebs.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-551-ebs_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/ebs.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/iam/552-policy.json
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/ebs.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/green/eip.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/iam/533-policy.json
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/red/eip.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-553-eip_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/green/eni.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/red/eni.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-555-eni_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/green/ig.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/iam/556-policy.json
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/red/ig.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-556-internet_gateway_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/green/ng.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/iam/557-policy.json
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/red/ng.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-557-nat_gateway_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/green/acl.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/iam/558-policy.json
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/red/acl.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-558-network_acl_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/green/rt.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/iam/559-policy.json
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/red/rt.tf
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-559-route_table_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/green/sg.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/iam/560-policy.json
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/red/sg.tf
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-560-security_group_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/green/subnet.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/iam/561-policy.json
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/red/subnet.tf
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-561-subnet_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/green/tg.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/iam/562-policy.json
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/red/tg.tf
 create mode 100644 terraform/ecc-aws-562-transit_gateway_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/tg.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/iam/563-policy.json
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/tg.tf
 create mode 100644 terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/green/pc.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/iam/564-policy.json
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/red/pc.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-564-peering_connection_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/iam/565-policy.json
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-565-vpc_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/endpoint.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/iam/566-policy.json
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/endpoint.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/green/acm.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/iam/567-policy.json
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/red/acm.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-567-acm_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/568-bucket-file.csv
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/appflow.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/s3.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/iam/568-policy.json
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/568-bucket-file.csv
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/appflow.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/s3.tf
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-568-app_flow_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/asg.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/iam/569-policy.json
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/asg.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/cloudformation.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/iam/574-policy.json
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/cloudformation.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/iam/575-policy.json
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-578-cloudtrail_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/iam/580-policy.json
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-580-codebuild_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/green/dynamodb.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/iam/582-policy.json
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/red/dax.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-582-dax_clusters_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/green/dlm.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/iam/583-policy.json
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/red/dlm.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-583-dlm_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/green/dms.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/green/iam.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/iam/584-policy.json
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/red/dms.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/red/iam.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-584-dms_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/green/ecs.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/iam/585-policy.json
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/red/ecs.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-585-ecs_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/green/eks.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/iam/586-policy.json
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/red/eks.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-586-eks_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/green/efs.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/iam/587-policy.json
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/red/efs.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-587-efs_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/iam/588-policy.json
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/green/elastic_beanstalk.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/iam/590-policy.json
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/red/elastic_beanstalk.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-590-beanstalk_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/green/elb.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/iam/591-policy.json
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/red/elb.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-591-elb_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/emr.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/iam.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/iam/592-policy.json
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/emr.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/iam.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-592-emr_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/green/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/iam/593-policy.json
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/red/elasticsearch.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-593-elasticsearch_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/green/fsx.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/iam/596-policy.json
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/red/fsx.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-596-fsx_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/green/fsx.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/iam/597-policy.json
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/red/fsx.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-597-fsx_backup_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/green/glacier_vault.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/iam/599-policy.json
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/red/glacier_vault.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-599-glacier_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/glue.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/iam.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/s3.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/script.py
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/iam/600-policy.json
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/glue.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/iam.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/s3.tf
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/script.py
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-600-glue_job_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/green/user.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/iam/608-policy.json
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/red/user.tf
 create mode 100644 terraform/ecc-aws-608-iam_user_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/green/role.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/iam/609-policy.json
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/red/role.tf
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-609-iam_role_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/green/msk.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/iam/611-policy.json
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/red/msk.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-611-msk_clusters_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/iam/613-policy.json
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/green/kms.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/iam/615-policy.json
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/red/kms.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-615-kms_key_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.py
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.zip
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/lambda.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/iam/616-policy.json
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.py
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.zip
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/lambda.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-616-lambda_functions_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/lightsail.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/iam/617-policy.json
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/lightsail.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/log_group.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/iam/618-policy.json
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/log_group.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/green/mq.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/iam/619-policy.json
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/red/mq.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-619-mq_brokers_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/code.py
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/iam.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/green/vpc.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/iam/620-policy.json
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/code.py
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/iam.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-620-mwaa_without_tag_information/red/vpc.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/qldb.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/iam/624-policy.json
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/qldb.tf
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/green/cluster.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/iam/625-policy.json
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/red/cluster.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-625-rds_cluster_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/rds.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/iam/626-policy.json
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/rds.tf
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/redshift.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/iam/627-policy.json
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/redshift.tf
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/sagemaker.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/iam/630-policy.json
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/sagemaker.tf
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/green/sns.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/red/sns.tf
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-632-sns_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/green/sqs.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/iam/633-policy.json
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/red/sqs.tf
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-633-sqs_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/mq.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/provider.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/variables.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/iam/638-policy.json
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/mq.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/provider.tf
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/variables.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/green/mq.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/iam/639-policy.json
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/red/mq.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-639-mq_broker_latest_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/mq.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/iam/640-policy.json
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/mq.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/iam/641-policy.json
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/provider.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/qldb.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/variables.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/iam/643-policy.json
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/provider.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/qldb.tf
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/variables.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/qldb.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/iam/644-policy.json
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/qldb.tf
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/code.py
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/iam.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/vpc.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/iam/652-policy.json
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/code.py
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/iam.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/vpc.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/code.py
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/iam.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/vpc.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/iam/653-policy.json
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/code.py
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/iam.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/vpc.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/code.py
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/iam.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/vpc.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/iam/654-policy.json
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/code.py
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/iam.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/vpc.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/code.py
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/iam.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/vpc.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/iam/655-policy.json
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/code.py
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/iam.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/vpc.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/code.py
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/iam.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/provider.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/variables.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/vpc.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/iam/656-policy.json
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/code.py
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/iam.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/provider.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/variables.tf
 create mode 100644 terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/vpc.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/redshift.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/iam/657-policy.json
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/redshift.tf
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/iam/664-policy.json
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/green/elasticache.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/iam/665-policy.json
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/red/elasticache.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-665-elasticache_notifications_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/emr.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/iam/669-policy.json
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/emr.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-669-emr_termination_protection_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/glue.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/script.py
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/iam/672-policy.json
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/glue.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/script.py
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function.zip
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function/lambda_function.py
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/iam/677-policy.json
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function.zip
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function/lambda_function.py
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/lambda.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/function/lambda_function.py
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/iam.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/kms.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/lambda.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/iam/679-policy.json
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/function/lambda_function.py
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/iam.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/lambda.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/func.zip
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/lambda.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/iam/680-policy.json
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/func.zip
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/lambda.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.py
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.zip
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/iam/681-policy.json
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.py
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.zip
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/lambda.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-681-lambda_concurrency_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/green/ecs.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/iam/690-policy.json
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/red/ecs.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-690-ecs_exec_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/fsx.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/fsx.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/provider.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/variables.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/vpc.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/iam/691-policy.json
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/fsx.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/fsx.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/iam/692-policy.json
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/fsx.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/fsx.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/iam/693-policy.json
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/fsx.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/green/alb.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/iam/696-policy.json
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/red/alb.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-696-alb_desync_mode_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/green/api.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/iam/697-policy.json
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/red/api.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-697-api_gw_endpoint_type_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/asg.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/iam/702-policy.json
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/asg.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/asg.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/provider.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/variables.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/iam/703-policy.json
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/asg.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/provider.tf
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/variables.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/green/elb.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/iam/707-policy.json
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/red/elb.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-707-clb_desync_mode_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/green/elb.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/green/provider.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/green/variables.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/iam/708-policy.json
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/red/elb.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/red/provider.tf
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-708-clb-multiple_az/red/variables.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/elb.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/iam/709-policy.json
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/elb.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/cloudformation.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/iam/710-policy.json
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/cloudformation.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green1/cloudfront.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green1/provider.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/green1/variables.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/iam/712-policy.json
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-712-cloudfront_sni_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/log_group.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/iam/715-policy.json
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/log_group.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/provider.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/variables.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/iam/717-policy.json
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/provider.tf
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/variables.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/iam/718-policy.json
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/iam/719-policy.yml
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-719-codebuild_project_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/codebuild.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/provider.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/variables.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/codebuild.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/provider.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/variables.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/iam/720-policy.json
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/codebuild.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/provider.tf
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/variables.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/codedeploy.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v1.py
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v2.py
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/iam/721-policy.json
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/codedeploy.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/codedeploy.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/iam.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/provider.tf
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/variables.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/codedeploy.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/iam/723-policy.json
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/codedeploy.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/codepipeline.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/provider.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/variables.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/iam/724-policy.json
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/codepipeline.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/provider.tf
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/log_group.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/iam/725-policy.json
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/log_group.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/ec2.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/iam/734-policy.json
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/ec2.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/green/ec2.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/iam/739-policy.json
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/red/ec2.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-739-ec2_token_hop_limit_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/iam/740-policy.json
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/transit_gateway.tf
 create mode 100644 terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/ecr.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/provider.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/variables.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/iam/741-policy.json
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/ecr.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/provider.tf
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/variables.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/ecs.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/route_tables.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/vpc.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/iam/744-policy.json
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/ecs.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/route_tables.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/vpc.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/ecs.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/provider.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/variables.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/iam/745-policy.json
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/ecs.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/provider.tf
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/variables.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/ecs.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/iam/746-policy.json
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/ecs.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/eks.tf
 create mode 100644 terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-751-eks_cluster_oldest_supported_version/iam/751-policy.json
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/alb.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/glb.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/nlb.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/provider.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/variables.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/green/vpc.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/iam/755-policy.json
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/glb.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/nlb.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/provider.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/variables.tf
 create mode 100644 terraform/ecc-aws-755-elbv2_multiple_az/red/vpc.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/green/group.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/iam/760-policy.json
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/red/group.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-760-iam_group_has_users_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/func.zip
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/lambda.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/vpc.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/iam/762-policy.json
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/func.zip
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/lambda.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/vpc.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/green/es.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/iam/769-policy.json
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/red/es.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-769-opensearch_access_control_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/iam/770-policy.json
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/green/cluster.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/iam/771-policy.json
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/red/cluster.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-771-rds_cluster_default_admin_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/green/rds.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/iam/773-policy.json
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/red/rds.tf
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-773-rds_instance_default_admin_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/green/redshift.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/iam/776-policy.json
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/red/redshift.tf
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-776-redshift_default_admin_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/green/redshift.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/iam/777-policy.json
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/red/redshift.tf
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-777-redshift_default_db_name_check/red/variables.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/sns.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/sns.tf
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/code.py
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/iam.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/mwaa.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/green/vpc.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/iam/787-policy.json
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/code.py
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/iam.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/mwaa.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-787-mwaa_latest_version/red/vpc.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/dax.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/iam/800-policy.json
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/dax.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/green/elb.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/green/provider.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/green/variables.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/iam/808-policy.json
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/red/elb.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/red/provider.tf
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-808-clb_internet_facing/red/variables.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/green/alb.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/green/provider.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/green/variables.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/iam/809-policy.json
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/red/alb.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/red/provider.tf
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-809-elb_internet_facing/red/variables.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/acm.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/provider.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/variables.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/iam/821-policy.json
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/acm.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/provider.tf
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/variables.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/iam.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/provider.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/variables.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/iam/835-policy.json
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/iam.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/provider.tf
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/variables.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/green/security-hub.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/iam/897-policy.json
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/red/security_hub.tf
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-897-security_hub_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.py
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.zip
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/sns.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/sqs.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/iam/899-policy.json
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-899-s3_event_notifications_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-902-vpc_vpn_2_tunnels_up/iam/902-policy.json
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/asg.tf
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/provider.tf
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/variables.tf
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/iam/904-policy.json
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/asg.tf
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/provider.tf
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/variables.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/green/ecs.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/iam/906-policy.json
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/red/ecs.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-906-ecs_containers_readonly_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/green/ecs.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/green/provider.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/green/variables.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/iam/907-policy.json
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/red/ecs.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/red/provider.tf
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-907-ecs_no_environment_secrets/red/variables.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/kms.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/provider.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/variables.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/iam/911-policy.json
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/kms.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/provider.tf
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/variables.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/green/provider.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/green/variables.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/green/waf.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/iam/917-policy.json
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/red/provider.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/red/variables.tf
 create mode 100644 terraform/ecc-aws-917-waf_global_webacl_not_empty/red/waf.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/acm.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/iam/922-policy.json
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/acm.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/distribution.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/iam/938-policy.json
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/distribution.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/green/ebs.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/iam/939-policy.json
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/red/ebs.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-939-ebs_default_encryption_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/acm.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/provider.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/variables.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/iam/948-policy.json
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/acm.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/provider.tf
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/variables.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/green/key-pair.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/iam/949-policy.json
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/red/key-pair.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-949-key_pair_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green/asg.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green/provider.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green/variables.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green1/asg.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green1/provider.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/green1/variables.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/iam/950-policy.json
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/red/asg.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/red/provider.tf
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-950-autoscaling_launch_template/red/variables.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green/lb.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green/provider.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green/variables.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green1/lb.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green1/provider.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green1/variables.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green2/lb.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green2/provider.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green2/terraform.tfvars
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/green2/variables.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/iam/951-policy.json
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/red/iam.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/red/lb.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/red/provider.tf
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-951-clb_acm_certificate_required/red/variables.tf
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/green/func.zip
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/green/lambda.tf
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-953-lambda_function_settings_check/iam/953-policy.json
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green/ecs.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green/provider.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green/variables.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/ecs.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/provider.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/variables.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/iam/955-policy.json
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red/ecs.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red/provider.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red/variables.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/ecs.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/provider.tf
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/variables.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/error.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/index.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/provider.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/s3.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/variables.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/cloudfront.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/error.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/index.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/provider.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/s3.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/variables.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/iam/958-policy.json
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/error.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/index.html
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/provider.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/s3.tf
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/variables.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/cloudfront.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/error.html
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/index.html
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/cloudfront.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/error.html
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/index.html
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/provider.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/s3.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/variables.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/iam/961-policy.json
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/cloudfront.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/cloudfront.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/provider.tf
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/variables.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/glue.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/iam.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/provider.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/s3.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/script.py
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/green/variables.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/iam/962-policy.json
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/glue.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/iam.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/provider.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/s3.tf
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/script.py
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-962-glue_job_latest_version/red/variables.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/glue.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/script.py
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/iam/963-policy.json
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/glue.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/script.py
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-963-glue_job_logging_enabled/red/variables.tf

diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/iam.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/iam.tf
new file mode 100644
index 000000000..f0003ce82
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/iam.tf
@@ -0,0 +1,44 @@
+# Enable MFA manually 
+
+resource "aws_iam_user" "this" {
+  name          = "002_user_green"
+  path          = "/"
+  force_destroy = true
+}
+
+resource "aws_iam_policy" "this" {
+  name        = "002_policy_green"
+  description = "ensure mfa is enabled for all users policy"
+
+policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "iam:CreateVirtualMFADevice",
+        "iam:ListMFADevices",
+        "iam:GetAccountPasswordPolicy",
+        "iam:ChangePassword"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_user_policy_attachment" "this" {
+  user       = "${aws_iam_user.this.name}"
+  policy_arn = "${aws_iam_policy.this.arn}"
+}
+
+resource "aws_iam_user_login_profile" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "this_iam_user_login_profile_encrypted_password" {
+  value = "${aws_iam_user_login_profile.this.encrypted_password}"
+}
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/provider.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/provider.tf
new file mode 100644
index 000000000..e26eb8256
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password"
+      ComplianceStatus = "Green"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/terraform.tfvars b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/variables.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/iam/002-policy.json b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/iam/002-policy.json
new file mode 100644
index 000000000..28f192367
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/iam/002-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListMFADevices",
+                "iam:GetAccountPasswordPolicy",
+                "iam:ListUsers",
+                "iam:GetUser"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/iam.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/iam.tf
new file mode 100644
index 000000000..247cb59a5
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/iam.tf
@@ -0,0 +1,14 @@
+resource "aws_iam_user" "this" {
+  name          = "002_user_red"
+  path          = "/"
+  force_destroy = true
+}
+
+resource "aws_iam_user_login_profile" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "this_iam_user_login_profile_encrypted_password" {
+  value = "${aws_iam_user_login_profile.this.encrypted_password}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/provider.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/provider.tf
new file mode 100644
index 000000000..8caaf1b4b
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password"
+      ComplianceStatus = "Red"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/terraform.tfvars b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/variables.tf b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/iam.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/iam.tf
new file mode 100644
index 000000000..08b55a35b
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/iam.tf
@@ -0,0 +1,12 @@
+resource "aws_iam_access_key" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+resource "aws_iam_user" "this" {
+  name = "013_user_green"
+}
+
+output "this_iam_access_key_encrypted_secret" {
+  value = "${aws_iam_access_key.this.encrypted_secret}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/provider.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/provider.tf
new file mode 100644
index 000000000..2616f2109
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-013-ensure_access_keys_are_rotated_every_90_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/terraform.tfvars b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/variables.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/iam/013-policy.json b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/iam/013-policy.json
new file mode 100644
index 000000000..483269877
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/iam/013-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListUsers",
+                "iam:GetUser"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/iam.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/iam.tf
new file mode 100644
index 000000000..438cc59a4
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/iam.tf
@@ -0,0 +1,5 @@
+resource "aws_iam_user" "this" {
+  name          = "013_user_red"
+  path          = "/"
+  force_destroy = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/provider.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/provider.tf
new file mode 100644
index 000000000..f5257a79e
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-013-ensure_access_keys_are_rotated_every_90_days"
+      ComplianceStatus = "Red"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/terraform.tfvars b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/variables.tf b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/provider.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/provider.tf
new file mode 100644
index 000000000..f48dd3329
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc"
+      ComplianceStatus = "Green"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/terraform.tfvars b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/variables.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/vpc.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/vpc.tf
new file mode 100644
index 000000000..fa198d5f9
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/green/vpc.tf
@@ -0,0 +1,58 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_flow_log" "this" {
+  iam_role_arn    = "${aws_iam_role.this.arn}"
+  log_destination = "${aws_cloudwatch_log_group.this.arn}"
+  traffic_type    = "REJECT"
+  vpc_id          = "${aws_vpc.this.id}"
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "033_log_group_green"
+}
+
+resource "aws_iam_role" "this" {
+  name = "033_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "vpc-flow-logs.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "033_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "logs:CreateLogGroup",
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+        "logs:DescribeLogGroups",
+        "logs:DescribeLogStreams"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/iam/033-policy.json b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/iam/033-policy.json
new file mode 100644
index 000000000..4866575c6
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/iam/033-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcs",
+                "ec2:DescribeFlowLogs"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/provider.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/provider.tf
new file mode 100644
index 000000000..a5c8c6e01
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc"
+      ComplianceStatus = "Red"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/terraform.tfvars b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/variables.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/vpc.tf b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/vpc.tf
new file mode 100644
index 000000000..82361d733
--- /dev/null
+++ b/terraform/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red/vpc.tf
@@ -0,0 +1,3 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/provider.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/provider.tf
new file mode 100644
index 000000000..82e793942
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-082-rds_retention_backup_is_at_least_7_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/rds.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/rds.tf
new file mode 100644
index 000000000..a25e1eb04
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/rds.tf
@@ -0,0 +1,21 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine                  = "mysql"
+  engine_version          = "5.7"
+  instance_class          = "db.t2.micro"
+  allocated_storage       = 10
+  storage_type            = "gp2"
+  db_name                 = "database082green"
+  username                = "root"
+  password                = random_password.this.result
+  multi_az                = true
+  backup_retention_period = 7
+  skip_final_snapshot     = true
+}
+
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/terraform.tfvars b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/variables.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/iam/083-policy.json b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/iam/083-policy.json
new file mode 100644
index 000000000..545a39a4f
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/iam/083-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/provider.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/provider.tf
new file mode 100644
index 000000000..f38cb07c4
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-082-rds_retention_backup_is_at_least_7_days"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/rds.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/rds.tf
new file mode 100644
index 000000000..6d0219b0f
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/rds.tf
@@ -0,0 +1,20 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine                  = "mysql"
+  engine_version          = "5.7"
+  instance_class          = "db.t2.micro"
+  allocated_storage       = 10
+  storage_type            = "gp2"
+  db_name                 = "database082red"
+  username                = "root"
+  password                = random_password.this.result
+  multi_az                = true
+  backup_retention_period = 5
+  skip_final_snapshot     = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/terraform.tfvars b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/variables.tf b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/green/provider.tf b/terraform/ecc-aws-083-rds_high-availability_zone/green/provider.tf
new file mode 100644
index 000000000..5c4af41c9
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-083-rds_high-availability_zone"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/green/rds.tf b/terraform/ecc-aws-083-rds_high-availability_zone/green/rds.tf
new file mode 100644
index 000000000..593209063
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/green/rds.tf
@@ -0,0 +1,19 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine                  = "mysql"
+  engine_version          = "5.7"
+  instance_class          = "db.t2.micro"
+  allocated_storage       = 10
+  storage_type            = "gp2"
+  db_name                 = "database083green"
+  username                = "root"
+  password                = random_password.this.result
+  multi_az                = true
+  skip_final_snapshot     = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/green/terraform.tfvars b/terraform/ecc-aws-083-rds_high-availability_zone/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/green/variables.tf b/terraform/ecc-aws-083-rds_high-availability_zone/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/iam/083-policy.json b/terraform/ecc-aws-083-rds_high-availability_zone/iam/083-policy.json
new file mode 100644
index 000000000..545a39a4f
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/iam/083-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/red/provider.tf b/terraform/ecc-aws-083-rds_high-availability_zone/red/provider.tf
new file mode 100644
index 000000000..d6ef71979
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-083-rds_high-availability_zone"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/red/rds.tf b/terraform/ecc-aws-083-rds_high-availability_zone/red/rds.tf
new file mode 100644
index 000000000..614087b8b
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/red/rds.tf
@@ -0,0 +1,20 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine                  = "mysql"
+  engine_version          = "5.7"
+  instance_class          = "db.t2.micro"
+  allocated_storage       = 10
+  storage_type            = "gp2"
+  db_name                 = "database082red"
+  username                = "root"
+  password                = random_password.this.result
+  multi_az                = false
+  backup_retention_period = 5
+  skip_final_snapshot     = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/red/terraform.tfvars b/terraform/ecc-aws-083-rds_high-availability_zone/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-083-rds_high-availability_zone/red/variables.tf b/terraform/ecc-aws-083-rds_high-availability_zone/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-083-rds_high-availability_zone/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/certificate.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/certificate.tf
new file mode 100644
index 000000000..6dcb11bdf
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/certificate.tf
@@ -0,0 +1,8 @@
+###### The step to be done before run infrastructure is to run command below
+# sudo openssl req -x509 -nodes -days 40 -newkey rsa:2048 -keyout private.key -out certificate.crt 
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "086_certificate_green"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/provider.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/provider.tf
new file mode 100644
index 000000000..9e7a8c273
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/terraform.tfvars b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/variables.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/iam/086-policy.json b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/iam/086-policy.json
new file mode 100644
index 000000000..ada4f0e94
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/iam/086-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "iam:ListServerCertificates",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/certificate.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/certificate.tf
new file mode 100644
index 000000000..e0d1e381b
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/certificate.tf
@@ -0,0 +1,8 @@
+###### The step to be done before run infrastructure is to run command below
+# sudo openssl req -x509 -nodes -days 20 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt 
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "086_certificate_red"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/provider.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/provider.tf
new file mode 100644
index 000000000..a70e1f85f
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/terraform.tfvars b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/variables.tf b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/certificate.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/certificate.tf
new file mode 100644
index 000000000..7948899e5
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/certificate.tf
@@ -0,0 +1,8 @@
+###### The step to be done before run infrastructure is to run command below
+# sudo openssl req -x509 -nodes -days 8 -newkey rsa:2048 -keyout private.key -out certificate.crt 
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "087_certificate_green"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/provider.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/provider.tf
new file mode 100644
index 000000000..cfd00d099
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/terraform.tfvars b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/variables.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/iam/087-policy.json b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/iam/087-policy.json
new file mode 100644
index 000000000..ada4f0e94
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/iam/087-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "iam:ListServerCertificates",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/certificate.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/certificate.tf
new file mode 100644
index 000000000..7b67b1b5f
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/certificate.tf
@@ -0,0 +1,8 @@
+###### The step to be done before run infrastructure is to run command below
+# sudo openssl req -x509 -nodes -days 4 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt 
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "087_certificate_red"
+  certificate_body = file("second-certificate.crt")
+  private_key      = file("second-private.key")
+}
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/provider.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/provider.tf
new file mode 100644
index 000000000..8a10b8bef
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/terraform.tfvars b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/variables.tf b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/cloudfront.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/cloudfront.tf
new file mode 100644
index 000000000..36c27317e
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/cloudfront.tf
@@ -0,0 +1,75 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-090-green"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+locals {
+  s3_origin_id = "myS3Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = aws_acm_certificate.this.arn
+    ssl_support_method             = "sni-only"
+    minimum_protocol_version       = "TLSv1.2_2021"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/provider.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/provider.tf
new file mode 100644
index 000000000..9dab309af
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/terraform.tfvars b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/variables.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/iam/090-policy.json b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/iam/090-policy.json
new file mode 100644
index 000000000..64afa00ea
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/iam/090-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudfront:ListDistributions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/cloudfront.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/cloudfront.tf
new file mode 100644
index 000000000..fb333e4f5
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/cloudfront.tf
@@ -0,0 +1,77 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-090-red"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+locals {
+  s3_origin_id = "myS3Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = aws_acm_certificate.this.arn
+    ssl_support_method             = "sni-only"
+    minimum_protocol_version       = "TLSv1.1_2016"
+  }
+}
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/provider.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/provider.tf
new file mode 100644
index 000000000..6e3b83f94
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/terraform.tfvars b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/variables.tf b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/lb.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/lb.tf
new file mode 100644
index 000000000..66c678f50
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/lb.tf
@@ -0,0 +1,80 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "elb-092-http-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  key_algorithm   = "RSA"
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+resource "aws_load_balancer_policy" "this" {
+  load_balancer_name = aws_elb.this.name
+  policy_name        = "policygreen"
+  policy_type_name   = "SSLNegotiationPolicyType"
+
+  policy_attribute {
+    name  = "Reference-Security-Policy"
+    value = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  }
+}
+
+resource "aws_load_balancer_listener_policy" "this" {
+  load_balancer_name = aws_elb.this.name
+  load_balancer_port = 443
+
+  policy_names = [
+    aws_load_balancer_policy.this.policy_name,
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/provider.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/provider.tf
new file mode 100644
index 000000000..ae4408590
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-092-remove_weak_ciphers_for_load_balancer"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/terraform.tfvars b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/variables.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/iam/092-policy.json b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/iam/092-policy.json
new file mode 100644
index 000000000..a12fceece
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/iam/092-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancerPolicies",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/lb.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/lb.tf
new file mode 100644
index 000000000..79125c42d
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/lb.tf
@@ -0,0 +1,59 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "elb-092-http-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/provider.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/provider.tf
new file mode 100644
index 000000000..e4ab6c9bb
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-092-remove_weak_ciphers_for_load_balancer"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/terraform.tfvars b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/variables.tf b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-092-remove_weak_ciphers_for_clb/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green/lb.tf b/terraform/ecc-aws-093-clb_uses_https/green/lb.tf
new file mode 100644
index 000000000..23d6d1ac7
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green/lb.tf
@@ -0,0 +1,60 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "c7n-093-elb-http-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  key_algorithm   = "RSA"
+  private_key_pem = "${tls_private_key.this.private_key_pem}"
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = "${tls_private_key.this.private_key_pem}"
+  certificate_body = "${tls_self_signed_cert.this.cert_pem}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green/provider.tf b/terraform/ecc-aws-093-clb_uses_https/green/provider.tf
new file mode 100644
index 000000000..26f82b216
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-093-load_balancer_uses_https"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green/terraform.tfvars b/terraform/ecc-aws-093-clb_uses_https/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green/variables.tf b/terraform/ecc-aws-093-clb_uses_https/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green1/lb.tf b/terraform/ecc-aws-093-clb_uses_https/green1/lb.tf
new file mode 100644
index 000000000..9574035ab
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green1/lb.tf
@@ -0,0 +1,60 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "c7n-093-elb-http-green1"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "tcp"
+    lb_port            = 443
+    lb_protocol        = "ssl"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  key_algorithm   = "RSA"
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green1/provider.tf b/terraform/ecc-aws-093-clb_uses_https/green1/provider.tf
new file mode 100644
index 000000000..5d18f2294
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-093-load_balancer_uses_https"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green1/terraform.tfvars b/terraform/ecc-aws-093-clb_uses_https/green1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/green1/variables.tf b/terraform/ecc-aws-093-clb_uses_https/green1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/iam/093-policy.json b/terraform/ecc-aws-093-clb_uses_https/iam/093-policy.json
new file mode 100644
index 000000000..61342ba51
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/iam/093-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "tag:GetResources",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/red/lb.tf b/terraform/ecc-aws-093-clb_uses_https/red/lb.tf
new file mode 100644
index 000000000..c590f8423
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/red/lb.tf
@@ -0,0 +1,32 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "elb-093-http-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/red/provider.tf b/terraform/ecc-aws-093-clb_uses_https/red/provider.tf
new file mode 100644
index 000000000..41917c417
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-093-load_balancer_uses_https"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/red/terraform.tfvars b/terraform/ecc-aws-093-clb_uses_https/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-093-clb_uses_https/red/variables.tf b/terraform/ecc-aws-093-clb_uses_https/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-093-clb_uses_https/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/iam/094-policy.json b/terraform/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/iam/094-policy.json
new file mode 100644
index 000000000..45e27acb8
--- /dev/null
+++ b/terraform/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/iam/094-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:GenerateCredentialReport",
+                "iam:ListAccountAliases",
+                "iam:GetCredentialReport"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/iam.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/iam.tf
new file mode 100644
index 000000000..4f3715398
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/iam.tf
@@ -0,0 +1,42 @@
+resource "aws_iam_user" "this" {
+  name          = "095_user_green"
+  path          = "/"
+  force_destroy = true
+}
+
+resource "aws_iam_policy" "this" {
+  name        = "095_policy_green"
+  description = "ensure mfa is enabled"
+
+policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "iam:CreateVirtualMFADevice",
+        "iam:ListMFADevices",
+        "iam:GetAccountPasswordPolicy",
+        "iam:ChangePassword"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_user_policy_attachment" "this" {
+  user       = "${aws_iam_user.this.name}"
+  policy_arn = "${aws_iam_policy.this.arn}"
+}
+
+resource "aws_iam_user_login_profile" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "this_iam_user_login_profile_encrypted_password" {
+  value = "${aws_iam_user_login_profile.this.encrypted_password}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/provider.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/provider.tf
new file mode 100644
index 000000000..18fc2a7c2
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/terraform.tfvars b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/variables.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/iam/095-policy.json b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/iam/095-policy.json
new file mode 100644
index 000000000..689485c2f
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/iam/095-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:GetAccountPasswordPolicy",
+                "iam:ListAccountAliases",
+                "iam:ListMFADevices",
+                "iam:GetCredentialReport"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/iam.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/iam.tf
new file mode 100644
index 000000000..6d5ac05dc
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/iam.tf
@@ -0,0 +1,15 @@
+
+resource "aws_iam_user" "this" {
+  name          = "095_user_red"
+  path          = "/"
+  force_destroy = true
+}
+
+resource "aws_iam_user_login_profile" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "this_iam_user_login_profile_encrypted_password" {
+  value = "${aws_iam_user_login_profile.this.encrypted_password}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/provider.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/provider.tf
new file mode 100644
index 000000000..b8d84962d
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/terraform.tfvars b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/variables.tf b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-095-ensure_hardware_mfa_is_enabled_for_root_account/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-096-credentials_unused_for_45_days/green/iam.tf b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/iam.tf
new file mode 100644
index 000000000..34c311aec
--- /dev/null
+++ b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/iam.tf
@@ -0,0 +1,100 @@
+# This filter checks the account for 4 errors
+# - the password has been used, but it's been used for 45 days.
+# - the password hasn't been used and it's 45 days old.
+# - the access_key has been used, but it's been used for 45 days.
+# - the access_key hasn't been used and it's 45 days old.
+
+
+#the password hasn't been used and it's 45 days old.
+resource "aws_iam_user" "no_used_pswd" {
+  name = "096_no_used_pswd_user_green"
+}
+
+#the access_key hasn't been used and it's 45 days old.
+resource "aws_iam_user" "no_used_access" {
+  name = "096_no_used_access_user_green"
+}
+
+#the password has been used, but it's been used for 45 days. -unenforceable 
+resource "aws_iam_user" "used_pswd" {
+  name = "096_used_pswd_user_green"
+}
+
+#the access_key hasn't been used and it's 45 days old. -unenforceable 
+resource "aws_iam_user" "used_access" {
+  name = "096_used_access_user_green"
+}
+
+resource "aws_iam_access_key" "no_used_access" {
+  user    = "${aws_iam_user.no_used_access.name}"
+  pgp_key = "keybase:c7n"
+}
+
+resource "aws_iam_access_key" "used_access" {
+  user    = "${aws_iam_user.used_access.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "secret" {
+  value = "${aws_iam_access_key.no_used_access.encrypted_secret}"
+}
+
+output "secret1" {
+  value = "${aws_iam_access_key.used_access.encrypted_secret}"
+}
+
+
+resource "aws_iam_user_login_profile" "no_used_pswd" {
+  user    = "${aws_iam_user.no_used_pswd.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "password" {
+  value = "${aws_iam_user_login_profile.no_used_pswd.encrypted_password}"
+}
+
+resource "aws_iam_user_login_profile" "used_pswd" {
+  user    = "${aws_iam_user.used_pswd.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "used_pswd_iam_user_login_profile_encrypted_password" {
+  value = "${aws_iam_user_login_profile.used_pswd.encrypted_password}"
+}
+
+resource "aws_iam_group" "this" {
+  name = "096_group_green"
+}
+
+resource "aws_iam_group_membership" "this" {
+  name = "096_group_membership_green"
+
+  users = [
+    "${aws_iam_user.no_used_pswd.name}",
+    "${aws_iam_user.used_pswd.name}",
+    "${aws_iam_user.no_used_access.name}",
+    "${aws_iam_user.used_access.name}"
+  ]
+
+  group = "${aws_iam_group.this.name}"
+}
+
+resource "aws_iam_group_policy" "this" {
+  name  = "096_policy_green"
+  group = "${aws_iam_group.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-096-credentials_unused_for_45_days/green/provider.tf b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/provider.tf
new file mode 100644
index 000000000..6bec59960
--- /dev/null
+++ b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-096-credentials_unused_for_45_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-096-credentials_unused_for_45_days/green/terraform.tfvars b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-096-credentials_unused_for_45_days/green/variables.tf b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-096-credentials_unused_for_45_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-096-credentials_unused_for_45_days/iam/096-policy.json b/terraform/ecc-aws-096-credentials_unused_for_45_days/iam/096-policy.json
new file mode 100644
index 000000000..71bd94ad6
--- /dev/null
+++ b/terraform/ecc-aws-096-credentials_unused_for_45_days/iam/096-policy.json
@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:GenerateCredentialReport",
+                "iam:ListAccountAliases",
+                "iam:ListUsers",
+                "iam:GetUser",
+                "iam:GetCredentialReport"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/iam.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/iam.tf
new file mode 100644
index 000000000..f9fd240cc
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/iam.tf
@@ -0,0 +1,72 @@
+resource "aws_iam_user" "this" {
+  name = "097_user_green"
+}
+
+resource "aws_iam_access_key" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+
+output "this_aws_iam_access_key_encrypted_secret" {
+  value = "${aws_iam_access_key.this.encrypted_secret}"
+}
+
+resource "aws_iam_group" "this" {
+  name = "097_group_green"
+}
+
+resource "aws_iam_policy" "this" {
+  name   = "097_policy_green"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_group_policy_attachment" "this" {
+  group      = "${aws_iam_group.this.name}"
+  policy_arn = "${aws_iam_policy.this.arn}"
+}
+
+resource "aws_iam_group_membership" "this" {
+  name = "097_group_membership_green"
+  users = [
+    "${aws_iam_user.this.name}"
+  ]
+  group = "${aws_iam_group.this.name}"
+}
+
+resource "aws_iam_role" "this" {
+  name = "097_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = "${aws_iam_role.this.name}"
+  policy_arn = "${aws_iam_policy.this.arn}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/provider.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/provider.tf
new file mode 100644
index 000000000..4abc5b048
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-097-iam_users_receive_permissions_only_through_groups"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/terraform.tfvars b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/variables.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/iam/097-policy.json b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/iam/097-policy.json
new file mode 100644
index 000000000..0d985f9df
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/iam/097-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListUsers",
+                "iam:GetUser",
+                "iam:GetPolicy",
+                "iam:ListAttachedUserPolicies"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/iam.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/iam.tf
new file mode 100644
index 000000000..7515c516d
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/iam.tf
@@ -0,0 +1,31 @@
+resource "aws_iam_user" "this" {
+  name = "097_user_red"
+}
+resource "aws_iam_access_key" "this" {
+  user    = "${aws_iam_user.this.name}"
+  pgp_key = "keybase:c7n"
+}
+output "secret1" {
+  value = "${aws_iam_access_key.this.encrypted_secret}"
+}
+resource "aws_iam_policy" "this" {
+  name   = "097_policy_red"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+resource "aws_iam_user_policy_attachment" "this" {
+  user       = aws_iam_user.this.name
+  policy_arn = aws_iam_policy.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/provider.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/provider.tf
new file mode 100644
index 000000000..df69c9cfa
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-097-iam_users_receive_permissions_only_through_groups"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/terraform.tfvars b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/variables.tf b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/iam.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/iam.tf
new file mode 100644
index 000000000..b9cc25d34
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/provider.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/provider.tf
new file mode 100644
index 000000000..1916e78cd
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-098-iam_password_policy_password_reuse"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/terraform.tfvars b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/variables.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/iam/098-policy.json b/terraform/ecc-aws-098-iam_password_policy_password_reuse/iam/098-policy.json
new file mode 100644
index 000000000..550477fa6
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/iam/098-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/iam.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/iam.tf
new file mode 100644
index 000000000..0d3cd93a9
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  password_reuse_prevention      = 3
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/provider.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/provider.tf
new file mode 100644
index 000000000..159fd8c05
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-098-iam_password_policy_password_reuse"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/terraform.tfvars b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/variables.tf b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-098-iam_password_policy_password_reuse/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/green/ec2.tf b/terraform/ecc-aws-099-instance_without_any_tag/green/ec2.tf
new file mode 100644
index 000000000..07c21cb1c
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/green/ec2.tf
@@ -0,0 +1,14 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.nano"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/green/provider.tf b/terraform/ecc-aws-099-instance_without_any_tag/green/provider.tf
new file mode 100644
index 000000000..03df6b4f6
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-099-instance_without_any_tag"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/green/terraform.tfvars b/terraform/ecc-aws-099-instance_without_any_tag/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/green/variables.tf b/terraform/ecc-aws-099-instance_without_any_tag/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/iam/099-policy.json b/terraform/ecc-aws-099-instance_without_any_tag/iam/099-policy.json
new file mode 100644
index 000000000..c5b7332a8
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/iam/099-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/red/ec2.tf b/terraform/ecc-aws-099-instance_without_any_tag/red/ec2.tf
new file mode 100644
index 000000000..07c21cb1c
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/red/ec2.tf
@@ -0,0 +1,14 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.nano"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/red/provider.tf b/terraform/ecc-aws-099-instance_without_any_tag/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/red/terraform.tfvars b/terraform/ecc-aws-099-instance_without_any_tag/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-099-instance_without_any_tag/red/variables.tf b/terraform/ecc-aws-099-instance_without_any_tag/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-099-instance_without_any_tag/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/green/lb.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/green/lb.tf
new file mode 100644
index 000000000..436b0df13
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/green/lb.tf
@@ -0,0 +1,75 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+
+resource "aws_elb" "this" {
+  name               = "elb-101-http-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  access_logs {
+    bucket   = aws_s3_bucket.this.id
+    interval = 60
+  }
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+resource "aws_load_balancer_policy" "this" {
+  load_balancer_name = aws_elb.this.name
+  policy_name        = "c7npolicygreen"
+  policy_type_name   = "SSLNegotiationPolicyType"
+
+  policy_attribute {
+    name  = "Reference-Security-Policy"
+    value = "ELBSecurityPolicy-TLS-1-2-2017-01"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/green/provider.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/green/provider.tf
new file mode 100644
index 000000000..0fefa2c0a
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-101-load_balancer_access_logging_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/green/s3.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/green/s3.tf
new file mode 100644
index 000000000..49aca68fb
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/green/s3.tf
@@ -0,0 +1,28 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "101-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "allow_access_from_another_account" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::101-bucket-green/*"] 
+  }
+}
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/green/terraform.tfvars b/terraform/ecc-aws-101-clb_access_logging_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/green/variables.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/iam/101-policy.json b/terraform/ecc-aws-101-clb_access_logging_disabled/iam/101-policy.json
new file mode 100644
index 000000000..d3af9a24c
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/iam/101-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "tag:GetResources",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/red/lb.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/red/lb.tf
new file mode 100644
index 000000000..04c991a4e
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/red/lb.tf
@@ -0,0 +1,59 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_elb" "this" {
+  name               = "elb-101-http-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+
+  instances                   = ["${aws_instance.this.id}"]
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = "${tls_private_key.this.private_key_pem}"
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = "${tls_private_key.this.private_key_pem}"
+  certificate_body = "${tls_self_signed_cert.this.cert_pem}"
+}
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/red/provider.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/red/provider.tf
new file mode 100644
index 000000000..fe8c8ba13
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-101-load_balancer_access_logging_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/red/terraform.tfvars b/terraform/ecc-aws-101-clb_access_logging_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-101-clb_access_logging_disabled/red/variables.tf b/terraform/ecc-aws-101-clb_access_logging_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-101-clb_access_logging_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/provider.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/provider.tf
new file mode 100644
index 000000000..137b5da22
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-102-ensures_sqs_encryption_is_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/sqs.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/sqs.tf
new file mode 100644
index 000000000..17952a7e4
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/sqs.tf
@@ -0,0 +1,28 @@
+resource "aws_sqs_queue" "this" {
+  name                              = "102_sqs_green"
+  delay_seconds                     = 90
+  max_message_size                  = 2048
+  message_retention_seconds         = 86400
+  receive_wait_time_seconds         = 10
+  kms_master_key_id                 = "alias/aws/sqs"
+  kms_data_key_reuse_period_seconds = 300
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = "${aws_sqs_queue.this.id}"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.this.arn}"
+      }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/terraform.tfvars b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/variables.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/iam/102-policy.json b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/iam/102-policy.json
new file mode 100644
index 000000000..fa46379f6
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/iam/102-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sqs:ListQueues",
+                "tag:GetResources",
+                "sqs:GetQueueAttributes",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/provider.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/provider.tf
new file mode 100644
index 000000000..01294d5b4
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-102-ensures_sqs_encryption_is_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/sqs.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/sqs.tf
new file mode 100644
index 000000000..2d3ea00f2
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/sqs.tf
@@ -0,0 +1,27 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "102_sqs_red"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
+
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = "${aws_sqs_queue.this.id}"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.this.arn}"
+      }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/terraform.tfvars b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/variables.tf b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-102-ensures_sqs_encryption_is_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/green/ec2.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/green/ec2.tf
new file mode 100644
index 000000000..69808b613
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/green/ec2.tf
@@ -0,0 +1,15 @@
+resource "aws_instance" "this" {
+  ami                     = data.aws_ami.this.id
+  instance_type           = "t2.micro"
+  disable_api_termination = true
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/green/provider.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/green/provider.tf
new file mode 100644
index 000000000..96797d92c
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-103-instance_without_deletion_protection"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/green/terraform.tfvars b/terraform/ecc-aws-103-instance_without_deletion_protection/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/green/variables.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/iam/103-policy.json b/terraform/ecc-aws-103-instance_without_deletion_protection/iam/103-policy.json
new file mode 100644
index 000000000..874d17dc0
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/iam/103-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstanceAttribute",
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/red/ec2.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/red/ec2.tf
new file mode 100644
index 000000000..0b520fb35
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/red/ec2.tf
@@ -0,0 +1,15 @@
+resource "aws_instance" "this" {
+  ami                     = data.aws_ami.this.id
+  instance_type           = "t2.micro"
+  disable_api_termination = false
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/red/provider.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/red/provider.tf
new file mode 100644
index 000000000..fef1454a0
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-103-instance_without_deletion_protection"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/red/terraform.tfvars b/terraform/ecc-aws-103-instance_without_deletion_protection/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-103-instance_without_deletion_protection/red/variables.tf b/terraform/ecc-aws-103-instance_without_deletion_protection/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-103-instance_without_deletion_protection/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/green/provider.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/provider.tf
new file mode 100644
index 000000000..87de6935b
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-105-rds_instance_with_no_backups"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/green/rds.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/rds.tf
new file mode 100644
index 000000000..38aaefa50
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/rds.tf
@@ -0,0 +1,20 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 20
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t2.micro"
+  db_name              = "rds105green"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  backup_retention_period = "2"
+  skip_final_snapshot = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/green/terraform.tfvars b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/green/variables.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/iam/105-policy.json b/terraform/ecc-aws-105-rds_instance_with_no_backups/iam/105-policy.json
new file mode 100644
index 000000000..cfe8bef85
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/iam/105-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/red/provider.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/provider.tf
new file mode 100644
index 000000000..bc049ece9
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-105-rds_instance_with_no_backups"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/red/rds.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/rds.tf
new file mode 100644
index 000000000..32af0b443
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/rds.tf
@@ -0,0 +1,20 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 20
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t2.micro"
+  db_name              = "rds105red"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  backup_retention_period = "0"
+  skip_final_snapshot = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/red/terraform.tfvars b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-105-rds_instance_with_no_backups/red/variables.tf b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-105-rds_instance_with_no_backups/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/provider.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/provider.tf
new file mode 100644
index 000000000..08dbefd5a
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-109-prevent_0-65535_ingress_and_all"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/sg.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/sg.tf
new file mode 100644
index 000000000..26ef856cc
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "109_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/terraform.tfvars b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/variables.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/iam/109-policy.json b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/iam/109-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/iam/109-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/provider.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/provider.tf
new file mode 100644
index 000000000..d700c4168
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-109-prevent_0-65535_ingress_and_all"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/sg.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/sg.tf
new file mode 100644
index 000000000..6ebfeab9c
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "109_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/terraform.tfvars b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/variables.tf b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-109-prevent_0-65535_ingress_and_all/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/provider.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/provider.tf
new file mode 100644
index 000000000..06271cc57
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/sg.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/sg.tf
new file mode 100644
index 000000000..84d5b006a
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "110_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/terraform.tfvars b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/variables.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/iam/110-policy.json b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/iam/110-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/iam/110-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/provider.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/provider.tf
new file mode 100644
index 000000000..7ee7b3d2c
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/sg.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/sg.tf
new file mode 100644
index 000000000..40329eaba
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "110_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 53
+    to_port     = 53
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/terraform.tfvars b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/variables.tf b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-110-security-group-ingress-is-restricted_traffic_to_dns_port_53/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/provider.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/provider.tf
new file mode 100644
index 000000000..ee5a170cc
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/sg.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/sg.tf
new file mode 100644
index 000000000..ca55d0577
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "111_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/terraform.tfvars b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/variables.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/iam/111-policy.json b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/iam/111-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/iam/111-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/provider.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/provider.tf
new file mode 100644
index 000000000..14833615e
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/sg.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/sg.tf
new file mode 100644
index 000000000..d57cd5510
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "111_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 21
+    to_port     = 21
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/terraform.tfvars b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/variables.tf b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-111-security-group-ingress-is-restricted-traffic-to-ftp-port-21/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/provider.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/provider.tf
new file mode 100644
index 000000000..5f554a229
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/sg.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/sg.tf
new file mode 100644
index 000000000..bfcf35764
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "112_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/terraform.tfvars b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/variables.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/iam/112-policy.json b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/iam/112-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/iam/112-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/provider.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/provider.tf
new file mode 100644
index 000000000..ff4d74a59
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/sg.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/sg.tf
new file mode 100644
index 000000000..36d708ed3
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "112_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/terraform.tfvars b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/variables.tf b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-112-security-group-ingress-is-restricted_traffic_to_http_port_80/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/provider.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/provider.tf
new file mode 100644
index 000000000..7e78d95ad
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/sg.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/sg.tf
new file mode 100644
index 000000000..cdf1df8ab
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "113_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/terraform.tfvars b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/variables.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/iam/113-policy.json b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/iam/113-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/iam/113-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/provider.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/provider.tf
new file mode 100644
index 000000000..7c56d3a7c
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/sg.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/sg.tf
new file mode 100644
index 000000000..8f6ac640c
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "113_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 445
+    to_port     = 445
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/terraform.tfvars b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/variables.tf b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-113-security-group-ingress-is-restricted-traffic-to-microsoft-ds-port-445/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/provider.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/provider.tf
new file mode 100644
index 000000000..e021e872d
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/sg.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/sg.tf
new file mode 100644
index 000000000..b59546e48
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "114_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/terraform.tfvars b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/variables.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/iam/114-policy.json b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/iam/114-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/iam/114-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/provider.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/provider.tf
new file mode 100644
index 000000000..083b3a837
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/sg.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/sg.tf
new file mode 100644
index 000000000..220550d1f
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "114_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 27017
+    to_port     = 27017
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/terraform.tfvars b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/variables.tf b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-114-security-group_ingress_is_restricted_traffic_to_mongodb_port_27017/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/provider.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/provider.tf
new file mode 100644
index 000000000..87abdad41
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/sg.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/sg.tf
new file mode 100644
index 000000000..c4b37b46f
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "115_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/terraform.tfvars b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/variables.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/iam/115-policy.json b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/iam/115-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/iam/115-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/provider.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/provider.tf
new file mode 100644
index 000000000..36345f340
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/sg.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/sg.tf
new file mode 100644
index 000000000..62197ba38
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "115_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 3306
+    to_port     = 3306
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/terraform.tfvars b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/variables.tf b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-115-security-group-ingress-is-restricted_traffic_to_mysql_db_port_3306/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/provider.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/provider.tf
new file mode 100644
index 000000000..38f73281c
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/sg.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/sg.tf
new file mode 100644
index 000000000..1a83b072d
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "116_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/terraform.tfvars b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/variables.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/iam/116-policy.json b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/iam/116-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/iam/116-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/provider.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/provider.tf
new file mode 100644
index 000000000..7b8a09ad5
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/sg.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/sg.tf
new file mode 100644
index 000000000..49d359e86
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "116_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 139
+    to_port     = 139
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/terraform.tfvars b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/variables.tf b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-116-security-group_ingress_is_restricted_traffic_to_netbios-ssn_port_139/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/provider.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/provider.tf
new file mode 100644
index 000000000..5e5ef13fe
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/sg.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/sg.tf
new file mode 100644
index 000000000..bc7fb17be
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "117_c7n_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/terraform.tfvars b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/variables.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/iam/117-policy.json b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/iam/117-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/iam/117-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/provider.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/provider.tf
new file mode 100644
index 000000000..813c3e506
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/sg.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/sg.tf
new file mode 100644
index 000000000..22314f62f
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "117_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 1521
+    to_port     = 1521
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/terraform.tfvars b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/variables.tf b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/provider.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/provider.tf
new file mode 100644
index 000000000..e98371919
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/sg.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/sg.tf
new file mode 100644
index 000000000..007d2e1fd
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "118_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/terraform.tfvars b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/variables.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/iam/118-policy.json b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/iam/118-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/iam/118-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/provider.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/provider.tf
new file mode 100644
index 000000000..e3d817b6a
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/sg.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/sg.tf
new file mode 100644
index 000000000..fbb51d1f8
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "118_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 110
+    to_port     = 110
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/terraform.tfvars b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/variables.tf b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-118-security-group_ingress_is_restricted_traffic_to_pop3_port_110/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/provider.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/provider.tf
new file mode 100644
index 000000000..55f8d03aa
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/sg.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/sg.tf
new file mode 100644
index 000000000..e326a750f
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "119_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/terraform.tfvars b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/variables.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/iam/119-policy.json b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/iam/119-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/iam/119-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/provider.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/provider.tf
new file mode 100644
index 000000000..e5c3bc020
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/sg.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/sg.tf
new file mode 100644
index 000000000..2c15221a6
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "119_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 5432
+    to_port     = 5432
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/terraform.tfvars b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/variables.tf b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-119-security-group_ingress_is_restricted_traffic_to_postgresql_port_5432/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/provider.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/provider.tf
new file mode 100644
index 000000000..dc66e9062
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/sg.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/sg.tf
new file mode 100644
index 000000000..0fe3a83c0
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "120_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/terraform.tfvars b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/variables.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/iam/120-policy.json b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/iam/120-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/iam/120-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/provider.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/provider.tf
new file mode 100644
index 000000000..f9701c626
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/sg.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/sg.tf
new file mode 100644
index 000000000..470d906e4
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "120_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 25
+    to_port     = 25
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/terraform.tfvars b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/variables.tf b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-120-security-group_ingress_is_restricted_traffic_to_smtp_port_25/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/provider.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/provider.tf
new file mode 100644
index 000000000..4f53084e5
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/sg.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/sg.tf
new file mode 100644
index 000000000..7c6012d1b
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/sg.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "121_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/terraform.tfvars b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/variables.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/iam/121-policy.json b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/iam/121-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/iam/121-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/provider.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/provider.tf
new file mode 100644
index 000000000..2e3a2853c
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/sg.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/sg.tf
new file mode 100644
index 000000000..75ffd737b
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "121_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 23
+    to_port     = 23
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/terraform.tfvars b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/variables.tf b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-121-security-group_ingress_is_restricted_traffic_to_telnet_port_23/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/green/eks.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/green/eks.tf
new file mode 100644
index 000000000..2f2a57440
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/green/eks.tf
@@ -0,0 +1,59 @@
+resource "aws_eks_cluster" "this" {
+  name     = "124_eks_cluster_green"
+  role_arn = aws_iam_role.this.arn
+  version  = "1.25"
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-124-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/green/provider.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/green/provider.tf
new file mode 100644
index 000000000..37957c38b
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-124-eks_cluster_version_latest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/green/terraform.tfvars b/terraform/ecc-aws-124-eks_cluster_version_latest/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/green/variables.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/iam/124-policy.json b/terraform/ecc-aws-124-eks_cluster_version_latest/iam/124-policy.json
new file mode 100644
index 000000000..720934ee2
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/iam/124-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:DescribeCluster",
+                "eks:ListClusters",
+                "ec2:DescribeVpcs"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/red/eks.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/red/eks.tf
new file mode 100644
index 000000000..8fdf39929
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/red/eks.tf
@@ -0,0 +1,60 @@
+resource "aws_eks_cluster" "this" {
+  name     = "124_eks_cluster_red"
+  role_arn = aws_iam_role.this.arn
+  version  = "1.20"
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-cluster-124-red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/red/provider.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/red/provider.tf
new file mode 100644
index 000000000..e5d4525a8
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-124-eks_cluster_version_latest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/red/terraform.tfvars b/terraform/ecc-aws-124-eks_cluster_version_latest/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-124-eks_cluster_version_latest/red/variables.tf b/terraform/ecc-aws-124-eks_cluster_version_latest/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-124-eks_cluster_version_latest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/green/provider.tf b/terraform/ecc-aws-140-rds_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..0cfe9f553
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-140-rds_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/green/rds.tf b/terraform/ecc-aws-140-rds_without_tag_information/green/rds.tf
new file mode 100644
index 000000000..0084289cd
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/green/rds.tf
@@ -0,0 +1,19 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 20
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t2.micro"
+  db_name              = "database140green"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-140-rds_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/green/variables.tf b/terraform/ecc-aws-140-rds_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/iam/140-policy.json b/terraform/ecc-aws-140-rds_without_tag_information/iam/140-policy.json
new file mode 100644
index 000000000..cfe8bef85
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/iam/140-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/red/provider.tf b/terraform/ecc-aws-140-rds_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..0ba78dd11
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/red/rds.tf b/terraform/ecc-aws-140-rds_without_tag_information/red/rds.tf
new file mode 100644
index 000000000..fd1ff5fcb
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/red/rds.tf
@@ -0,0 +1,19 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 20
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t2.micro"
+  db_name              = "database140red"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-140-rds_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-140-rds_without_tag_information/red/variables.tf b/terraform/ecc-aws-140-rds_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-140-rds_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/iam.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/iam.tf
new file mode 100644
index 000000000..b9cc25d34
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/provider.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/terraform.tfvars b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/variables.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/168-policy.json b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/168-policy.json
new file mode 100644
index 000000000..550477fa6
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/168-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/report-filter.txt b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/report-filter.txt
new file mode 100644
index 000000000..ae73d8830
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field RequireUppercaseCharacters='\"c7n:password_policy\".RequireUppercaseCharacters'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/iam.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/iam.tf
new file mode 100644
index 000000000..5448115b4
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_uppercase_characters   = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/provider.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/terraform.tfvars b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/variables.tf b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-168-iam_password_policy_one_uppercase_letter/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-169-ensure_no_root_account_access_key_exists/iam/169-policy.json b/terraform/ecc-aws-169-ensure_no_root_account_access_key_exists/iam/169-policy.json
new file mode 100644
index 000000000..45e27acb8
--- /dev/null
+++ b/terraform/ecc-aws-169-ensure_no_root_account_access_key_exists/iam/169-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:GenerateCredentialReport",
+                "iam:ListAccountAliases",
+                "iam:GetCredentialReport"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/iam.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/iam.tf
new file mode 100644
index 000000000..b9cc25d34
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/provider.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/terraform.tfvars b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/variables.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/168-policy.json b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/168-policy.json
new file mode 100644
index 000000000..550477fa6
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/168-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/report-filter.txt b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/report-filter.txt
new file mode 100644
index 000000000..c9cfe7788
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field RequireLowercaseCharacters='\"c7n:password_policy\".RequireLowercaseCharacters'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/iam.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/iam.tf
new file mode 100644
index 000000000..54484b8ca
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/provider.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/terraform.tfvars b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/variables.tf b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-170-iam_password_policy_one_lowercase_letter/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/iam.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/iam.tf
new file mode 100644
index 000000000..70d7a344b
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age               = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/provider.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/terraform.tfvars b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/variables.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/171-policy.json b/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/171-policy.json
new file mode 100644
index 000000000..8472fd0c5
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/171-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy",
+                "sts:GetCallerIdentity"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/report-filter.txt b/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/report-filter.txt
new file mode 100644
index 000000000..7361b7c4d
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field RequireSymbols='\"c7n:password_policy\".RequireSymbols'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/iam.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/iam.tf
new file mode 100644
index 000000000..8ce8927d7
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_symbols = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/provider.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/terraform.tfvars b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/variables.tf b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-171-iam_password_policy_one_symbol/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/green/iam.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/green/iam.tf
new file mode 100644
index 000000000..70d7a344b
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age               = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/green/provider.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/green/terraform.tfvars b/terraform/ecc-aws-172-iam_password_policy_one_number/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/green/variables.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/iam/172-policy.json b/terraform/ecc-aws-172-iam_password_policy_one_number/iam/172-policy.json
new file mode 100644
index 000000000..8472fd0c5
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/iam/172-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy",
+                "sts:GetCallerIdentity"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/iam/report-filter.txt b/terraform/ecc-aws-172-iam_password_policy_one_number/iam/report-filter.txt
new file mode 100644
index 000000000..e32e558d1
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field RequireNumbers='\"c7n:password_policy\".RequireNumbers'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/red/iam.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/red/iam.tf
new file mode 100644
index 000000000..2e81b1a1f
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+    require_numbers = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/red/provider.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/red/terraform.tfvars b/terraform/ecc-aws-172-iam_password_policy_one_number/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-172-iam_password_policy_one_number/red/variables.tf b/terraform/ecc-aws-172-iam_password_policy_one_number/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-172-iam_password_policy_one_number/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/iam.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/iam.tf
new file mode 100644
index 000000000..70d7a344b
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age               = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/provider.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/terraform.tfvars b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/variables.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/173-policy.json b/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/173-policy.json
new file mode 100644
index 000000000..8472fd0c5
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/173-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy",
+                "sts:GetCallerIdentity"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/report-filter.txt b/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/report-filter.txt
new file mode 100644
index 000000000..bc158edde
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field MinimumPasswordLength='\"c7n:password_policy\".MinimumPasswordLength'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/iam.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/iam.tf
new file mode 100644
index 000000000..a24756391
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  minimum_password_length = 8
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/provider.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/terraform.tfvars b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/variables.tf b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-173-iam_password_min_length_ge_14/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/iam.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/iam.tf
new file mode 100644
index 000000000..70d7a344b
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/iam.tf
@@ -0,0 +1,9 @@
+resource "aws_iam_account_password_policy" "this" {
+  require_lowercase_characters   = true
+  require_uppercase_characters   = true
+  require_symbols                = true
+  require_numbers                = true
+  minimum_password_length        = 14
+  password_reuse_prevention      = 24  
+  max_password_age               = 90
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/provider.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/terraform.tfvars b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/variables.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/174-policy.json b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/174-policy.json
new file mode 100644
index 000000000..550477fa6
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/174-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "iam:GetAccountPasswordPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/report-filter.txt b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/report-filter.txt
new file mode 100644
index 000000000..3fdb0dbe4
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/iam/report-filter.txt
@@ -0,0 +1 @@
+"--field MaxPasswordAge='\"c7n:password_policy\".MaxPasswordAge'"
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/iam.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/iam.tf
new file mode 100644
index 000000000..0b02c6cbf
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_account_password_policy" "this" {
+  max_password_age = 180
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/provider.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/terraform.tfvars b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/variables.tf b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/cloudtrail.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/cloudtrail.tf
new file mode 100644
index 000000000..d86f3d095
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/cloudtrail.tf
@@ -0,0 +1,51 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-176-green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  enable_log_file_validation    = true
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-176-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-176-green"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-176-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/provider.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/provider.tf
new file mode 100644
index 000000000..5b6de28da
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-176-cloudtrail_log_validation_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/terraform.tfvars b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/variables.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/iam/176-policy.json b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/iam/176-policy.json
new file mode 100644
index 000000000..29596ce2e
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/iam/176-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:GetTrailStatus"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/cloudtrail.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/cloudtrail.tf
new file mode 100644
index 000000000..18fe0e6c5
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/cloudtrail.tf
@@ -0,0 +1,51 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-176-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  enable_log_file_validation    = false
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-176-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-176-red"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-176-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/provider.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/provider.tf
new file mode 100644
index 000000000..72ffb3616
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-176-cloudtrail_log_validation_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/terraform.tfvars b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/variables.tf b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-176-cloudtrail_log_validation_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/cloudtrail.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/cloudtrail.tf
new file mode 100644
index 000000000..b3498995e
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/cloudtrail.tf
@@ -0,0 +1,111 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                       = "cloudtrail-179-green"
+  s3_bucket_name             = aws_s3_bucket.this.id
+  cloud_watch_logs_role_arn  = aws_iam_role.this.arn
+  cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.this.arn}:*"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-179-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-179-green"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-179-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "179_log_group_green"
+}
+
+resource "aws_cloudwatch_log_stream" "this" {
+  name           = "179_log_stream_green"
+  log_group_name = aws_cloudwatch_log_group.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "179_cloudwatch_role_green"
+  assume_role_policy = <<-POLICY
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "cloudtrail.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+    POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name   = "179_policy_green"
+  role   = aws_iam_role.this.id
+  policy = <<-POLICY
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "AWSCloudTrailCreateLogStream2014110",
+        "Effect": "Allow",
+        "Action": [
+          "logs:CreateLogStream"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      },
+      {
+        "Sid": "AWSCloudTrailPutLogEvents20141101",
+        "Effect": "Allow",
+        "Action": [
+          "logs:PutLogEvents"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      }
+    ]
+  }
+  POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/provider.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/provider.tf
new file mode 100644
index 000000000..60ed9f7b7
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-179-cloudtrail_integrated_with_cloudwatch"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/terraform.tfvars b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/variables.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/iam/179-policy.json b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/iam/179-policy.json
new file mode 100644
index 000000000..29596ce2e
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/iam/179-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:GetTrailStatus"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/cloudtrail.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/cloudtrail.tf
new file mode 100644
index 000000000..cd2dbbc27
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/cloudtrail.tf
@@ -0,0 +1,52 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-179-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = false
+  is_multi_region_trail         = false
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-179-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-179-red"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-179-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/provider.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/provider.tf
new file mode 100644
index 000000000..49d0c0afb
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-179-cloudtrail_integrated_with_cloudwatch"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/terraform.tfvars b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/variables.tf b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/ec2.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/ec2.tf
new file mode 100644
index 000000000..b77100508
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/ec2.tf
@@ -0,0 +1,39 @@
+resource "aws_iam_role" "this" {
+  name = "181_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "181_instance_profile_green"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_instance" "web" {
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/provider.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/provider.tf
new file mode 100644
index 000000000..27cdad200
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/terraform.tfvars b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/variables.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/iam/181-policy.json b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/iam/181-policy.json
new file mode 100644
index 000000000..71341eced
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/iam/181-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/ec2.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/ec2.tf
new file mode 100644
index 000000000..d19974047
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/ec2.tf
@@ -0,0 +1,14 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/provider.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/provider.tf
new file mode 100644
index 000000000..74f86dd00
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/terraform.tfvars b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/variables.tf b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/green/config.tf b/terraform/ecc-aws-183-config_enabled_all_regions/green/config.tf
new file mode 100644
index 000000000..2378ae07a
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/green/config.tf
@@ -0,0 +1,27 @@
+resource "aws_config_configuration_recorder_status" "this" {
+  name       = aws_config_configuration_recorder.this.name
+  is_enabled = true
+  depends_on = [aws_config_delivery_channel.this]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-183-green"
+  force_destroy = true
+
+}
+
+resource "aws_config_delivery_channel" "this" {
+  name           = "183_delivery_channel_green"
+  s3_bucket_name = aws_s3_bucket.this.bucket
+  depends_on     = [aws_config_configuration_recorder.this]
+}
+
+resource "aws_config_configuration_recorder" "this" {
+  name     = "183_configuration_recorder_green"
+  role_arn = aws_iam_role.this.arn
+
+  recording_group {
+    all_supported                 = true
+    include_global_resource_types = true
+  }
+}
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/green/iam.tf b/terraform/ecc-aws-183-config_enabled_all_regions/green/iam.tf
new file mode 100644
index 000000000..715a160ab
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/green/iam.tf
@@ -0,0 +1,48 @@
+
+resource "aws_iam_role" "this" {
+  name = "183_role_green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "config.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "183_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/green/provider.tf b/terraform/ecc-aws-183-config_enabled_all_regions/green/provider.tf
new file mode 100644
index 000000000..19a90961b
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-183-config_enabled_all_regions"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/green/terraform.tfvars b/terraform/ecc-aws-183-config_enabled_all_regions/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/green/variables.tf b/terraform/ecc-aws-183-config_enabled_all_regions/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/iam/183-policy.json b/terraform/ecc-aws-183-config_enabled_all_regions/iam/183-policy.json
new file mode 100644
index 000000000..620f1960e
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/iam/183-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "config:DescribeConfigurationRecorders",
+                "config:DescribeConfigurationRecorderStatus",
+                "config:DescribeDeliveryChannels",
+                "iam:ListAccountAliases"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red/config.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red/config.tf
new file mode 100644
index 000000000..9e2f743e8
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red/config.tf
@@ -0,0 +1,75 @@
+resource "aws_config_configuration_recorder_status" "this" {
+  name       = aws_config_configuration_recorder.this.name
+  is_enabled = false
+  depends_on = [aws_config_delivery_channel.this]
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-183-red"
+  force_destroy = true
+
+}
+
+resource "aws_config_delivery_channel" "this" {
+  name           = "183_delivery_channel_red"
+  s3_bucket_name = aws_s3_bucket.this.bucket
+  depends_on     = [aws_config_configuration_recorder.this]
+}
+
+resource "aws_config_configuration_recorder" "this" {
+  name     = "183_configuration_recorder_red"
+  role_arn = aws_iam_role.this.arn
+
+  recording_group{
+    all_supported=false
+    resource_types = ["AWS::RDS::DBInstance"]
+  }
+}
+
+resource "aws_iam_role" "this" {
+  name = "183_role_red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "config.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "183_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red/provider.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red/provider.tf
new file mode 100644
index 000000000..c932687e1
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-183-config_enabled_all_regions"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red/terraform.tfvars b/terraform/ecc-aws-183-config_enabled_all_regions/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red/variables.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red1/config.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red1/config.tf
new file mode 100644
index 000000000..ae17f0c45
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red1/config.tf
@@ -0,0 +1,27 @@
+resource "aws_config_configuration_recorder_status" "this" {
+  name       = aws_config_configuration_recorder.this.name
+  is_enabled = false
+  depends_on = [aws_config_delivery_channel.this]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-183-red1"
+  force_destroy = true
+
+}
+
+resource "aws_config_delivery_channel" "this" {
+  name           = "183_delivery_channel_red1"
+  s3_bucket_name = aws_s3_bucket.this.bucket
+  depends_on     = [aws_config_configuration_recorder.this]
+}
+
+resource "aws_config_configuration_recorder" "this" {
+  name     = "183_configuration_recorder_red1"
+  role_arn = aws_iam_role.this.arn
+
+  recording_group {
+    all_supported  = false
+    resource_types = ["AWS::RDS::DBInstance"]
+  }
+}
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red1/iam.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red1/iam.tf
new file mode 100644
index 000000000..f3370b899
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red1/iam.tf
@@ -0,0 +1,48 @@
+
+resource "aws_iam_role" "this" {
+  name = "183_role_red1"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "config.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "183_policy_red1"
+  role = aws_iam_role.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red1/provider.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red1/provider.tf
new file mode 100644
index 000000000..cc8962416
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-183-config_enabled_all_regions"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red1/terraform.tfvars b/terraform/ecc-aws-183-config_enabled_all_regions/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-183-config_enabled_all_regions/red1/variables.tf b/terraform/ecc-aws-183-config_enabled_all_regions/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-183-config_enabled_all_regions/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/cloudtrail.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/cloudtrail.tf
new file mode 100644
index 000000000..e785ba5f5
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/cloudtrail.tf
@@ -0,0 +1,9 @@
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-184-green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  enable_log_file_validation    = true
+  include_global_service_events = true
+  is_multi_region_trail         = false
+  enable_logging                = true
+  kms_key_id                    = aws_kms_key.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/encryption.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/encryption.tf
new file mode 100644
index 000000000..0d5ca2e37
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/encryption.tf
@@ -0,0 +1,39 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.kms.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-184"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+       kms_master_key_id = aws_kms_key.this.arn
+       sse_algorithm     = "aws:kms"
+      }
+  }
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-184-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.bucket.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/iam.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/iam.tf
new file mode 100644
index 000000000..ef9278e2b
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/iam.tf
@@ -0,0 +1,77 @@
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "kms" {
+  statement {
+    sid = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+  statement {
+    sid = "Allow CloudTrail to encrypt logs"
+    effect = "Allow"
+    principals {
+      type = "Service"
+      identifiers = [
+        "cloudtrail.amazonaws.com",
+      ]
+    }
+    actions = [
+      "kms:GenerateDataKey*",
+    ]
+    resources = [
+      "*",
+    ]
+    condition {
+      test = "StringLike"
+      variable = "kms:EncryptionContext:aws:cloudtrail:arn"
+      values = [
+        "arn:aws:cloudtrail:*:${data.aws_caller_identity.this.account_id}:trail/*"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "bucket" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-184-green"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-184-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/provider.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/provider.tf
new file mode 100644
index 000000000..8afcf1b78
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/terraform.tfvars b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/variables.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/iam/184-policy.json b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/iam/184-policy.json
new file mode 100644
index 000000000..64bcbbaf6
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/iam/184-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:GetTrailStatus",
+                "iam:ListAccountAliases"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/cloudtrail.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/cloudtrail.tf
new file mode 100644
index 000000000..f7249cecf
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/cloudtrail.tf
@@ -0,0 +1,8 @@
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-184-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  enable_log_file_validation    = true
+  include_global_service_events = true
+  is_multi_region_trail         = false
+  enable_logging                = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/encryption.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/encryption.tf
new file mode 100644
index 000000000..39fc38973
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/encryption.tf
@@ -0,0 +1,39 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.kms.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-184"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+       kms_master_key_id = aws_kms_key.this.arn
+       sse_algorithm     = "aws:kms"
+      }
+  }
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-184-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.bucket.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/iam.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/iam.tf
new file mode 100644
index 000000000..044688bb9
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/iam.tf
@@ -0,0 +1,77 @@
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "kms" {
+  statement {
+    sid = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+  statement {
+    sid = "Allow CloudTrail to encrypt logs"
+    effect = "Allow"
+    principals {
+      type = "Service"
+      identifiers = [
+        "cloudtrail.amazonaws.com",
+      ]
+    }
+    actions = [
+      "kms:GenerateDataKey*",
+    ]
+    resources = [
+      "*",
+    ]
+    condition {
+      test = "StringLike"
+      variable = "kms:EncryptionContext:aws:cloudtrail:arn"
+      values = [
+        "arn:aws:cloudtrail:*:${data.aws_caller_identity.this.account_id}:trail/*"
+      ]
+    }
+  }
+}
+
+data "aws_iam_policy_document" "bucket" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-184-red"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-184-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/provider.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/provider.tf
new file mode 100644
index 000000000..e9f409e50
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/terraform.tfvars b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/variables.tf b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/kms.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/kms.tf
new file mode 100644
index 000000000..b10f0c369
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/kms.tf
@@ -0,0 +1,34 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-185"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/provider.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/provider.tf
new file mode 100644
index 000000000..70b881e7b
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-185-kms_key_rotation_is_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/terraform.tfvars b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/variables.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/iam/185-policy.json b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/iam/185-policy.json
new file mode 100644
index 000000000..95cf41c13
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/iam/185-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kms:DescribeKey",
+                "kms:ListKeys",
+                "kms:GetKeyRotationStatus",
+                "tagging:GetResources"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/kms.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/kms.tf
new file mode 100644
index 000000000..69de0c515
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/kms.tf
@@ -0,0 +1,32 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-185"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/provider.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/provider.tf
new file mode 100644
index 000000000..54fc2567e
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-185-kms_key_rotation_is_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/terraform.tfvars b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/variables.tf b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-185-kms_key_rotation_is_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/provider.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/provider.tf
new file mode 100644
index 000000000..5aef42159
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-186-security-group-ingress-is-restricted-22"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/sg.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/sg.tf
new file mode 100644
index 000000000..033163e4b
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "186_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["178.67.8.3/32"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/terraform.tfvars b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/variables.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/iam/186-policy.json b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/iam/186-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/iam/186-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/provider.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/provider.tf
new file mode 100644
index 000000000..e97717222
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-186-security-group-ingress-is-restricted-22"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/sg.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/sg.tf
new file mode 100644
index 000000000..51f5ad143
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "186_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/terraform.tfvars b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/variables.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/provider.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/provider.tf
new file mode 100644
index 000000000..eb1f4fd44
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-186-security-group-ingress-is-restricted-22"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/sg.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/sg.tf
new file mode 100644
index 000000000..657678e46
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "186_security_group_red1"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    ipv6_cidr_blocks = ["::/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/terraform.tfvars b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/variables.tf b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-186-security-group-ingress-is-restricted-22/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/provider.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/provider.tf
new file mode 100644
index 000000000..6dc0f06c1
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-187-security-group-ingress-is-restricted-3398"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/sg.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/sg.tf
new file mode 100644
index 000000000..aa4892ce2
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "187_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 3389
+    to_port     = 3389
+    protocol    = "tcp"
+    cidr_blocks = ["178.67.8.4/32"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/terraform.tfvars b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/variables.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/iam/187-policy.json b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/iam/187-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/iam/187-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/provider.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/provider.tf
new file mode 100644
index 000000000..bb1313469
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-187-security-group-ingress-is-restricted-3398"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/sg.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/sg.tf
new file mode 100644
index 000000000..0c4dda828
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "187_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 3389
+    to_port     = 3389
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/terraform.tfvars b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/variables.tf b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-187-security-group-ingress-is-restricted-3398/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/provider.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/provider.tf
new file mode 100644
index 000000000..778bccd11
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/sg.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/sg.tf
new file mode 100644
index 000000000..839d5d2b8
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/sg.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_default_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/terraform.tfvars b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/variables.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/iam/188-policy.json b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/iam/188-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/iam/188-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/provider.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/provider.tf
new file mode 100644
index 000000000..eb64ca1be
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/sg.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/sg.tf
new file mode 100644
index 000000000..0d8f9fa81
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/sg.tf
@@ -0,0 +1,14 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_default_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+  
+  ingress {
+    protocol  = -1
+    self      = true
+    from_port = 0
+    to_port   = 0
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/terraform.tfvars b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/variables.tf b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/distribution.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/distribution.tf
new file mode 100644
index 000000000..aad618386
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/distribution.tf
@@ -0,0 +1,64 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "https-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "https-only"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/provider.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/provider.tf
new file mode 100644
index 000000000..e00f9c580
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-190-encrypted_connection_between_cloudfront_origin"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/terraform.tfvars b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/variables.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/iam/190-policy.json b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/iam/190-policy.json
new file mode 100644
index 000000000..cbefe5622
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/iam/190-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/distribution.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/distribution.tf
new file mode 100644
index 000000000..a8938804a
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/distribution.tf
@@ -0,0 +1,64 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "http-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/provider.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/provider.tf
new file mode 100644
index 000000000..012951d00
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-190-encrypted_connection_between_cloudfront_origin"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/terraform.tfvars b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/variables.tf b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/eks.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/eks.tf
new file mode 100644
index 000000000..7b448abb1
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/eks.tf
@@ -0,0 +1,79 @@
+resource "aws_eks_cluster" "public" {
+  name     = "191_public_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    endpoint_private_access = true
+    endpoint_public_access  = true
+    public_access_cidrs     = ["11.2.3.4/32"]
+    subnet_ids              = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_eks_cluster" "private" {
+  name     = "191_private_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    endpoint_private_access = true
+    endpoint_public_access  = false
+    subnet_ids              = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "191_role_green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/provider.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/provider.tf
new file mode 100644
index 000000000..a46b9f394
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-191-eks_cluster_protected_endpoint_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/terraform.tfvars b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/variables.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/iam/191-policy.json b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/iam/191-policy.json
new file mode 100644
index 000000000..720934ee2
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/iam/191-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:DescribeCluster",
+                "eks:ListClusters",
+                "ec2:DescribeVpcs"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/eks.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/eks.tf
new file mode 100644
index 000000000..ef3fc3700
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/eks.tf
@@ -0,0 +1,77 @@
+resource "aws_eks_cluster" "private" {
+  name     = "191_private_cluster_red"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    endpoint_private_access = true
+    endpoint_public_access  = true
+    subnet_ids              = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_eks_cluster" "public" {
+  name     = "191_public_cluster_red"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    endpoint_private_access = false
+    endpoint_public_access  = true
+    subnet_ids              = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "191_role_red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/provider.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/provider.tf
new file mode 100644
index 000000000..db978f0d8
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-191-eks_cluster_protected_endpoint_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/terraform.tfvars b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/variables.tf b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-191-eks_cluster_protected_endpoint_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/green/provider.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/green/provider.tf
new file mode 100644
index 000000000..6ebea8459
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-196-unused_ec2_security_groups"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/green/sg.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/green/sg.tf
new file mode 100644
index 000000000..9e39c80f1
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/green/sg.tf
@@ -0,0 +1,19 @@
+resource "aws_security_group" "this" {
+  name = "196_security_group_green"
+}
+
+resource "aws_instance" "this" {
+  ami                    = data.aws_ami.this.id
+  instance_type          = "t2.micro"
+  vpc_security_group_ids = [aws_security_group.this.id]
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/green/terraform.tfvars b/terraform/ecc-aws-196-unused_ec2_security_groups/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/green/variables.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/iam/196-policy.json b/terraform/ecc-aws-196-unused_ec2_security_groups/iam/196-policy.json
new file mode 100644
index 000000000..efdc5e8ae
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/iam/196-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroupReferences",
+                "ec2:DescribeRegions"
+                      ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/red/provider.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/red/provider.tf
new file mode 100644
index 000000000..fb65e8996
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-196-unused_ec2_security_groups"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/red/sg.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/red/sg.tf
new file mode 100644
index 000000000..40173fb9d
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/red/sg.tf
@@ -0,0 +1,3 @@
+resource "aws_security_group" "this" {
+  name = "196_security_group_red"
+}
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/red/terraform.tfvars b/terraform/ecc-aws-196-unused_ec2_security_groups/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-196-unused_ec2_security_groups/red/variables.tf b/terraform/ecc-aws-196-unused_ec2_security_groups/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-196-unused_ec2_security_groups/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/codebuild.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/codebuild.tf
new file mode 100644
index 000000000..46e318aff
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/codebuild.tf
@@ -0,0 +1,60 @@
+resource "aws_codebuild_project" "a" {
+  name         = "c7n-197-codebuild-a-green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/standard:1.0"
+    type         = "LINUX_CONTAINER"
+  }
+
+  source {
+    type       = "GITHUB"
+    location   = var.github_location
+  }
+}
+
+resource "aws_codebuild_project" "b" {
+  name         = "c7n-197-codebuild-b-green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/standard:1.0"
+    type         = "LINUX_CONTAINER"
+  }
+
+  source {
+    type       = "BITBUCKET"
+    location   = var.bitbucket_location
+  }
+}
+
+resource "aws_iam_role" "this" {
+  name = "197_c7n_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/provider.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/provider.tf
new file mode 100644
index 000000000..84feef619
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-197-codebuild_project_source_repo_url_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/terraform.tfvars b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/terraform.tfvars
new file mode 100644
index 000000000..3a02bb594
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/terraform.tfvars
@@ -0,0 +1,4 @@
+profile            = "c7n"
+default-region     = "us-east-1"
+github_location    = "github repository"
+bitbucket_location = "Bitbucket repository"
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/variables.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/variables.tf
new file mode 100644
index 000000000..197907642
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/green/variables.tf
@@ -0,0 +1,17 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+}
+
+variable "bitbucket_location" {
+  type        = string
+}
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/iam/197-policy.json b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/iam/197-policy.json
new file mode 100644
index 000000000..00d75e2cb
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/iam/197-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "codebuild:ListProjects"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/codebuild.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/codebuild.tf
new file mode 100644
index 000000000..33db5a26b
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/codebuild.tf
@@ -0,0 +1,81 @@
+resource "aws_codebuild_project" "a" {
+  name         = "c7n-197-codebuild-a-red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/standard:1.0"
+    type         = "LINUX_CONTAINER"
+  }
+
+  source {
+    type       = "GITHUB"
+    location   = var.github_location
+    auth {
+      type     = "OAUTH"
+      resource = aws_codebuild_source_credential.source_a.arn
+    }
+  }
+}
+
+resource "aws_codebuild_source_credential" "source_a" {
+  auth_type   = "PERSONAL_ACCESS_TOKEN"
+  server_type = "GITHUB"
+  token       = var.token
+}
+
+resource "aws_codebuild_project" "b" {
+  name         = "c7n-197-codebuild-b-red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/standard:1.0"
+    type         = "LINUX_CONTAINER"
+  }
+
+  source {
+    type       = "BITBUCKET"
+    location   = var.bitbucket_location
+    auth {
+      type     = "OAUTH"
+      resource = aws_codebuild_source_credential.source_b.arn
+    }
+  }
+}
+
+resource "aws_codebuild_source_credential" "source_b" {
+  auth_type   = "BASIC_AUTH"
+  server_type = "BITBUCKET"
+  token       = var.user_password
+  user_name   = var.user_name
+}
+
+resource "aws_iam_role" "this" {
+  name = "197_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/provider.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/provider.tf
new file mode 100644
index 000000000..a353b2f65
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-197-codebuild_project_source_repo_url_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/terraform.tfvars b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/terraform.tfvars
new file mode 100644
index 000000000..0c43f63bd
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/terraform.tfvars
@@ -0,0 +1,7 @@
+profile            = "c7n"
+default-region     = "us-east-1"
+github_location    = "GitHub repository"
+bitbucket_location = "Bitbucket repository"
+token              = "GitHub access token"
+user_password      = "Bitbucket user password"
+user_name          = "Bitbucket user name"
\ No newline at end of file
diff --git a/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/variables.tf b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/variables.tf
new file mode 100644
index 000000000..b6e6714f3
--- /dev/null
+++ b/terraform/ecc-aws-197-codebuild_project_source_repo_url_check/red/variables.tf
@@ -0,0 +1,29 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+}
+
+variable "bitbucket_location" {
+  type        = string
+}
+
+variable "token" {
+  type        = string
+}
+
+variable "user_password" {
+  type        = string
+}
+
+variable "user_name" {
+  type        = string
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/green/asg.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/asg.tf
new file mode 100644
index 000000000..19887a718
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/asg.tf
@@ -0,0 +1,29 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "198_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  availability_zones        = ["us-east-1a"]
+  desired_capacity          = 1
+  max_size                  = 1
+  min_size                  = 1
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/green/provider.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/provider.tf
new file mode 100644
index 000000000..fbc0ca7e3
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-198-autoscaling_group_health_checks"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/green/terraform.tfvars b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/green/variables.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/iam/198-policy.json b/terraform/ecc-aws-198-autoscaling_group_health_checks/iam/198-policy.json
new file mode 100644
index 000000000..de2970768
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/iam/198-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "autoscaling:DescribeAutoScalingGroups",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/red/asg.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/asg.tf
new file mode 100644
index 000000000..dae13781f
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/asg.tf
@@ -0,0 +1,29 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "198_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  availability_zones        = ["us-east-1a"]
+  desired_capacity          = 1
+  max_size                  = 1
+  min_size                  = 1
+  health_check_grace_period = 300
+  health_check_type         = "EC2"
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/red/provider.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/provider.tf
new file mode 100644
index 000000000..74846422e
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-198-autoscaling_group_health_checks"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/red/terraform.tfvars b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-198-autoscaling_group_health_checks/red/variables.tf b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-198-autoscaling_group_health_checks/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/green/eip.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/eip.tf
new file mode 100644
index 000000000..0441e7c66
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/eip.tf
@@ -0,0 +1,18 @@
+resource "aws_eip" "this" {
+  instance = aws_instance.this.id
+}
+
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/green/provider.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/provider.tf
new file mode 100644
index 000000000..b3dee9d02
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-199-unused_eip_should_be_removed"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/green/terraform.tfvars b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/green/variables.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/iam/199-policy.json b/terraform/ecc-aws-199-unused_eip_should_be_removed/iam/199-policy.json
new file mode 100644
index 000000000..190a4aa41
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/iam/199-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeAddresses"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/red/eip.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/eip.tf
new file mode 100644
index 000000000..7782b2176
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/eip.tf
@@ -0,0 +1,2 @@
+resource "aws_eip" "this" {
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/red/provider.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/provider.tf
new file mode 100644
index 000000000..0a8ce2bfc
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-199-unused_eip_should_be_removed"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/red/terraform.tfvars b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-199-unused_eip_should_be_removed/red/variables.tf b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-199-unused_eip_should_be_removed/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/elasticsearch.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/elasticsearch.tf
new file mode 100644
index 000000000..7891abb92
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/elasticsearch.tf
@@ -0,0 +1,28 @@
+resource "aws_iam_service_linked_role" "this" {
+  aws_service_name = "es.amazonaws.com"
+}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name = "elasticsearch-200-green"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+
+  vpc_options {
+    subnet_ids = [
+      aws_subnet.this.id
+    ]
+  }
+  depends_on = [aws_iam_service_linked_role.this]
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/provider.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/provider.tf
new file mode 100644
index 000000000..fd47fc2cc
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-200-elasticsearch_service_domains_in_vpc"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/terraform.tfvars b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/variables.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/iam/200-policy.json b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/iam/200-policy.json
new file mode 100644
index 000000000..47ef085e9
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/iam/200-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/elasticsearch.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/elasticsearch.tf
new file mode 100644
index 000000000..72a6cad3d
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/elasticsearch.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name = "elasticsearch-200-red"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/provider.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/provider.tf
new file mode 100644
index 000000000..54750cf9b
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-200-elasticsearch_service_domains_in_vpc"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/terraform.tfvars b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/variables.tf b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-200-elasticsearch_service_domains_in_vpc/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/elasticsearch.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/elasticsearch.tf
new file mode 100644
index 000000000..c94223649
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/elasticsearch.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-201-green"
+  elasticsearch_version = "7.4"
+
+  encrypt_at_rest {
+    enabled = true
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/provider.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/provider.tf
new file mode 100644
index 000000000..32f854404
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-201-elasticsearch_service_domains_encryption_at_rest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/terraform.tfvars b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/variables.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/iam/201-policy.json b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/iam/201-policy.json
new file mode 100644
index 000000000..47ef085e9
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/iam/201-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/elasticsearch.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/elasticsearch.tf
new file mode 100644
index 000000000..437f0ce5a
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/elasticsearch.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-201-red"
+  elasticsearch_version = "7.4"
+
+  encrypt_at_rest {
+    enabled = false
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/provider.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/provider.tf
new file mode 100644
index 000000000..6316f4288
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-201-elasticsearch_service_domains_encryption_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/terraform.tfvars b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/variables.tf b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/ebs.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/ebs.tf
new file mode 100644
index 000000000..6c1c5f557
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/ebs.tf
@@ -0,0 +1,8 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 10
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/provider.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/provider.tf
new file mode 100644
index 000000000..0b4573e16
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-203-ebs_snapshots_not_publicly_restorable"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/terraform.tfvars b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/variables.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/iam/203-policy.json b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/iam/203-policy.json
new file mode 100644
index 000000000..43e8d5420
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/iam/203-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeSnapshots",
+                "ec2:DescribeSnapshotAttribute",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/ebs.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/ebs.tf
new file mode 100644
index 000000000..04fe1fbaa
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/ebs.tf
@@ -0,0 +1,16 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 10
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command     = "aws ec2 modify-snapshot-attribute --snapshot-id ${aws_ebs_snapshot.this.id} --attribute createVolumePermission --operation-type add  --group-names all"
+    interpreter = ["/bin/bash", "-c"]
+  }
+  depends_on = [aws_ebs_snapshot.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/provider.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/provider.tf
new file mode 100644
index 000000000..e18ba870a
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-203-ebs_snapshots_not_publicly_restorable"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/terraform.tfvars b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/variables.tf b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/cw.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/cw.tf
new file mode 100644
index 000000000..b72821147
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/cw.tf
@@ -0,0 +1,35 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "206_log_group_green"
+}
+
+resource "aws_cloudwatch_log_stream" "this" {
+  name           = "206_log_stream_green"
+  log_group_name = aws_cloudwatch_log_group.this.name
+}
+
+resource "aws_cloudwatch_log_metric_filter" "this" {
+  name           = "206_Iam_Policy_Changes_green"
+  pattern        = "{($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy)}"
+
+  log_group_name = aws_cloudwatch_log_group.this.name
+
+  metric_transformation {
+    name      = "206_Iam_Policy_Changes_green"
+    namespace = var.namespace
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "this" {
+  alarm_name                = "206_Iam_Policy_Changes_green"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "1"
+  metric_name               = "206_Iam_Policy_Changes_green"
+  namespace                 = var.namespace
+  period                    = "300"
+  statistic                 = "Sum"
+  threshold                 = "1"
+  alarm_description         = ""
+  insufficient_data_actions = []
+  alarm_actions             = [aws_sns_topic.this.arn]
+}
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/iam.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/iam.tf
new file mode 100644
index 000000000..d8af4b63c
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/iam.tf
@@ -0,0 +1,47 @@
+resource "aws_iam_role" "this" {
+  name               = "206_role_green"
+  assume_role_policy = <<-POLICY
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "cloudtrail.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+    POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name   = "206_policy_green"
+  role   = aws_iam_role.this.id
+  policy = <<-POLICY
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:CreateLogStream"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:PutLogEvents"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      }
+    ]
+  }
+  POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/provider.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/provider.tf
new file mode 100644
index 000000000..5409a9b05
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-206-IAM_policy_changes_alarm_exists"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/sns.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/sns.tf
new file mode 100644
index 000000000..274558105
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/sns.tf
@@ -0,0 +1,18 @@
+resource "aws_sns_topic" "this" {
+  name = "206-sns-green"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = join(" ", [
+      "aws sns subscribe",
+      "--topic-arn ${aws_sns_topic.this.arn}",
+      "--protocol email",
+      "--notification-endpoint ${var.test-email}",
+      "--profile ${var.profile}",
+      "--region ${var.default-region}"
+      
+      ]
+    )
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/terraform.tfvars b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/terraform.tfvars
new file mode 100644
index 000000000..4df4a4600
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/terraform.tfvars
@@ -0,0 +1,4 @@
+profile        = "c7n"
+default-region = "us-east-1"
+test-email     = "example@gmail.com"
+namespace      = "IAM_Policy_Changes"
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/trail.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/trail.tf
new file mode 100644
index 000000000..57a51d3e2
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/trail.tf
@@ -0,0 +1,52 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "c7n-206-cloudtrail-green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  cloud_watch_logs_role_arn     = aws_iam_role.this.arn
+  cloud_watch_logs_group_arn    = "${aws_cloudwatch_log_group.this.arn}:*"
+  include_global_service_events = true
+  is_multi_region_trail         = true
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-206-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-green"]
+  }
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/variables.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/variables.tf
new file mode 100644
index 000000000..97a511529
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/green/variables.tf
@@ -0,0 +1,19 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "namespace" {
+  type = string
+  description = "Namespace to store cloudwatch metric data"
+}
+
+variable "test-email" {
+  type        = string
+  description = "Email to send alarms"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/iam/206-policy.json b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/iam/206-policy.json
new file mode 100644
index 000000000..d4871ce9e
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/iam/206-policy.json
@@ -0,0 +1,20 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:GetTrailStatus",
+                "cloudtrail:GetEventSelectors",
+                "sns:GetTopicAttributes",
+                "sns:ListTopics",
+                "cloudwatch:DescribeAlarms",
+                "logs:DescribeMetricFilters",
+                "logs:DescribeLogGroups",
+                "iam:ListAccountAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/cw.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/cw.tf
new file mode 100644
index 000000000..60aeec3d5
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/cw.tf
@@ -0,0 +1,8 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "206_log_group_red"
+}
+
+resource "aws_cloudwatch_log_stream" "this" {
+  name           = "206_log_stream_red"
+  log_group_name = aws_cloudwatch_log_group.this.name
+}
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/iam.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/iam.tf
new file mode 100644
index 000000000..0d19e9bd5
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/iam.tf
@@ -0,0 +1,47 @@
+resource "aws_iam_role" "this" {
+    name = "206_role_red"
+    assume_role_policy = <<-POLICY
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "cloudtrail.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+    POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "206_policy_red"
+  role = aws_iam_role.this.id
+  policy = <<-POLICY
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:CreateLogStream"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:PutLogEvents"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      }
+    ]
+  }
+  POLICY
+}
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/provider.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/provider.tf
new file mode 100644
index 000000000..231587247
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-206-IAM_policy_changes_alarm_exists"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/sns.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/sns.tf
new file mode 100644
index 000000000..c28467d8e
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "this" {
+  name = "206_sns_red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/terraform.tfvars b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/trail.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/trail.tf
new file mode 100644
index 000000000..b3f335c21
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/trail.tf
@@ -0,0 +1,51 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "c7n-206-cloudtrail-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  cloud_watch_logs_role_arn     = aws_iam_role.this.arn
+  cloud_watch_logs_group_arn    = "${aws_cloudwatch_log_group.this.arn}:*"
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-206-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-red"]
+  }
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/variables.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/cw.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/cw.tf
new file mode 100644
index 000000000..249111b7e
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/cw.tf
@@ -0,0 +1,34 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "206_log_group_red1"
+}
+
+resource "aws_cloudwatch_log_stream" "this" {
+  name           = "206_log_stream_red1"
+  log_group_name = aws_cloudwatch_log_group.this.name
+}
+
+resource "aws_cloudwatch_log_metric_filter" "this" {
+  name           = "206_Console_Sign_in_without_MFA_red1"
+  pattern        = "{($.eventName=DeleteGroupPolicy) || ($.eventName=DeleteRolePolicy) || ($.eventName=DeleteUserPolicy) || ($.eventName=PutGroupPolicy) || ($.eventName=PutRolePolicy) || ($.eventName=PutUserPolicy) || ($.eventName=CreatePolicy) || ($.eventName=DeletePolicy) || ($.eventName=CreatePolicyVersion) || ($.eventName=DeletePolicyVersion) || ($.eventName=AttachRolePolicy) || ($.eventName=DetachRolePolicy) || ($.eventName=AttachUserPolicy) || ($.eventName=DetachUserPolicy) || ($.eventName=AttachGroupPolicy) || ($.eventName=DetachGroupPolicy)}"
+  log_group_name = aws_cloudwatch_log_group.this.name
+
+  metric_transformation {
+    name      = "206_Console_Sign_in_without_MFA_red1"
+    namespace = var.namespace
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "this" {
+  alarm_name                = "206_Console_Sign_in_without_MFA_red1"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "1"
+  metric_name               = "206_Console_Sign_in_without_MFA_red1"
+  namespace                 = var.namespace
+  period                    = "300"
+  statistic                 = "Sum"
+  threshold                 = "1"
+  alarm_description         = ""
+  insufficient_data_actions = []
+  alarm_actions             = [aws_sns_topic.this.arn]
+}
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/iam.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/iam.tf
new file mode 100644
index 000000000..3a0eaaa1d
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/iam.tf
@@ -0,0 +1,47 @@
+resource "aws_iam_role" "this" {
+  name               = "206_role_red1"
+  assume_role_policy = <<-POLICY
+    {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "cloudtrail.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    }
+    POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name   = "206_policy_red1"
+  role   = aws_iam_role.this.id
+  policy = <<-POLICY
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:CreateLogStream"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      },
+      {
+        "Effect": "Allow",
+        "Action": [
+          "logs:PutLogEvents"
+        ],
+        "Resource": [
+          "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+        ]
+      }
+    ]
+  }
+  POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/provider.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/provider.tf
new file mode 100644
index 000000000..4dd409897
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-206-IAM_policy_changes_alarm_exists"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/sns.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/sns.tf
new file mode 100644
index 000000000..ea45b9ceb
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/sns.tf
@@ -0,0 +1,18 @@
+resource "aws_sns_topic" "this" {
+  name = "206-sns-red1"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = join(" ", [
+      "aws sns subscribe",
+      "--topic-arn ${aws_sns_topic.this.arn}",
+      "--protocol email",
+      "--notification-endpoint ${var.test-email}",
+      "--profile ${var.profile}",
+      "--region ${var.default-region}"
+      
+      ]
+    )
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/terraform.tfvars b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/terraform.tfvars
new file mode 100644
index 000000000..35e08c7f5
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/terraform.tfvars
@@ -0,0 +1,4 @@
+profile        = "c7n"
+default-region = "us-east-1"
+test-email     = "example@gmail.com"
+namespace      = "IAM_Policy_Changess"
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/trail.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/trail.tf
new file mode 100644
index 000000000..0648583e7
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/trail.tf
@@ -0,0 +1,51 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "c7n-206-cloudtrail-red1"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  cloud_watch_logs_role_arn     = aws_iam_role.this.arn
+  cloud_watch_logs_group_arn    = "${aws_cloudwatch_log_group.this.arn}:*"
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-206-bucket-red1"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-red1"]
+  }
+  statement {
+    effect = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-206-bucket-red1/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/variables.tf b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/variables.tf
new file mode 100644
index 000000000..97a511529
--- /dev/null
+++ b/terraform/ecc-aws-206-IAM_policy_changes_alarm_exists/red1/variables.tf
@@ -0,0 +1,19 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "namespace" {
+  type = string
+  description = "Namespace to store cloudwatch metric data"
+}
+
+variable "test-email" {
+  type        = string
+  description = "Email to send alarms"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/green/cloudfront.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/green/cloudfront.tf
new file mode 100644
index 000000000..0f9ad53d4
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/green/cloudfront.tf
@@ -0,0 +1,54 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-210-green"
+}
+
+locals {
+  s3_origin_id = "myGreenS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+  web_acl_id          = aws_waf_web_acl.this.id
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+
+resource "aws_waf_web_acl" "this" {
+  name        = "waf-web-acl-210-green"
+  metric_name = "GreenWebACL210"
+
+  default_action {
+    type = "ALLOW"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/green/provider.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/green/provider.tf
new file mode 100644
index 000000000..fb2386ad3
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-210-cloud_front_waf_integration"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/green/terraform.tfvars b/terraform/ecc-aws-210-cloud_front_waf_integration/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/green/variables.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/iam/210-policy.json b/terraform/ecc-aws-210-cloud_front_waf_integration/iam/210-policy.json
new file mode 100644
index 000000000..41aa089ff
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/iam/210-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/red/cloudfront.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/red/cloudfront.tf
new file mode 100644
index 000000000..070a20476
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-210-red"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+  
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/red/provider.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/red/provider.tf
new file mode 100644
index 000000000..acf126da4
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-210-cloud_front_waf_integration"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/red/terraform.tfvars b/terraform/ecc-aws-210-cloud_front_waf_integration/red/terraform.tfvars
new file mode 100644
index 000000000..9eef35e39
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "eu-central-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-210-cloud_front_waf_integration/red/variables.tf b/terraform/ecc-aws-210-cloud_front_waf_integration/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-210-cloud_front_waf_integration/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/func.py b/terraform/ecc-aws-212-lambda_in_vpc/green/func.py
new file mode 100644
index 000000000..76eda3b9a
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/green/func.py
@@ -0,0 +1,8 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/func.zip b/terraform/ecc-aws-212-lambda_in_vpc/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/lambda.tf b/terraform/ecc-aws-212-lambda_in_vpc/green/lambda.tf
new file mode 100644
index 000000000..3c461684b
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/green/lambda.tf
@@ -0,0 +1,75 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.2.0/24"
+}
+
+resource "aws_security_group" "this" {
+  name   = "212_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_iam_role" "this" {
+  name = "212_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "212_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "212_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+  runtime = "python3.8"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/provider.tf b/terraform/ecc-aws-212-lambda_in_vpc/green/provider.tf
new file mode 100644
index 000000000..357551888
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-212-lambda_in_vpc"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/terraform.tfvars b/terraform/ecc-aws-212-lambda_in_vpc/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/green/variables.tf b/terraform/ecc-aws-212-lambda_in_vpc/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/iam/212-policy.json b/terraform/ecc-aws-212-lambda_in_vpc/iam/212-policy.json
new file mode 100644
index 000000000..efacd876e
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/iam/212-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/func.py b/terraform/ecc-aws-212-lambda_in_vpc/red/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/red/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/func.zip b/terraform/ecc-aws-212-lambda_in_vpc/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/lambda.tf b/terraform/ecc-aws-212-lambda_in_vpc/red/lambda.tf
new file mode 100644
index 000000000..524445dba
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/red/lambda.tf
@@ -0,0 +1,70 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_security_group" "this" {
+  name   = "212_security_group_red"
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_iam_role" "this" {
+  name = "212_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "212_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "212_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+  runtime = "python3.8"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/provider.tf b/terraform/ecc-aws-212-lambda_in_vpc/red/provider.tf
new file mode 100644
index 000000000..f6481c32b
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-212-lambda_in_vpc"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/terraform.tfvars b/terraform/ecc-aws-212-lambda_in_vpc/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-212-lambda_in_vpc/red/variables.tf b/terraform/ecc-aws-212-lambda_in_vpc/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-212-lambda_in_vpc/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/provider.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/provider.tf
new file mode 100644
index 000000000..783038255
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-215-redshift_cluster_prohibit_public_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/redshift.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/redshift.tf
new file mode 100644
index 000000000..b43e11df0
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-215-green"
+  database_name       = "redshift215green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  publicly_accessible = false
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/terraform.tfvars b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/variables.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/iam/215-policy.json b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/iam/215-policy.json
new file mode 100644
index 000000000..e0617d26e
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/iam/215-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/provider.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/provider.tf
new file mode 100644
index 000000000..2115ce75a
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-215-redshift_cluster_prohibit_public_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/redshift.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/redshift.tf
new file mode 100644
index 000000000..370c989fe
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-215-red"
+  database_name       = "redshift215red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/terraform.tfvars b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/variables.tf b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-215-redshift_cluster_prohibit_public_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/MessageUtil.zip b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/MessageUtil.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e6facf480a5c39e92816007fa43f7f3337c3df87
GIT binary patch
literal 2745
zcmbW2cT`hX9LFD!7)BtdEYX515m%T651}brkRelv7A=7YSfY%e2I`1_xCtYIEM**7
zDuo18h9X-9Co(D`h!TcaFwlUA^j$Gcj^ub~?>qP1yg%+I_kO>>`@K$fQV1nT8h)&H
zy0}4K8$|+w<e}vdIn+PECnS*Kji*xs+}-3Ml-?c;Imj17egXH;LvoM=qF)MvzP!%G
z5EfPIpe?6T$=Zq*TCTy6@m|Fuo2K?{_1l7v*jM}JUgkAUZQH7!^KNx%d$OndIVs9R
zD)MF$tKz5$!@w$(F+`W=hRSyOT~SHPuFZdHKrz7)J#pOO<bl<Q(|<d(bnjDKW{FY_
z&#l_hf&5`2g8W3MUa9|J+Yz(VRF_ibNjCN^kD$~yQP$V9hBTx2i`@fm|73aT)u8Qz
zv=!GM@)lonMu)XJbf@NVvy68e?fGqA!h0t>l(h17lu0SPb+B!xe+4lS5o9a8Nfazd
z;C?Fp&{rw2uoR$+lfw0ZV~viY$+N;gf(z3gYdBF>1|do$^CW``?2EJUqZUQH{#U*2
z{wYe##<c_jp`4xK<e4YsqY|2#&`11pXTkPJ>DFVl_Ur(RhdYu^?_y%l2QAB35*(9L
zXk7CMOMUVBK+nA!L8(lBbJ$QmG9|=+L;MoUjHe^4(NiV&liqImoVEVrnH~n6-C0+z
zb`Tfi(iSPpvY1@J3L4B)z3g**JUi2+<Vch2nurW<^F-5oGVf%r7JrJTv_?su^+Hzc
z*yW;E9lk@~4|h0mPfL}<WSuPj%vjaBEqJd>3HGLCGR3)VZ~s1-?oso&HRiYm=SnR*
zEKEV&M?tUmSC=~tax`>R<I{`_osLZtV}2tH-ICX~&2*}*-e@ly=c?`^SFaq+*Fi6F
z2+>c0YHG)_`rbZ1F<5*cMaQ>8@ltg`FPf`xLv!8Hr1G-FnGJea1MQ6D=*(B|&ZD(Q
zUOq=gutx)Ov^K4bz($|Aqcyz%czE~YsmlGZf553(4?!(o+#xJ#@Qr{y3<>tu{!+^y
zd@$rr@wF@@<b6Ys`AVRA`R|*>C{QqDLI37R2r)(9U=&0#d%X^L&9XFLmL}Z6D3%3I
zYPSfBED1pxb65_PkPt6liaX6e01x0_wi^mFUjy!3b{f+R)T<SrSeH|<Jo^o#9Bz1Z
z3#Pj)zCO--bGmM>c_qOy^@@bsilXtR@R{)BzH4lBuYvxKA!%Hk3fa%vMsGEPhPdE2
zEt3&7Kx?tq(mR2Evar?e7)w3>o?-QR-J!+9b;e2E`pIV_rExvw#p<h!-!Pg?!s77D
z63thU)Hm8*^<1>ka6;3*!@Hs##kqTHBsN^*A^#am{pnqj{%-Pg)Yhn?ws1Vd(`!nv
zD?iBXrn2+lS7E8>#*Pa^lk$&@P=O@+o&$$Z4(@GFBjpzIxP$)he-CYLca)1=Z8a19
zvF(Y<%(YIO=DvuWl7UO3iQ1rQBv=(*<8WO78HHy3B_c4W8iD6DN(gP%r+8Sy1h|7y
ztWRK?Xn=rkf#+W^LeB*`0!Fbc;Q0cPFj@zf_{y)I3t4XP;>7x139k|O4#scz=i(gp
z!oElGjq6$pB2}g!++)0KbEZ@B7*woZ^!$EYLF^*)#+QW8b_f}4S7W--R$g-rsr0(C
zSsr#_0Lyy$7~;0IAJb-=G+`iNgNO5#!aJC8?ZUBso(hr5c$l-iIAEaM@V(WCO6$h1
z;b8(l?wC0#`0!E=k=C2B$&}<hnPrchQt#*wGom+O)uR~(OAonXo^5}TNn4yPe_NiY
zZ2sdl%JZ^y(+bv;v}TXVP&#SJ(8va6;x1O~XY-bgT2sB_Mm7$&6scMUH{^9`Mh!j7
zq9Bj)CT^W76J24e@F~#ZonIy&sn*#r7~saerIz~Wr73aq$u##A;ut1<6Qijw5TUkN
zx0zvLxHc!g)HBhL?c;Al9XX+Yk*n%kF=6>ZX;guqR{7H#+fNp^;*4o4b}r87lA_ln
zp)c01<;BES^<syoE?gceZ*Xut3TjHt?q`m(1Ox$_oa`hdm866htmsVxE?7b1Fu<?>
zblr-gL8XZXAh@aojl)<7FJ_(>mjDVTi_1;{blU7Wd}8L8q_YZunc}ikNK}RO0>pVH
zs}L(LTZPzNqFCXn`)<+-O#@jg8WJFD1&zbVpTib=0>6{IqJoQy9l?K1o5>+(<(X#)
z3FQ$NLqe>JC{`%XcSA`i4~QkvdIzy2XdFiR9QOYSDJMJR0>G4kA4^#9-6-(&55SCi
ABme*a

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/codebuild.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/codebuild.tf
new file mode 100644
index 000000000..ad93269a3
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/codebuild.tf
@@ -0,0 +1,61 @@
+resource "aws_s3_bucket" "input_bucket" {
+  bucket        = "bucket-codebuild-input-bucket-216-green"
+  force_destroy = true
+}
+resource "aws_s3_bucket" "output_bucket" {
+  bucket        = "bucket-codebuild-output-bucket-216-green"
+  force_destroy = true
+}
+
+resource "aws_s3_object" "object" {
+  bucket = aws_s3_bucket.input_bucket.id
+  key    = "MessageUtil.zip"
+  source = "MessageUtil.zip"
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "218_codebuilt_green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type     = "S3"
+    location = aws_s3_bucket.output_bucket.id
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+  source {
+    type     = "S3"
+    location = "${aws_s3_bucket.input_bucket.id}/MessageUtil.zip"
+  }
+
+  depends_on = [aws_s3_bucket.input_bucket, aws_s3_bucket.output_bucket]
+}
+
+resource "aws_iam_role" "this" {
+  name = "218_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/provider.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/provider.tf
new file mode 100644
index 000000000..5bacb3e13
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-218-codebuild_environment_variables_contain_text_credentials"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/terraform.tfvars b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/variables.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/iam/218-policy.yml b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/iam/218-policy.yml
new file mode 100644
index 000000000..00d75e2cb
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/iam/218-policy.yml
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "codebuild:ListProjects"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/MessageUtil.zip b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/MessageUtil.zip
new file mode 100644
index 0000000000000000000000000000000000000000..e6facf480a5c39e92816007fa43f7f3337c3df87
GIT binary patch
literal 2745
zcmbW2cT`hX9LFD!7)BtdEYX515m%T651}brkRelv7A=7YSfY%e2I`1_xCtYIEM**7
zDuo18h9X-9Co(D`h!TcaFwlUA^j$Gcj^ub~?>qP1yg%+I_kO>>`@K$fQV1nT8h)&H
zy0}4K8$|+w<e}vdIn+PECnS*Kji*xs+}-3Ml-?c;Imj17egXH;LvoM=qF)MvzP!%G
z5EfPIpe?6T$=Zq*TCTy6@m|Fuo2K?{_1l7v*jM}JUgkAUZQH7!^KNx%d$OndIVs9R
zD)MF$tKz5$!@w$(F+`W=hRSyOT~SHPuFZdHKrz7)J#pOO<bl<Q(|<d(bnjDKW{FY_
z&#l_hf&5`2g8W3MUa9|J+Yz(VRF_ibNjCN^kD$~yQP$V9hBTx2i`@fm|73aT)u8Qz
zv=!GM@)lonMu)XJbf@NVvy68e?fGqA!h0t>l(h17lu0SPb+B!xe+4lS5o9a8Nfazd
z;C?Fp&{rw2uoR$+lfw0ZV~viY$+N;gf(z3gYdBF>1|do$^CW``?2EJUqZUQH{#U*2
z{wYe##<c_jp`4xK<e4YsqY|2#&`11pXTkPJ>DFVl_Ur(RhdYu^?_y%l2QAB35*(9L
zXk7CMOMUVBK+nA!L8(lBbJ$QmG9|=+L;MoUjHe^4(NiV&liqImoVEVrnH~n6-C0+z
zb`Tfi(iSPpvY1@J3L4B)z3g**JUi2+<Vch2nurW<^F-5oGVf%r7JrJTv_?su^+Hzc
z*yW;E9lk@~4|h0mPfL}<WSuPj%vjaBEqJd>3HGLCGR3)VZ~s1-?oso&HRiYm=SnR*
zEKEV&M?tUmSC=~tax`>R<I{`_osLZtV}2tH-ICX~&2*}*-e@ly=c?`^SFaq+*Fi6F
z2+>c0YHG)_`rbZ1F<5*cMaQ>8@ltg`FPf`xLv!8Hr1G-FnGJea1MQ6D=*(B|&ZD(Q
zUOq=gutx)Ov^K4bz($|Aqcyz%czE~YsmlGZf553(4?!(o+#xJ#@Qr{y3<>tu{!+^y
zd@$rr@wF@@<b6Ys`AVRA`R|*>C{QqDLI37R2r)(9U=&0#d%X^L&9XFLmL}Z6D3%3I
zYPSfBED1pxb65_PkPt6liaX6e01x0_wi^mFUjy!3b{f+R)T<SrSeH|<Jo^o#9Bz1Z
z3#Pj)zCO--bGmM>c_qOy^@@bsilXtR@R{)BzH4lBuYvxKA!%Hk3fa%vMsGEPhPdE2
zEt3&7Kx?tq(mR2Evar?e7)w3>o?-QR-J!+9b;e2E`pIV_rExvw#p<h!-!Pg?!s77D
z63thU)Hm8*^<1>ka6;3*!@Hs##kqTHBsN^*A^#am{pnqj{%-Pg)Yhn?ws1Vd(`!nv
zD?iBXrn2+lS7E8>#*Pa^lk$&@P=O@+o&$$Z4(@GFBjpzIxP$)he-CYLca)1=Z8a19
zvF(Y<%(YIO=DvuWl7UO3iQ1rQBv=(*<8WO78HHy3B_c4W8iD6DN(gP%r+8Sy1h|7y
ztWRK?Xn=rkf#+W^LeB*`0!Fbc;Q0cPFj@zf_{y)I3t4XP;>7x139k|O4#scz=i(gp
z!oElGjq6$pB2}g!++)0KbEZ@B7*woZ^!$EYLF^*)#+QW8b_f}4S7W--R$g-rsr0(C
zSsr#_0Lyy$7~;0IAJb-=G+`iNgNO5#!aJC8?ZUBso(hr5c$l-iIAEaM@V(WCO6$h1
z;b8(l?wC0#`0!E=k=C2B$&}<hnPrchQt#*wGom+O)uR~(OAonXo^5}TNn4yPe_NiY
zZ2sdl%JZ^y(+bv;v}TXVP&#SJ(8va6;x1O~XY-bgT2sB_Mm7$&6scMUH{^9`Mh!j7
zq9Bj)CT^W76J24e@F~#ZonIy&sn*#r7~saerIz~Wr73aq$u##A;ut1<6Qijw5TUkN
zx0zvLxHc!g)HBhL?c;Al9XX+Yk*n%kF=6>ZX;guqR{7H#+fNp^;*4o4b}r87lA_ln
zp)c01<;BES^<syoE?gceZ*Xut3TjHt?q`m(1Ox$_oa`hdm866htmsVxE?7b1Fu<?>
zblr-gL8XZXAh@aojl)<7FJ_(>mjDVTi_1;{blU7Wd}8L8q_YZunc}ikNK}RO0>pVH
zs}L(LTZPzNqFCXn`)<+-O#@jg8WJFD1&zbVpTib=0>6{IqJoQy9l?K1o5>+(<(X#)
z3FQ$NLqe>JC{`%XcSA`i4~QkvdIzy2XdFiR9QOYSDJMJR0>G4kA4^#9-6-(&55SCi
ABme*a

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/codebuild.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/codebuild.tf
new file mode 100644
index 000000000..af0ee4094
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/codebuild.tf
@@ -0,0 +1,67 @@
+resource "aws_s3_bucket" "input_bucket" {
+  bucket        = "bucket-codebuild-input-bucket-216-red"
+  force_destroy = true
+}
+resource "aws_s3_bucket" "output_bucket" {
+  bucket        = "bucket-codebuild-output-bucket-216-red"
+  force_destroy = true
+}
+
+resource "aws_s3_object" "object" {
+  bucket = aws_s3_bucket.input_bucket.id
+  key    = "MessageUtil.zip"
+  source = "MessageUtil.zip"
+}
+
+
+resource "aws_codebuild_project" "this" {
+  name = "218_codebuilt_red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type     = "S3"
+    location = aws_s3_bucket.output_bucket.id
+  }
+
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "AWS_ACCESS_KEY_ID"
+      value = "xxxxxxxxx"
+    }
+    environment_variable {
+      name  = "AWS_SECRET_ACCESS_KEY"
+      value = "xxxxxxxxxxxxx"
+    }
+  }
+  source {
+    type     = "S3"
+    location = "${aws_s3_bucket.input_bucket.id}/MessageUtil.zip"
+  }
+
+  depends_on = [aws_s3_bucket.input_bucket, aws_s3_bucket.output_bucket]
+}
+
+resource "aws_iam_role" "this" {
+  name = "218_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/provider.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/provider.tf
new file mode 100644
index 000000000..b84481223
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-218-codebuild_environment_variables_contain_text_credentials"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/terraform.tfvars b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/variables.tf b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/provider.tf b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/provider.tf
new file mode 100644
index 000000000..5a4e80dd7
--- /dev/null
+++ b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-219-rds_snapshot_prohibit_public_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/rds.tf b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/rds.tf
new file mode 100644
index 000000000..444510bae
--- /dev/null
+++ b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/rds.tf
@@ -0,0 +1,24 @@
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  storage_type         = "gp2"
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t2.micro"
+  db_name              = "rdsgreen"
+  username             = "root"
+  password             = random_password.this.result
+  identifier           = "rds-219-green"
+  skip_final_snapshot  = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_snapshot" "this" {
+  db_instance_identifier = aws_db_instance.this.id
+  db_snapshot_identifier = "rds-snapshot-219-green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/terraform.tfvars b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/variables.tf b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/iam/219-policy.json b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/iam/219-policy.json
new file mode 100644
index 000000000..e1ab28b48
--- /dev/null
+++ b/terraform/ecc-aws-219-rds_snapshot_prohibit_public_access/iam/219-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBSnapshots",
+                "tag:GetResources",
+                "rds:DescribeDBSnapshotAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ec2.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ec2.tf
new file mode 100644
index 000000000..f0f87a380
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ec2.tf
@@ -0,0 +1,21 @@
+resource "aws_instance" "this" {
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+  security_groups      = [aws_security_group.this.name]
+
+  tags = {
+    Name          = "221_instance_green"
+    "Patch Group" = "Patch_Group_221_green"
+  }
+  depends_on = [aws_security_group.this, aws_iam_instance_profile.this]
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/iam.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/iam.tf
new file mode 100644
index 000000000..8c92b2587
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/iam.tf
@@ -0,0 +1,23 @@
+resource "aws_iam_instance_profile" "this" {
+  name = "221_profile_green"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "221_role_green"
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+    "Effect": "Allow",
+    "Principal": {"Service": "ec2.amazonaws.com"},
+    "Action": "sts:AssumeRole"
+     }
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/provider.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/provider.tf
new file mode 100644
index 000000000..183362599
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-221-ec2_managed_ssm_patch_compliance"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ssm.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ssm.tf
new file mode 100644
index 000000000..c032dd63b
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/ssm.tf
@@ -0,0 +1,107 @@
+resource "aws_ssm_patch_baseline" "this" {
+  name                                 = "221_patch_baseline_green"
+  description                          = "Patch Baseline Description 221"
+  operating_system                     = "AMAZON_LINUX_2"
+  approved_patches_enable_non_security = true
+
+  global_filter {
+    key    = "PRODUCT"
+    values = ["*"]
+  }
+
+  global_filter {
+    key    = "CLASSIFICATION"
+    values = ["*"]
+  }
+
+  global_filter {
+    key    = "SEVERITY"
+    values = ["*"]
+  }
+
+  approval_rule {
+    approve_after_days  = 0
+    enable_non_security = true
+
+    patch_filter {
+      key    = "PRODUCT"
+      values = ["*"]
+    }
+
+    patch_filter {
+      key    = "CLASSIFICATION"
+      values = ["*"]
+    }
+
+    patch_filter {
+      key    = "SEVERITY"
+      values = ["*"]
+    }
+  }
+}
+
+resource "aws_ssm_patch_group" "this" {
+  baseline_id = aws_ssm_patch_baseline.this.id
+  patch_group = "Patch_Group_221_green"
+}
+
+resource "aws_ssm_maintenance_window" "this" {
+  name     = "221_maintenance_window_green"
+  schedule = "rate(5 minutes)"
+  duration = 3
+  cutoff   = 1
+}
+
+resource "aws_ssm_maintenance_window_target" "this" {
+  window_id     = aws_ssm_maintenance_window.this.id
+  name          = "221_maintenance_window_target_green"
+  resource_type = "INSTANCE"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+}
+
+data "aws_iam_role" "ssm" {
+  name = "AWSServiceRoleForAmazonSSM"
+}
+
+resource "aws_ssm_maintenance_window_task" "this" {
+  name             = "221_maintenance_window_task_green"
+  max_concurrency  = 2
+  max_errors       = 1
+  priority         = 1
+  task_arn         = "AWS-RunPatchBaseline"
+  task_type        = "RUN_COMMAND"
+  window_id        = aws_ssm_maintenance_window.this.id
+  service_role_arn = data.aws_iam_role.ssm.arn
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  task_invocation_parameters {
+    run_command_parameters {
+      parameter {
+        name   = "Operation"
+        values = ["Install"]
+      }
+    }
+  }
+}
+
+resource "aws_ssm_association" "this" {
+  name                = "AWS-UpdateSSMAgent"
+  association_name    = "221_association_green"
+  compliance_severity = "MEDIUM"
+  schedule_expression = "rate(30 minutes)"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  depends_on = [aws_instance.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/terraform.tfvars b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/variables.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/vpc.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/vpc.tf
new file mode 100644
index 000000000..c146384fc
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/green/vpc.tf
@@ -0,0 +1,32 @@
+data "aws_vpc" "this" {
+  default = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "221_security_group_green"
+  vpc_id = data.aws_vpc.this.id
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/iam/221-policy.json b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/iam/221-policy.json
new file mode 100644
index 000000000..26a6a4dea
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/iam/221-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ssm:ListResourceComplianceSummaries",
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ec2.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ec2.tf
new file mode 100644
index 000000000..281941769
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ec2.tf
@@ -0,0 +1,21 @@
+resource "aws_instance" "this" {
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+  security_groups      = [aws_security_group.this.name]
+
+  tags = {
+    Name          = "221_instance_red"
+    "Patch Group" = "Patch_Group_221_red"
+  }
+  depends_on = [aws_security_group.this, aws_iam_instance_profile.this]
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/iam.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/iam.tf
new file mode 100644
index 000000000..f8be11635
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/iam.tf
@@ -0,0 +1,23 @@
+resource "aws_iam_instance_profile" "this" {
+  name = "221_profile_red"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "221_role_red"
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+    "Effect": "Allow",
+    "Principal": {"Service": "ec2.amazonaws.com"},
+    "Action": "sts:AssumeRole"
+     }
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/provider.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/provider.tf
new file mode 100644
index 000000000..9739841f5
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-221-ec2_managed_ssm_patch_compliance"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ssm.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ssm.tf
new file mode 100644
index 000000000..998b0c9c9
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/ssm.tf
@@ -0,0 +1,113 @@
+resource "aws_ssm_patch_baseline" "this" {
+  name                                 = "221_patch_baseline_red"
+  description                          = "Patch Baseline Description 221 red"
+  operating_system                     = "AMAZON_LINUX_2"
+  approved_patches_enable_non_security = true
+  rejected_patches                     = ["amazon-ssm-agent"]
+  rejected_patches_action              = "BLOCK"
+
+  global_filter {
+    key    = "PRODUCT"
+    values = ["*"]
+  }
+
+  global_filter {
+    key    = "CLASSIFICATION"
+    values = ["*"]
+  }
+
+  global_filter {
+    key    = "SEVERITY"
+    values = ["*"]
+  }
+
+  approval_rule {
+    approve_after_days  = 0
+    enable_non_security = true
+
+    patch_filter {
+      key    = "PRODUCT"
+      values = ["*"]
+    }
+
+    patch_filter {
+      key    = "CLASSIFICATION"
+      values = ["*"]
+    }
+
+    patch_filter {
+      key    = "SEVERITY"
+      values = ["*"]
+    }
+  }
+}
+
+resource "aws_ssm_patch_group" "this" {
+  baseline_id = aws_ssm_patch_baseline.this.id
+  patch_group = "Patch_Group_221_red"
+}
+
+resource "aws_ssm_maintenance_window" "this" {
+  name     = "221_maintenance_window_red"
+  schedule = "rate(5 minutes)"
+  duration = 3
+  cutoff   = 1
+}
+
+resource "aws_ssm_maintenance_window_target" "this" {
+  window_id     = aws_ssm_maintenance_window.this.id
+  name          = "221_maintenance_window_target_red"
+  resource_type = "INSTANCE"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+}
+
+data "aws_iam_role" "ssm" {
+  name = "AWSServiceRoleForAmazonSSM"
+}
+
+resource "aws_ssm_maintenance_window_task" "this" {
+  name             = "221_maintenance_window_task_red"
+  max_concurrency  = 2
+  max_errors       = 1
+  priority         = 1
+  task_arn         = "AWS-RunPatchBaseline"
+  task_type        = "RUN_COMMAND"
+  window_id        = aws_ssm_maintenance_window.this.id
+  service_role_arn = data.aws_iam_role.ssm.arn
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  task_invocation_parameters {
+    run_command_parameters {
+      parameter {
+        name   = "Operation"
+        values = ["Install"]
+      }
+      parameter {
+        name   = "RebootOption"
+        values = ["NoReboot"]
+      }
+    }
+  }
+}
+
+resource "aws_ssm_association" "this" {
+  name                = "AWS-UpdateSSMAgent"
+  association_name    = "221_association_red"
+  compliance_severity = "MEDIUM"
+  schedule_expression = "rate(30 minutes)"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  depends_on = [aws_instance.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/terraform.tfvars b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/variables.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/vpc.tf b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/vpc.tf
new file mode 100644
index 000000000..9c9e2ebd9
--- /dev/null
+++ b/terraform/ecc-aws-221-ec2_managed_ssm_patch_compliance/red/vpc.tf
@@ -0,0 +1,32 @@
+data "aws_vpc" "this" {
+  default = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "221_security_group_red"
+  vpc_id = data.aws_vpc.this.id
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/green/ami.tf b/terraform/ecc-aws-222-ami_public_access/green/ami.tf
new file mode 100644
index 000000000..8db7bc560
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/green/ami.tf
@@ -0,0 +1,19 @@
+resource "aws_ami" "this" {
+  name                = "222_ami_green"
+  root_device_name    = "/dev/xvda"
+  
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    snapshot_id = aws_ebs_snapshot.this.id
+    volume_size = 10
+  }
+}
+
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 10
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
diff --git a/terraform/ecc-aws-222-ami_public_access/green/provider.tf b/terraform/ecc-aws-222-ami_public_access/green/provider.tf
new file mode 100644
index 000000000..52e532e82
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-222-ami_public_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/green/terraform.tfvars b/terraform/ecc-aws-222-ami_public_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/green/variables.tf b/terraform/ecc-aws-222-ami_public_access/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/iam/222-policy.json b/terraform/ecc-aws-222-ami_public_access/iam/222-policy.json
new file mode 100644
index 000000000..f4d08fee0
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/iam/222-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeImageAttribute",
+                "ec2:DescribeImages",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-222-ami_public_access/red/ami.tf b/terraform/ecc-aws-222-ami_public_access/red/ami.tf
new file mode 100644
index 000000000..99ca17b39
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/red/ami.tf
@@ -0,0 +1,24 @@
+resource "aws_ami" "this" {
+  name                = "222_ami_red"
+  root_device_name    = "/dev/xvda"
+  
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    snapshot_id = aws_ebs_snapshot.this.id
+    volume_size = 10
+  }
+}
+
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 10
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
+
+resource "aws_ami_launch_permission" "this" {
+  image_id = aws_ami.this.id
+  group    = "all"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/red/provider.tf b/terraform/ecc-aws-222-ami_public_access/red/provider.tf
new file mode 100644
index 000000000..9bb374a28
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-222-ami_public_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/red/terraform.tfvars b/terraform/ecc-aws-222-ami_public_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-222-ami_public_access/red/variables.tf b/terraform/ecc-aws-222-ami_public_access/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-222-ami_public_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/provider.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/provider.tf
new file mode 100644
index 000000000..52332dfb3
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-223-ensure_that_sagemaker_in_vpc"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/sagemaker.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/sagemaker.tf
new file mode 100644
index 000000000..d40c76e2f
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/sagemaker.tf
@@ -0,0 +1,56 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name            = "223-sagemaker-notebook-instance-green"
+  role_arn        = aws_iam_role.this.arn
+  instance_type   = "ml.t2.medium"
+  subnet_id       = aws_subnet.this.id
+  security_groups = [aws_security_group.this.id]
+  direct_internet_access = "Disabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "223_role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "allow_tls"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "TLS from VPC"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/terraform.tfvars b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/variables.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/iam/223-policy.json b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/iam/223-policy.json
new file mode 100644
index 000000000..6a9c07e93
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/iam/223-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/provider.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/provider.tf
new file mode 100644
index 000000000..4fbce842f
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-223-ensure_that_sagemaker_in_vpc"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/sagemaker.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/sagemaker.tf
new file mode 100644
index 000000000..1a0c5f87d
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/sagemaker.tf
@@ -0,0 +1,24 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name          = "223-sagemaker-notebook-instance-red"
+  role_arn      = aws_iam_role.this.arn
+  instance_type = "ml.t2.medium"
+}
+
+resource "aws_iam_role" "this" {
+  name = "223_role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/terraform.tfvars b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/variables.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/provider.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/provider.tf
new file mode 100644
index 000000000..4e837eec6
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-223-ensure_that_sagemaker_in_vpc"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/sagemaker.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/sagemaker.tf
new file mode 100644
index 000000000..60b05491e
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/sagemaker.tf
@@ -0,0 +1,56 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name          = "223-sagemaker-notebook-instance-red1"
+  role_arn      = aws_iam_role.this.arn
+  instance_type = "ml.t2.medium"
+  subnet_id       = aws_subnet.this.id
+  security_groups = [aws_security_group.this.id]
+  direct_internet_access = "Enabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "223_role_red1"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "allow_tls"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "TLS from VPC"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/terraform.tfvars b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/variables.tf b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-223-ensure_that_sagemaker_in_vpc/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/provider.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/provider.tf
new file mode 100644
index 000000000..90177ed00
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-231-vpc-subnets_automatic_public_ip_assignment"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/terraform.tfvars b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/variables.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/vpc.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/vpc.tf
new file mode 100644
index 000000000..1ebef5b22
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/green/vpc.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/iam/231-policy.json b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/iam/231-policy.json
new file mode 100644
index 000000000..ebf63bc02
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/iam/231-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSubnets",
+                "ec2:DescribeRegions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/provider.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/provider.tf
new file mode 100644
index 000000000..ba40d8b05
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-231-vpc-subnets_automatic_public_ip_assignment"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/terraform.tfvars b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/variables.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/vpc.tf b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/vpc.tf
new file mode 100644
index 000000000..ebf8992b1
--- /dev/null
+++ b/terraform/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red/vpc.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  map_public_ip_on_launch = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/provider.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/provider.tf
new file mode 100644
index 000000000..9f1168e5e
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-232-sagemaker_does_not_have_direct_internet_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/sagemaker.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/sagemaker.tf
new file mode 100644
index 000000000..5f2154a56
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/sagemaker.tf
@@ -0,0 +1,56 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "sagemaker-notebook-instance-232-green"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+  subnet_id              = aws_subnet.this.id
+  security_groups        = [aws_security_group.this.id]
+  direct_internet_access = "Disabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "232_role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "allow_tls"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "TLS from VPC"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/terraform.tfvars b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/variables.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/iam/232-policy.json b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/iam/232-policy.json
new file mode 100644
index 000000000..6a9c07e93
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/iam/232-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/provider.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/provider.tf
new file mode 100644
index 000000000..122165e0b
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-232-sagemaker_does_not_have_direct_internet_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/sagemaker.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/sagemaker.tf
new file mode 100644
index 000000000..cd4e618ee
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/sagemaker.tf
@@ -0,0 +1,56 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "sagemaker-notebook-instance-232-red"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+  subnet_id              = aws_subnet.this.id
+  security_groups        = [aws_security_group.this.id]
+  direct_internet_access = "Enabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "232_iam_role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_subnet" "this" {
+  vpc_id     = aws_vpc.this.id
+  cidr_block = "10.0.1.0/24"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "allow_tls"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "TLS from VPC"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/terraform.tfvars b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/variables.tf b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/iam/237-policy.json b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/iam/237-policy.json
new file mode 100644
index 000000000..41aa089ff
--- /dev/null
+++ b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/iam/237-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/cloudfront.tf b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/cloudfront.tf
new file mode 100644
index 000000000..d2be4d407
--- /dev/null
+++ b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/cloudfront.tf
@@ -0,0 +1,48 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-237-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  tags = {
+    Name = "237_cloudfront_red"
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/provider.tf b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/provider.tf
new file mode 100644
index 000000000..c1c60f996
--- /dev/null
+++ b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/terraform.tfvars b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/variables.tf b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/cloudfront.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/cloudfront.tf
new file mode 100644
index 000000000..40be227db
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/cloudfront.tf
@@ -0,0 +1,45 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-238-green"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/provider.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/provider.tf
new file mode 100644
index 000000000..47632e1d9
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/terraform.tfvars b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/variables.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/iam/238-policy.json b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/iam/238-policy.json
new file mode 100644
index 000000000..41aa089ff
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/iam/238-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/cloudfront.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/cloudfront.tf
new file mode 100644
index 000000000..16fdbb193
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-238-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/provider.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/provider.tf
new file mode 100644
index 000000000..e1c690119
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/terraform.tfvars b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/variables.tf b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/acm.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/acm.tf
new file mode 100644
index 000000000..a75bbc029
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/acm.tf
@@ -0,0 +1,8 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "aws.custodian.com"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/provider.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/provider.tf
new file mode 100644
index 000000000..b5c852fc4
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-240-acm_has_certificates_single_domain_names"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/terraform.tfvars b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/variables.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/iam/240-policy.json b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/iam/240-policy.json
new file mode 100644
index 000000000..136b33c25
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/iam/240-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/acm.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/acm.tf
new file mode 100644
index 000000000..0fcb00db2
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/acm.tf
@@ -0,0 +1,8 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "*.custodian.com"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/provider.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/provider.tf
new file mode 100644
index 000000000..7f03ae188
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-240-acm_has_certificates_single_domain_names"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/terraform.tfvars b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/variables.tf b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-240-acm_has_certificates_single_domain_names/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-241-acm_has_no_unused_certificates/iam/241-policy.json b/terraform/ecc-aws-241-acm_has_no_unused_certificates/iam/241-policy.json
new file mode 100644
index 000000000..136b33c25
--- /dev/null
+++ b/terraform/ecc-aws-241-acm_has_no_unused_certificates/iam/241-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/acm.tf b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/acm.tf
new file mode 100644
index 000000000..a75bbc029
--- /dev/null
+++ b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/acm.tf
@@ -0,0 +1,8 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "aws.custodian.com"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/provider.tf b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/provider.tf
new file mode 100644
index 000000000..175e7c08f
--- /dev/null
+++ b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-241-acm_has_no_unused_certificates"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/terraform.tfvars b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/variables.tf b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-241-acm_has_no_unused_certificates/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/cloudfront.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/cloudfront.tf
new file mode 100644
index 000000000..a60f79a1b
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/cloudfront.tf
@@ -0,0 +1,89 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-242-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+locals {
+  s3_origin_id = "mygreenS3"
+}
+
+data "aws_caller_identity" "this" {
+  provider = aws
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = [
+      "s3:GetBucketACL",
+      "s3:PutBucketACL",
+    ]
+
+    resources = [
+      "arn:aws:s3:::bucket-242-green",
+    ]
+
+    principals {
+      type = "AWS"
+
+      identifiers = [
+        data.aws_caller_identity.this.account_id,
+      ]
+    }
+  }
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  logging_config {
+    include_cookies = true
+    bucket          = aws_s3_bucket.this.bucket_regional_domain_name
+    prefix          = "myprefix"
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  provider = aws
+  comment  = "242_cloudfront_origin_access_identity_green"
+}
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/provider.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/provider.tf
new file mode 100644
index 000000000..b8c9be15f
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-242-cloudfront_distribution_access_logging"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/terraform.tfvars b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/variables.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/iam/242-policy.json b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/iam/242-policy.json
new file mode 100644
index 000000000..d80f22ff9
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/iam/242-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudfront:GetDistributionConfig"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/cloudfront.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/cloudfront.tf
new file mode 100644
index 000000000..9d595520a
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-242-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/provider.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/provider.tf
new file mode 100644
index 000000000..140b8c541
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-242-cloudfront_distribution_access_logging"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/terraform.tfvars b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/variables.tf b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-242-cloudfront_distribution_access_logging/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/iam/243-policy.json b/terraform/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/iam/243-policy.json
new file mode 100644
index 000000000..136b33c25
--- /dev/null
+++ b/terraform/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/iam/243-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/alb.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/alb.tf
new file mode 100644
index 000000000..acfc3014e
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/alb.tf
@@ -0,0 +1,87 @@
+resource "aws_lb" "this" {
+  name               = "alb-245-green"
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+
+}
+
+resource "aws_wafregional_ipset" "this" {
+  name = "GreenWAFRegionalIPSet"
+}
+
+resource "aws_wafregional_rule" "this" {
+  name        = "GreenWAFRegionalRule"
+  metric_name = "GreenWAFRegionalRule"
+
+  predicate {
+    data_id = aws_wafregional_ipset.this.id
+    negated = false
+    type    = "IPMatch"
+  }
+}
+
+resource "aws_wafregional_web_acl" "this" {
+  name        = "GreenWAFRegionalACL"
+  metric_name = "GreenWAFRegionalACL"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rule {
+    action {
+      type = "BLOCK"
+    }
+
+    priority = 1
+    rule_id  = aws_wafregional_rule.this.id
+  }
+}
+
+resource "aws_wafregional_web_acl_association" "this" {
+  resource_arn = aws_lb.this.arn
+  web_acl_id   = aws_wafregional_web_acl.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "allow_http"
+  description = "Allow HTTP inbound traffic"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/provider.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/provider.tf
new file mode 100644
index 000000000..850a2cf52
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-245-alb_is_protected_by_waf"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/terraform.tfvars b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/variables.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/iam/245-policy.json b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/iam/245-policy.json
new file mode 100644
index 000000000..65d8562dd
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/iam/245-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeTags",
+                "waf-regional:ListWebACLs",
+                "waf-regional:ListResourcesForWebACL"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/alb.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/alb.tf
new file mode 100644
index 000000000..3e5359800
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/alb.tf
@@ -0,0 +1,48 @@
+resource "aws_lb" "this" {
+  name               = "alb-245-red"
+  load_balancer_type = "application"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "allow_http"
+  description = "Allow HTTP inbound traffic"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/provider.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/provider.tf
new file mode 100644
index 000000000..9da99c34f
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-245-alb_is_protected_by_waf"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/terraform.tfvars b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/variables.tf b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-245-alb_is_protected_by_waf_regional/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/iam.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/iam.tf
new file mode 100644
index 000000000..002f2423c
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/iam.tf
@@ -0,0 +1,32 @@
+resource "aws_iam_user" "this" {
+  name = "247_user_green"
+}
+
+resource "aws_iam_access_key" "this" {
+  user = aws_iam_user.this.name
+}
+
+resource "aws_iam_policy" "this" {
+  name = "247_policy_green"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_policy_attachment" "this" {
+  name       = "247_policy_attachment_green"
+  users      = [aws_iam_user.this.name]
+  policy_arn = aws_iam_policy.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/provider.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/provider.tf
new file mode 100644
index 000000000..eb0c04afe
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-247-managed_policies_instead_of_inline_iam_policies"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/terraform.tfvars b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/variables.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/iam/247-policy.json b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/iam/247-policy.json
new file mode 100644
index 000000000..10f5eb310
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/iam/247-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "iam:ListUsers",
+                "iam:ListUserPolicies"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/iam.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/iam.tf
new file mode 100644
index 000000000..1e89e2c5e
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/iam.tf
@@ -0,0 +1,27 @@
+resource "aws_iam_user" "this" {
+  name = "247_user_red"
+}
+
+resource "aws_iam_access_key" "this" {
+  user = aws_iam_user.this.name
+}
+
+resource "aws_iam_user_policy" "this" {
+  name = "247_policy_red"
+  user = aws_iam_user.this.name
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:Describe*"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/provider.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/provider.tf
new file mode 100644
index 000000000..eb5d38982
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-247-managed_policies_instead_of_inline_iam_policies"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/terraform.tfvars b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/variables.tf b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/eks.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/eks.tf
new file mode 100644
index 000000000..cd4f2ae91
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/eks.tf
@@ -0,0 +1,14 @@
+resource "aws_eks_cluster" "this" {
+  name     = "248_eks_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.security_group1.id, aws_security_group.security_group2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/iam.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/iam.tf
new file mode 100644
index 000000000..41408a7df
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/iam.tf
@@ -0,0 +1,28 @@
+resource "aws_iam_role" "this" {
+  name = "248_role_green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/provider.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/provider.tf
new file mode 100644
index 000000000..0d73898d2
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/sg.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/sg.tf
new file mode 100644
index 000000000..fbb91b9ff
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/sg.tf
@@ -0,0 +1,37 @@
+resource "aws_security_group" "security_group1" {
+  name   = "248_security_group1_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "security_group2" {
+  name   = "248_security_group2_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port        = 22
+    to_port          = 22
+    protocol         = "tcp"
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    ipv6_cidr_blocks = ["::/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/terraform.tfvars b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/variables.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/vpc.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/vpc.tf
new file mode 100644
index 000000000..d660f8c33
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/green/vpc.tf
@@ -0,0 +1,36 @@
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/iam/248-policy.json b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/iam/248-policy.json
new file mode 100644
index 000000000..4c7d01676
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/iam/248-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:ListClusters",
+                "eks:DescribeCluster",
+                "ec2:DescribeSecurityGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/eks.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/eks.tf
new file mode 100644
index 000000000..fc1edbd82
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/eks.tf
@@ -0,0 +1,14 @@
+resource "aws_eks_cluster" "this" {
+  name     = "248_eks_cluster_red"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/iam.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/iam.tf
new file mode 100644
index 000000000..9296736ee
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/iam.tf
@@ -0,0 +1,28 @@
+resource "aws_iam_role" "this" {
+  name = "248_role_red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/provider.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/provider.tf
new file mode 100644
index 000000000..ac634fb1d
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/sg.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/sg.tf
new file mode 100644
index 000000000..c579c79aa
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/sg.tf
@@ -0,0 +1,18 @@
+resource "aws_security_group" "this" {
+  name   = "248_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/terraform.tfvars b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/variables.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/vpc.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/vpc.tf
new file mode 100644
index 000000000..d660f8c33
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red/vpc.tf
@@ -0,0 +1,36 @@
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/eks.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/eks.tf
new file mode 100644
index 000000000..86a6a6cdd
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/eks.tf
@@ -0,0 +1,14 @@
+resource "aws_eks_cluster" "this" {
+  name     = "248_eks_cluster_red1"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
+    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
+  ]
+}
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/iam.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/iam.tf
new file mode 100644
index 000000000..8330532fa
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/iam.tf
@@ -0,0 +1,28 @@
+resource "aws_iam_role" "this" {
+  name = "248_role_red1"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/provider.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/provider.tf
new file mode 100644
index 000000000..eb142f6a0
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/sg.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/sg.tf
new file mode 100644
index 000000000..9d3904651
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/sg.tf
@@ -0,0 +1,18 @@
+resource "aws_security_group" "this" {
+  name   = "248_security_group_red1"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/terraform.tfvars b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/variables.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/vpc.tf b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/vpc.tf
new file mode 100644
index 000000000..2d7bac57c
--- /dev/null
+++ b/terraform/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red1/vpc.tf
@@ -0,0 +1,35 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/cloudfront.tf b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/cloudfront.tf
new file mode 100644
index 000000000..7d2406e9c
--- /dev/null
+++ b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/cloudfront.tf
@@ -0,0 +1,89 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-249-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+locals {
+  s3_origin_id = "mygreenS3"
+}
+
+data "aws_caller_identity" "this" {
+  provider = aws
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = [
+      "s3:GetBucketACL",
+      "s3:PutBucketACL",
+    ]
+
+    resources = [
+      "arn:aws:s3:::bucket-249-green",
+    ]
+
+    principals {
+      type = "AWS"
+
+      identifiers = [
+        data.aws_caller_identity.this.account_id,
+      ]
+    }
+  }
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  logging_config {
+    include_cookies = true
+    bucket          = aws_s3_bucket.this.bucket_regional_domain_name
+    prefix          = "myprefix"
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  provider = aws
+  comment  = "249_cloudfront_origin_access_identity_green"
+}
diff --git a/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/provider.tf b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/provider.tf
new file mode 100644
index 000000000..2e342c840
--- /dev/null
+++ b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-249-expired_certificates_are_removed_from_acm"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/terraform.tfvars b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/variables.tf b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/iam/249-policy.json b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/iam/249-policy.json
new file mode 100644
index 000000000..136b33c25
--- /dev/null
+++ b/terraform/ecc-aws-249-expired_certificates_are_removed_from_acm/iam/249-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/api.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/api.tf
new file mode 100644
index 000000000..2c6292a46
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/api.tf
@@ -0,0 +1,7 @@
+resource "aws_api_gateway_rest_api" "this" {
+  name = "250_api_green"
+  
+  endpoint_configuration {
+    types = ["PRIVATE"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/provider.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/provider.tf
new file mode 100644
index 000000000..dac5e8899
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-250-rest_api_gateway_is_set_to_private"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/terraform.tfvars b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/variables.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/iam/250-policy.json b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/iam/250-policy.json
new file mode 100644
index 000000000..58462aa02
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/iam/250-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/api.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/api.tf
new file mode 100644
index 000000000..954dd509a
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/api.tf
@@ -0,0 +1,15 @@
+resource "aws_api_gateway_rest_api" "edge" {
+  name = "250_api_edge_red"
+  
+  endpoint_configuration {
+    types = ["EDGE"]
+  }
+}
+
+resource "aws_api_gateway_rest_api" "regional" {
+  name = "250_api_regional_red"
+  
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/provider.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/provider.tf
new file mode 100644
index 000000000..5d099f076
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-250-rest_api_gateway_is_set_to_private"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/terraform.tfvars b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/variables.tf b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-250-rest_api_gateway_is_set_to_private/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/api.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/api.tf
new file mode 100644
index 000000000..03a31af90
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/api.tf
@@ -0,0 +1,17 @@
+resource "aws_api_gateway_rest_api" "this" {
+  name = "251_api_edge_green"  
+}
+
+resource "aws_api_gateway_resource" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  parent_id   = aws_api_gateway_rest_api.this.root_resource_id
+  path_part   = "mydemoresource"
+}
+
+resource "aws_api_gateway_method" "this" {
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  resource_id   = aws_api_gateway_resource.this.id
+  http_method   = "GET"
+  authorization = "NONE"
+  api_key_required = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/provider.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/provider.tf
new file mode 100644
index 000000000..dac5e8899
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-250-rest_api_gateway_is_set_to_private"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/terraform.tfvars b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/variables.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/iam/251-policy.json b/terraform/ecc-aws-251-api_key_is_required_on_method_request/iam/251-policy.json
new file mode 100644
index 000000000..58462aa02
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/iam/251-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/api.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/api.tf
new file mode 100644
index 000000000..844afe796
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/api.tf
@@ -0,0 +1,17 @@
+resource "aws_api_gateway_rest_api" "this" {
+  name = "251_api_edge_red"  
+}
+
+resource "aws_api_gateway_resource" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  parent_id   = aws_api_gateway_rest_api.this.root_resource_id
+  path_part   = "mydemoresource"
+}
+
+resource "aws_api_gateway_method" "this" {
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  resource_id   = aws_api_gateway_resource.this.id
+  http_method   = "GET"
+  authorization = "NONE"
+  api_key_required = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/provider.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/provider.tf
new file mode 100644
index 000000000..5d099f076
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-250-rest_api_gateway_is_set_to_private"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/terraform.tfvars b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/variables.tf b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-251-api_key_is_required_on_method_request/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/kinesis.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/kinesis.tf
new file mode 100644
index 000000000..dbf0cf4d9
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/kinesis.tf
@@ -0,0 +1,11 @@
+resource "aws_kinesis_stream" "this" {
+  name             = "253_kinesis_stream_green"
+  shard_count      = 1
+  encryption_type  = "KMS"
+  kms_key_id       = aws_kms_key.this.id
+}
+
+resource "aws_kms_key" "this" {
+  description             = "253_kms_key_green"
+  deletion_window_in_days = 10
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/provider.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/provider.tf
new file mode 100644
index 000000000..8f837e605
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/terraform.tfvars b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/variables.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/iam/253-policy.json b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/iam/253-policy.json
new file mode 100644
index 000000000..8f11ee204
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/iam/253-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "kinesis:ListStreams",
+                "kinesis:DescribeStream",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/kinesis.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/kinesis.tf
new file mode 100644
index 000000000..19f0fd1f9
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/kinesis.tf
@@ -0,0 +1,6 @@
+resource "aws_kinesis_stream" "this" {
+  name             = "253_kinesis_stream_red"
+  shard_count      = 1
+  encryption_type  = "KMS"
+  kms_key_id       = "alias/aws/kinesis"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/provider.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/provider.tf
new file mode 100644
index 000000000..194b3b1e1
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/terraform.tfvars b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/variables.tf b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/kinesis.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/kinesis.tf
new file mode 100644
index 000000000..11041348a
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/kinesis.tf
@@ -0,0 +1,11 @@
+resource "aws_kinesis_stream" ".this" {
+  name             = "254_kinesis_stream_green"
+  shard_count      = 1
+  encryption_type  = "KMS"
+  kms_key_id       = aws_kms_key.this.id
+}
+
+resource "aws_kms_key" "this" {
+  description             = "254_kms_key_green"
+  deletion_window_in_days = 10
+}
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/provider.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/provider.tf
new file mode 100644
index 000000000..cec54afc5
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-254-kinesis_server_data_at_rest_has_sse"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/terraform.tfvars b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/variables.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/iam/254-policy.json b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/iam/254-policy.json
new file mode 100644
index 000000000..8f11ee204
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/iam/254-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "kinesis:ListStreams",
+                "kinesis:DescribeStream",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/kinesis.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/kinesis.tf
new file mode 100644
index 000000000..f9b7217a0
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/kinesis.tf
@@ -0,0 +1,5 @@
+resource "aws_kinesis_stream" "this" {
+  name             = "254_kinesis_stream_red"
+  shard_count      = 1
+  encryption_type  = "NONE"
+}
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/provider.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/provider.tf
new file mode 100644
index 000000000..cdb5e54af
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-254-kinesis_server_data_at_rest_has_sse"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/terraform.tfvars b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/variables.tf b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/green/provider.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/green/provider.tf
new file mode 100644
index 000000000..a67c1c91d
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-255-restrict_outbound_traffic"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/green/sg.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/green/sg.tf
new file mode 100644
index 000000000..c10312724
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/green/sg.tf
@@ -0,0 +1,26 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_hostnames = true
+}
+
+
+resource "aws_security_group" "this" {
+  name        = "255_security_group_green"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/green/terraform.tfvars b/terraform/ecc-aws-255-restrict_outbound_traffic/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/green/variables.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/iam/255-policy.json b/terraform/ecc-aws-255-restrict_outbound_traffic/iam/255-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/iam/255-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/red/provider.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/red/provider.tf
new file mode 100644
index 000000000..d28f1db08
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-255-restrict_outbound_traffic"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/red/sg.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/red/sg.tf
new file mode 100644
index 000000000..4cff6ddcd
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/red/sg.tf
@@ -0,0 +1,26 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  instance_tenancy     = "default"
+  enable_dns_hostnames = true
+}
+
+
+resource "aws_security_group" "this" {
+  name        = "255_security_group_red"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/red/terraform.tfvars b/terraform/ecc-aws-255-restrict_outbound_traffic/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-255-restrict_outbound_traffic/red/variables.tf b/terraform/ecc-aws-255-restrict_outbound_traffic/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-255-restrict_outbound_traffic/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/dynamodb.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/dynamodb.tf
new file mode 100644
index 000000000..48e8b1b4e
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/dynamodb.tf
@@ -0,0 +1,22 @@
+resource "aws_dynamodb_table" "this" {
+  name             = "256_dynamodb_table_green"
+  hash_key         = "GreenTableHashKey"
+  billing_mode     = "PAY_PER_REQUEST"
+  stream_enabled   = true
+  stream_view_type = "NEW_AND_OLD_IMAGES"
+
+  attribute {
+    name = "GreenTableHashKey"
+    type = "S"
+  }
+  
+  server_side_encryption {
+    enabled     = true
+    kms_key_arn = aws_kms_key.this.arn
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "256_kms_key_green"
+  deletion_window_in_days = 10
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/provider.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/provider.tf
new file mode 100644
index 000000000..3fe2c9c26
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/terraform.tfvars b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/variables.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/iam/256-policy.json b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/iam/256-policy.json
new file mode 100644
index 000000000..8e079e14d
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/iam/256-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "dynamodb:ListTables",
+                "dynamodb:DescribeTable",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/dynamodb.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/dynamodb.tf
new file mode 100644
index 000000000..1ede45121
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/dynamodb.tf
@@ -0,0 +1,12 @@
+resource "aws_dynamodb_table" "this" {
+  name             = "256_dynamodb_table_red"
+  hash_key         = "RedTableHashKey"
+  billing_mode     = "PAY_PER_REQUEST"
+  stream_enabled   = true
+  stream_view_type = "NEW_AND_OLD_IMAGES"
+
+  attribute {
+    name = "RedTableHashKey"
+    type = "S"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/provider.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/provider.tf
new file mode 100644
index 000000000..f2fbf19f9
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/terraform.tfvars b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/variables.tf b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/green/efs.tf b/terraform/ecc-aws-257-efs_is_encrypted/green/efs.tf
new file mode 100644
index 000000000..dca2674af
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/green/efs.tf
@@ -0,0 +1,4 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "257_efs_green"
+  encrypted      = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/green/provider.tf b/terraform/ecc-aws-257-efs_is_encrypted/green/provider.tf
new file mode 100644
index 000000000..00c842a32
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-257-efs_is_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/green/terraform.tfvars b/terraform/ecc-aws-257-efs_is_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/green/variables.tf b/terraform/ecc-aws-257-efs_is_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/iam/257-policy.json b/terraform/ecc-aws-257-efs_is_encrypted/iam/257-policy.json
new file mode 100644
index 000000000..22d89a46b
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/iam/257-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticfilesystem:DescribeFileSystems",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/red/efs.tf b/terraform/ecc-aws-257-efs_is_encrypted/red/efs.tf
new file mode 100644
index 000000000..8ea06b9c8
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/red/efs.tf
@@ -0,0 +1,4 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "257_efs_red"
+  encrypted      = false
+}
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/red/provider.tf b/terraform/ecc-aws-257-efs_is_encrypted/red/provider.tf
new file mode 100644
index 000000000..d1f5b6771
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-257-efs_is_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/red/terraform.tfvars b/terraform/ecc-aws-257-efs_is_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-257-efs_is_encrypted/red/variables.tf b/terraform/ecc-aws-257-efs_is_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-257-efs_is_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/efs.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/efs.tf
new file mode 100644
index 000000000..c3fc7329e
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/efs.tf
@@ -0,0 +1,16 @@
+resource "aws_kms_key" "this" {
+  description             = "258_kms_key_green"
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/258_kms_key_green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+
+resource "aws_efs_file_system" "this" {
+  creation_token = "258_efs_green"
+  encrypted      = true
+  kms_key_id     = aws_kms_key.this.arn
+}
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/provider.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/provider.tf
new file mode 100644
index 000000000..1c68f1885
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/terraform.tfvars b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/variables.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/iam/258-policy.json b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/iam/258-policy.json
new file mode 100644
index 000000000..d3dc77536
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/iam/258-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticfilesystem:DescribeFileSystems",
+                "tag:GetResources",
+                "kms:DescribeKey",
+                "kms:ListAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/efs.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/efs.tf
new file mode 100644
index 000000000..77ccb576a
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/efs.tf
@@ -0,0 +1,4 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "258_efs_red"
+  encrypted      = true
+}
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/provider.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/provider.tf
new file mode 100644
index 000000000..a319a420f
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/terraform.tfvars b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/variables.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/efs.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/efs.tf
new file mode 100644
index 000000000..3006dbaed
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/efs.tf
@@ -0,0 +1,3 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "258_efs_red1"
+}
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/provider.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/provider.tf
new file mode 100644
index 000000000..063ade88f
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/terraform.tfvars b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/variables.tf b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/elasticache.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/elasticache.tf
new file mode 100644
index 000000000..ff407c261
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/elasticache.tf
@@ -0,0 +1,15 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "elasticache-cluster-259-green"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine               = "redis"
+  replication_group_id = "elasticache-group-259-green"
+  description          = "259_elasticache_group_green"
+  node_type            = "cache.t2.micro"
+  num_cache_clusters   = 1
+  port                 = 6379
+
+  at_rest_encryption_enabled = true
+}
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/provider.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/provider.tf
new file mode 100644
index 000000000..43dc0ae38
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-259-elasticache_redis_clusters_encryption_at_rest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/terraform.tfvars b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/variables.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/iam/259-policy.json b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/iam/259-policy.json
new file mode 100644
index 000000000..1a1bf6d6b
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/iam/259-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/elasticache.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/elasticache.tf
new file mode 100644
index 000000000..3ca8dfa12
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/elasticache.tf
@@ -0,0 +1,14 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "elasticache-cluster-259-red"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                     = "redis"
+  replication_group_id       = "elasticache-group-259-red"
+  description                = "259_elasticache_group_red"
+  node_type                  = "cache.t2.micro"
+  num_cache_clusters         = 1
+  port                       = 6379
+  at_rest_encryption_enabled = false
+}
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/provider.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/provider.tf
new file mode 100644
index 000000000..2a8c02a36
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-259-elasticache_redis_clusters_encryption_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/terraform.tfvars b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/variables.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/elasticache.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/elasticache.tf
new file mode 100644
index 000000000..8088d347e
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/elasticache.tf
@@ -0,0 +1,12 @@
+# Redis Cluster Mode Enabled
+resource "aws_elasticache_replication_group" "this1" {
+  engine                     = "redis"
+  automatic_failover_enabled  = true
+  replication_group_id       = "elasticache-group-259-red1"
+  description                = "259_elasticache_group_red1"
+  node_type                  = "cache.t2.micro"
+  num_node_groups            = 2
+  replicas_per_node_group    = 1
+  port                       = 6379
+  at_rest_encryption_enabled = false
+}
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/provider.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/provider.tf
new file mode 100644
index 000000000..92c6e0922
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-259-elasticache_redis_clusters_encryption_at_rest"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/terraform.tfvars b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/variables.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/elasticache.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/elasticache.tf
new file mode 100644
index 000000000..d0b926c78
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/elasticache.tf
@@ -0,0 +1,10 @@
+# Redis Cluster Mode Disabled
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "elasticache-cluster-259-red2"
+  engine               = "redis"
+  node_type            = "cache.t2.micro"
+  num_cache_nodes      = 1
+  parameter_group_name = "default.redis7"
+  engine_version       = "7.0"
+  port                 = 6379
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/provider.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/provider.tf
new file mode 100644
index 000000000..2a8c02a36
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-259-elasticache_redis_clusters_encryption_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/terraform.tfvars b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/variables.tf b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red2/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/provider.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/provider.tf
new file mode 100644
index 000000000..a7ef78a8d
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-260-redshift_instances_are_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/redshift.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/redshift.tf
new file mode 100644
index 000000000..a5e9f6242
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/redshift.tf
@@ -0,0 +1,17 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-260-green"
+  database_name       = "redshiftgreen"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+  
+  encrypted           = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/terraform.tfvars b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/variables.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/iam/260-policy.json b/terraform/ecc-aws-260-redshift_instances_are_encrypted/iam/260-policy.json
new file mode 100644
index 000000000..e0617d26e
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/iam/260-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/provider.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/provider.tf
new file mode 100644
index 000000000..33c2f1cb0
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-260-redshift_instances_are_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/redshift.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/redshift.tf
new file mode 100644
index 000000000..e100eadf6
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/redshift.tf
@@ -0,0 +1,18 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-260-red"
+  database_name       = "redshiftred"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+
+  encrypted = false
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  lower            = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/terraform.tfvars b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/variables.tf b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-260-redshift_instances_are_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/provider.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/provider.tf
new file mode 100644
index 000000000..f2aac7f8a
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-261-rds_cluster_storage_is_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/rds.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/rds.tf
new file mode 100644
index 000000000..b165b7763
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/rds.tf
@@ -0,0 +1,23 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "rds-261-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "rdsgreen"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+  storage_encrypted   = true
+  kms_key_id          = aws_kms_key.this.arn
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_kms_key" "this" {
+  description             = "261_kms_key_green"
+  deletion_window_in_days = 10
+}
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/terraform.tfvars b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/variables.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/iam/261-policy.json b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/iam/261-policy.json
new file mode 100644
index 000000000..bce523589
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/iam/261-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/provider.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/provider.tf
new file mode 100644
index 000000000..bb1667dc1
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-261-rds_cluster_storage_is_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/rds.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/rds.tf
new file mode 100644
index 000000000..c4b898f18
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/rds.tf
@@ -0,0 +1,17 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "rds-261-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "rdsred"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+  storage_encrypted   = false
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/terraform.tfvars b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/variables.tf b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-261-rds_cluster_storage_is_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/green/provider.tf b/terraform/ecc-aws-262-expired_route53_domain_names/green/provider.tf
new file mode 100644
index 000000000..f4a538869
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-262-expired_route53_domain_names"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/green/register-domain.json b/terraform/ecc-aws-262-expired_route53_domain_names/green/register-domain.json
new file mode 100644
index 000000000..5a1eb31c4
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/green/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "262-domain-green.click",
+    "DurationInYears": 1,
+    "AutoRenew": false,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/green/route53.tf b/terraform/ecc-aws-262-expired_route53_domain_names/green/route53.tf
new file mode 100644
index 000000000..00656bb92
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/green/route53.tf
@@ -0,0 +1,20 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "262-domain-green.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/green/terraform.tfvars b/terraform/ecc-aws-262-expired_route53_domain_names/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/green/variables.tf b/terraform/ecc-aws-262-expired_route53_domain_names/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-262-expired_route53_domain_names/iam/262-policy.json b/terraform/ecc-aws-262-expired_route53_domain_names/iam/262-policy.json
new file mode 100644
index 000000000..280a3209e
--- /dev/null
+++ b/terraform/ecc-aws-262-expired_route53_domain_names/iam/262-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53domains:ListDomains",
+                "route53domains:ListTagsForDomain"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/green/alb.tf b/terraform/ecc-aws-263-enable_elb_access_logs/green/alb.tf
new file mode 100644
index 000000000..de5053a6b
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/green/alb.tf
@@ -0,0 +1,110 @@
+resource "aws_lb" "this" {
+  name               = "lb-263-green"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  load_balancer_type = "application"
+
+  access_logs {
+    bucket  = aws_s3_bucket.this.bucket
+    enabled = true
+  }
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-263-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-263-green/AWSLogs/*"]
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "263_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "rule1" {
+  type      = "ingress"
+  from_port = 22
+  to_port   = 22
+  protocol  = "tcp"
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+}
+resource "aws_security_group_rule" "rule2" {
+  from_port         = 80
+  protocol          = "tcp"
+  security_group_id = aws_security_group.this.id
+  to_port           = 80
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  type = "ingress"
+}
+
+resource "aws_security_group_rule" "rule3" {
+  protocol  = "tcp"
+  from_port = 443
+  to_port   = 443
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+  type              = "ingress"
+}
+resource "aws_security_group_rule" "rule4" {
+  security_group_id = aws_security_group.this.id
+  type              = "egress"
+  from_port         = 0
+  to_port           = 0
+  protocol          = "-1"
+  cidr_blocks = [
+  "0.0.0.0/0"]
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/green/provider.tf b/terraform/ecc-aws-263-enable_elb_access_logs/green/provider.tf
new file mode 100644
index 000000000..368662dbd
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-263-enable_alb_elbv2_access_log"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/green/terraform.tfvars b/terraform/ecc-aws-263-enable_elb_access_logs/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/green/variables.tf b/terraform/ecc-aws-263-enable_elb_access_logs/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/iam/263-policy.json b/terraform/ecc-aws-263-enable_elb_access_logs/iam/263-policy.json
new file mode 100644
index 000000000..ee14d4e10
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/iam/263-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticloadbalancing:DescribeLoadBalancerAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/red/alb.tf b/terraform/ecc-aws-263-enable_elb_access_logs/red/alb.tf
new file mode 100644
index 000000000..9d9bf2270
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/red/alb.tf
@@ -0,0 +1,80 @@
+resource "aws_lb" "this" {
+  name               = "263albred"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  load_balancer_type = "application"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "263_security_group_red"
+  vpc_id      = aws_vpc.this.id
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "rule1" {
+  from_port = 22
+  to_port   = 22
+  protocol  = "tcp"
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+  type      = "ingress"
+}
+
+resource "aws_security_group_rule" "rule2" {
+  from_port         = 80
+  protocol          = "tcp"
+  to_port           = 80
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+  type = "ingress"
+}
+
+resource "aws_security_group_rule" "rule3" {
+  protocol  = "tcp"
+  from_port = 443
+  to_port   = 443
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "rule4" {
+  from_port         = 0
+  to_port           = 0
+  protocol          = "-1"
+  cidr_blocks = [
+  "0.0.0.0/0"
+  ]
+  security_group_id = aws_security_group.this.id
+  type              = "egress"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/red/provider.tf b/terraform/ecc-aws-263-enable_elb_access_logs/red/provider.tf
new file mode 100644
index 000000000..03eec5bce
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-263-enable_alb_elbv2_access_log"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/red/terraform.tfvars b/terraform/ecc-aws-263-enable_elb_access_logs/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-263-enable_elb_access_logs/red/variables.tf b/terraform/ecc-aws-263-enable_elb_access_logs/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-263-enable_elb_access_logs/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/nlb.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/nlb.tf
new file mode 100644
index 000000000..b777da4b2
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/nlb.tf
@@ -0,0 +1,91 @@
+resource "aws_lb" "this" {
+  name               = "nlb-264-green"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+}
+
+###### The step to be done before run infrastructure is to run command below
+# openssl req -x509 -nodes -days 32 -newkey rsa:2048 -keyout private.key -out certificate.crt 
+
+
+resource "aws_lb_target_group" "this" {
+  name     = "lb-target-group-264-green"
+  port     = 443
+  protocol = "TCP"
+  vpc_id   = aws_vpc.this.id
+}
+
+resource "aws_lb_listener" "this" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = "443"
+  protocol          = "TLS"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
+  certificate_arn   = aws_iam_server_certificate.this.arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.arn
+  }
+}
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "264_certificate_green"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "264_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "rule1" {
+  from_port = 443
+  protocol  = "tcp"
+  to_port   = 443
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+
+  security_group_id = aws_security_group.this.id
+  type              = "ingress"
+}
+
+resource "aws_security_group_rule" "allow_egress_all" {
+  from_port = 0
+  to_port   = 0
+  protocol  = "-1"
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+
+  security_group_id = aws_security_group.this.id
+  type              = "egress"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/provider.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/provider.tf
new file mode 100644
index 000000000..b987ad75d
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-264-update_security_policy_of_network_load_balancer"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/terraform.tfvars b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/variables.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/iam/264-policy.json b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/iam/264-policy.json
new file mode 100644
index 000000000..211a7a51f
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/iam/264-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticloadbalancing:DescribeListeners"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/nlb.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/nlb.tf
new file mode 100644
index 000000000..7685a3329
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/nlb.tf
@@ -0,0 +1,89 @@
+###### The step to be done before run infrastructure is to run command below
+# openssl req -x509 -nodes -days 32 -newkey rsa:2048 -keyout private.key -out certificate.crt 
+
+resource "aws_lb" "this" {
+  name               = "nlb-264-red"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+}
+
+resource "aws_lb_target_group" "this" {
+  name     = "lb-target-group-264-red"
+  port     = 443
+  protocol = "TCP"
+  vpc_id   = aws_vpc.this.id
+}
+
+resource "aws_lb_listener" "this" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = "443"
+  protocol          = "TLS"
+  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  certificate_arn   = aws_iam_server_certificate.this.arn
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.this.arn
+  }
+}
+
+
+resource "aws_iam_server_certificate" "this" {
+  name             = "264_certificate_red"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "264_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_security_group_rule" "rule1" {
+  from_port         = 443
+  protocol          = "tcp"
+  security_group_id = aws_security_group.this.id
+  to_port           = 443
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+  type = "ingress"
+}
+
+resource "aws_security_group_rule" "rule2" {
+  from_port = 0
+  to_port   = 0
+  protocol  = "-1"
+  cidr_blocks = [
+    "0.0.0.0/0"
+  ]
+
+  security_group_id = aws_security_group.this.id
+  type              = "egress"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/provider.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/provider.tf
new file mode 100644
index 000000000..f2c43f6b9
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-264-update_security_policy_of_network_load_balancer"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/terraform.tfvars b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/variables.tf b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-264-update_security_policy_of_network_load_balancer/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-267-guardduty_service_is_enabled/green/gd.tf b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/gd.tf
new file mode 100644
index 000000000..c2f4f7a5d
--- /dev/null
+++ b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/gd.tf
@@ -0,0 +1,3 @@
+resource "aws_guardduty_detector" "this" {
+  enable = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-267-guardduty_service_is_enabled/green/provider.tf b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/provider.tf
new file mode 100644
index 000000000..d868aef27
--- /dev/null
+++ b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-267-guardduty_service_is_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-267-guardduty_service_is_enabled/green/terraform.tfvars b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-267-guardduty_service_is_enabled/green/variables.tf b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-267-guardduty_service_is_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-267-guardduty_service_is_enabled/iam/267-policy.json b/terraform/ecc-aws-267-guardduty_service_is_enabled/iam/267-policy.json
new file mode 100644
index 000000000..0b036b757
--- /dev/null
+++ b/terraform/ecc-aws-267-guardduty_service_is_enabled/iam/267-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "iam:ListAccountAliases",
+                "guardduty:ListDetectors"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/iam/272-policy.json b/terraform/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/iam/272-policy.json
new file mode 100644
index 000000000..334a1c4be
--- /dev/null
+++ b/terraform/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/iam/272-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+				"iam:GenerateCredentialReport",
+				"iam:GetCredentialReport"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/iam.tf b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/iam.tf
new file mode 100644
index 000000000..afd1d1bbf
--- /dev/null
+++ b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/iam.tf
@@ -0,0 +1,3 @@
+resource "aws_accessanalyzer_analyzer" "this" {
+  analyzer_name = "accessanalyzer-analyzer-276-green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/provider.tf b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/provider.tf
new file mode 100644
index 000000000..ed8054235
--- /dev/null
+++ b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-276-iam_access_analyzer_is_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/terraform.tfvars b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/variables.tf b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/iam/276-policy.json b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/iam/276-policy.json
new file mode 100644
index 000000000..c4d401bdc
--- /dev/null
+++ b/terraform/ecc-aws-276-iam_access_analyzer_is_enabled/iam/276-policy.json
@@ -0,0 +1,11 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "access-analyzer:ListAnalyzers",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/iam.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/iam.tf
new file mode 100644
index 000000000..325d22a35
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/iam.tf
@@ -0,0 +1,7 @@
+resource "aws_iam_user" "this" {
+  name = "277_user_green"
+}
+
+resource "aws_iam_access_key" "this" {
+  user = aws_iam_user.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/provider.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/provider.tf
new file mode 100644
index 000000000..af8eb4aad
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/terraform.tfvars b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/variables.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/iam/277-policy.json b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/iam/277-policy.json
new file mode 100644
index 000000000..44e100227
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/iam/277-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "iam:ListAccessKeys"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/iam.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/iam.tf
new file mode 100644
index 000000000..5d74dc4ac
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/iam.tf
@@ -0,0 +1,11 @@
+resource "aws_iam_user" "this" {
+  name = "277_user_red"
+}
+
+resource "aws_iam_access_key" "key1" {
+  user = aws_iam_user.this.name
+}
+
+resource "aws_iam_access_key" "key2" {
+  user = aws_iam_user.this.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/provider.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/provider.tf
new file mode 100644
index 000000000..855dcb806
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/terraform.tfvars b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/variables.tf b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/iam.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/iam.tf
new file mode 100644
index 000000000..9903a38c2
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/iam.tf
@@ -0,0 +1,7 @@
+###### The step to be done before run infrastructure is to run command below
+# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt
+resource "aws_iam_server_certificate" "this" {
+  name             = "279_server_certificate_green"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/provider.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/provider.tf
new file mode 100644
index 000000000..369f72033
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/terraform.tfvars b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/variables.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/iam/279-policy.json b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/iam/279-policy.json
new file mode 100644
index 000000000..ada4f0e94
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/iam/279-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "iam:ListServerCertificates",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/iam.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/iam.tf
new file mode 100644
index 000000000..4c08689be
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/iam.tf
@@ -0,0 +1,7 @@
+###### The step to be done before run infrastructure is to run command below
+# openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout second-private.key -out second-certificate.crt - ### we can't create expired certificate
+resource "aws_iam_server_certificate" "this" {
+  name             = "279_server_certificate_red"
+  certificate_body = file("certificate.crt")
+  private_key      = file("private.key")
+}
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/provider.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/provider.tf
new file mode 100644
index 000000000..986533fce
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/terraform.tfvars b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/variables.tf b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/ebs.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/ebs.tf
new file mode 100644
index 000000000..2cae2d62d
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/ebs.tf
@@ -0,0 +1,9 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 5
+  encrypted         = true
+  
+  tags = {
+    Name = "289-ebs-volume-green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/provider.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/provider.tf
new file mode 100644
index 000000000..56f9479f1
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-289-ebs_volume_without_encrypt"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/terraform.tfvars b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/variables.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/iam/289-policy.json b/terraform/ecc-aws-289-ebs_volume_without_encrypt/iam/289-policy.json
new file mode 100644
index 000000000..1cb006dcb
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/iam/289-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/ebs.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/ebs.tf
new file mode 100644
index 000000000..3ff58ba1b
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/ebs.tf
@@ -0,0 +1,8 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 5
+  
+  tags = {
+    Name = "289-ebs-volume-red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/provider.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/provider.tf
new file mode 100644
index 000000000..c902e4c20
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-289-ebs_volume_without_encrypt"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/terraform.tfvars b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/variables.tf b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-289-ebs_volume_without_encrypt/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/green/provider.tf b/terraform/ecc-aws-291-rds_public_access_disabled/green/provider.tf
new file mode 100644
index 000000000..7d130b480
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-291-rds_public_access_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/green/rds.tf b/terraform/ecc-aws-291-rds_public_access_disabled/green/rds.tf
new file mode 100644
index 000000000..82de3ea0f
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/green/rds.tf
@@ -0,0 +1,23 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine              = "mysql"
+  engine_version      = "5.7"
+  instance_class      = "db.t2.micro"
+  allocated_storage   = 10
+  storage_type        = "gp2"
+  db_name             = "database291green"
+  username            = "root"
+  publicly_accessible = false
+  password            = random_password.this.result
+  skip_final_snapshot = true
+
+  tags = {
+    Name = "291_db_instance_green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/green/terraform.tfvars b/terraform/ecc-aws-291-rds_public_access_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/green/variables.tf b/terraform/ecc-aws-291-rds_public_access_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/iam/291-policy.json b/terraform/ecc-aws-291-rds_public_access_disabled/iam/291-policy.json
new file mode 100644
index 000000000..1b7ed2d73
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/iam/291-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/red/provider.tf b/terraform/ecc-aws-291-rds_public_access_disabled/red/provider.tf
new file mode 100644
index 000000000..d69c4d24b
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-291-rds_public_access_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/red/rds.tf b/terraform/ecc-aws-291-rds_public_access_disabled/red/rds.tf
new file mode 100644
index 000000000..06e06ea46
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/red/rds.tf
@@ -0,0 +1,23 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine              = "mysql"
+  engine_version      = "5.7"
+  instance_class      = "db.t2.micro"
+  allocated_storage   = 10
+  storage_type        = "gp2"
+  db_name             = "database291red"
+  username            = "root"
+  publicly_accessible = true
+  password            = random_password.this.result
+  skip_final_snapshot = true
+
+  tags = {
+    Name = "291_db_instance_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/red/terraform.tfvars b/terraform/ecc-aws-291-rds_public_access_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-291-rds_public_access_disabled/red/variables.tf b/terraform/ecc-aws-291-rds_public_access_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-291-rds_public_access_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/api.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/api.tf
new file mode 100644
index 000000000..d7652f0ae
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/api.tf
@@ -0,0 +1,50 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "292_api_green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "292_stage_green"
+  cache_cluster_enabled = true
+  cache_cluster_size    = 0.5
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    caching_enabled      = true
+    cache_data_encrypted = true
+  }
+}
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/provider.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/provider.tf
new file mode 100644
index 000000000..6b4ea204f
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-292-api_gateway_rest_api_encryption_at_rest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/terraform.tfvars b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/variables.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/iam/292-policy.json b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/iam/292-policy.json
new file mode 100644
index 000000000..3bc2c3fa4
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/iam/292-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/api.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/api.tf
new file mode 100644
index 000000000..2d2dea8d8
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/api.tf
@@ -0,0 +1,49 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "292_api_red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "292_stage_red"
+  cache_cluster_enabled = true
+  cache_cluster_size = 0.5
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    caching_enabled = true
+  }
+}
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/provider.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/provider.tf
new file mode 100644
index 000000000..83330d02b
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-292-api_gateway_rest_api_encryption_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/terraform.tfvars b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/variables.tf b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/provider.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/provider.tf
new file mode 100644
index 000000000..bf621751c
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/sg.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/sg.tf
new file mode 100644
index 000000000..fba957115
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "293_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 20
+    to_port     = 20
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/terraform.tfvars b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/variables.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
new file mode 100644
index 000000000..2a65337fe
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/provider.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/provider.tf
new file mode 100644
index 000000000..f15dc9148
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/sg.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/sg.tf
new file mode 100644
index 000000000..d56f29907
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "293_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 20
+    to_port     = 20
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/terraform.tfvars b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/variables.tf b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/green/elb.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/elb.tf
new file mode 100644
index 000000000..605b68bab
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/elb.tf
@@ -0,0 +1,16 @@
+resource "aws_elb" "this" {
+  name               = "elb-294-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+  connection_draining         = true
+  connection_draining_timeout = 400
+}
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/green/provider.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/provider.tf
new file mode 100644
index 000000000..0114cea75
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-294-classic_load_balancers_connection_draining_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/green/terraform.tfvars b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/green/variables.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/iam/294-policy.json b/terraform/ecc-aws-294-clb_connection_draining_enabled/iam/294-policy.json
new file mode 100644
index 000000000..6ce05eb68
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/iam/294-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/red/elb.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/elb.tf
new file mode 100644
index 000000000..969bbe8ed
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/elb.tf
@@ -0,0 +1,14 @@
+resource "aws_elb" "this" {
+  name               = "elb-294-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+}
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/red/provider.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/provider.tf
new file mode 100644
index 000000000..28f3294bb
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-294-classic_load_balancers_connection_draining_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/red/terraform.tfvars b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-294-clb_connection_draining_enabled/red/variables.tf b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-294-clb_connection_draining_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/es.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/es.tf
new file mode 100755
index 000000000..bc5dcefa6
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/es.tf
@@ -0,0 +1,83 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "295_cloudwatch_log_group_green"
+}
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_name = "295_policy_green"
+
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": [
+       "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+      ]
+    }
+  ]
+}
+CONFIG
+}
+
+data "aws_caller_identity" "this" {}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name = "domain-295-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }  
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+
+  node_to_node_encryption {
+    enabled = true
+  }
+  encrypt_at_rest  {
+    enabled    = true
+  }
+
+  advanced_security_options {
+    enabled = true
+    internal_user_database_enabled = true
+    master_user_options {
+       master_user_name = "root"
+       master_user_password = random_password.this.result
+     }
+  }
+
+  domain_endpoint_options {
+    enforce_https = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+  }
+
+  log_publishing_options {
+    cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+    log_type                 = "AUDIT_LOGS"
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "295_kms_key_green"
+  deletion_window_in_days = 10
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/provider.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/provider.tf
new file mode 100755
index 000000000..c3d45075a
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-295-elasticsearch_domains_audit_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/terraform.tfvars
new file mode 100755
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/variables.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/variables.tf
new file mode 100755
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/iam/295-policy.json b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/iam/295-policy.json
new file mode 100644
index 000000000..3545a0256
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/iam/295-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeElasticsearchDomain"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/es.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/es.tf
new file mode 100755
index 000000000..864c4c85a
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/es.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name = "domain-295-red"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }  
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/provider.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/provider.tf
new file mode 100755
index 000000000..932e54125
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-295-elasticsearch_domains_audit_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/terraform.tfvars
new file mode 100755
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/variables.tf b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/variables.tf
new file mode 100755
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/es.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/es.tf
new file mode 100644
index 000000000..0f7bd3719
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/es.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-297-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 3
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/provider.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/provider.tf
new file mode 100644
index 000000000..110f0282c
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/terraform.tfvars b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/variables.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/iam/297-policy.json b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/iam/297-policy.json
new file mode 100644
index 000000000..a8a5d5442
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/iam/297-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeElasticsearchDomains"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/es.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/es.tf
new file mode 100644
index 000000000..bd1c44366
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/es.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-297-red"
+
+  elasticsearch_version = "7.10"
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 2
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/provider.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/provider.tf
new file mode 100644
index 000000000..02e6b1a81
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/terraform.tfvars b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/variables.tf b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/es.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/es.tf
new file mode 100644
index 000000000..67571e104
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/es.tf
@@ -0,0 +1,18 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-298-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+  
+  domain_endpoint_options {
+    enforce_https       = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"    
+  }
+}
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/provider.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/provider.tf
new file mode 100644
index 000000000..1a7482c9a
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/terraform.tfvars b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/variables.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/iam/298-policy.json b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/iam/298-policy.json
new file mode 100644
index 000000000..7804bf99f
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/iam/298-policy.json
@@ -0,0 +1,18 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomain",
+                "es:DescribeElasticsearchDomainConfig",
+                "es:DescribeElasticsearchDomains",
+                "es:DescribeInboundConnections",
+                "es:ESHttpGet"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/es.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/es.tf
new file mode 100644
index 000000000..025d2dc2f
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/es.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-298-red"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/provider.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/provider.tf
new file mode 100644
index 000000000..4e82a1a30
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/terraform.tfvars b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/variables.tf b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/provider.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/provider.tf
new file mode 100644
index 000000000..be3105f0b
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/rds_cluster.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/rds_cluster.tf
new file mode 100644
index 000000000..ae60d38c2
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/rds_cluster.tf
@@ -0,0 +1,24 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier    = "cluster-299-green"
+  engine                = "aurora-mysql"
+  engine_version        = "5.7.mysql_aurora.2.03.2"
+  database_name         = "cluster299green"
+  master_username       = "root"
+  master_password       = random_password.this.result
+  skip_final_snapshot   = true
+  copy_tags_to_snapshot = true
+}
+
+resource "aws_db_cluster_snapshot" "this" {
+  db_cluster_identifier          = aws_rds_cluster.this.id
+  db_cluster_snapshot_identifier = "db-cluster-snapshot-299-green"
+
+  depends_on = [aws_rds_cluster.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/terraform.tfvars b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/variables.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/iam/299-policy.json b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/iam/299-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/iam/299-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/provider.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/provider.tf
new file mode 100644
index 000000000..5e8cd9917
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/rds_cluster.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/rds_cluster.tf
new file mode 100644
index 000000000..6a8efc010
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/rds_cluster.tf
@@ -0,0 +1,23 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-299-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster299red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "aws_db_cluster_snapshot" "this" {
+  db_cluster_identifier          = aws_rds_cluster.this.id
+  db_cluster_snapshot_identifier = "db-cluster-snapshot-299-red"
+
+  depends_on = [aws_rds_cluster.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/terraform.tfvars b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/variables.tf b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/provider.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/provider.tf
new file mode 100644
index 000000000..8bfccde19
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/rds.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/rds.tf
new file mode 100644
index 000000000..d06ffd146
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/rds.tf
@@ -0,0 +1,23 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  db_name              = "database300green"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+  copy_tags_to_snapshot = true
+
+  tags = {
+    Name = "300_db_instance_green"
+  }
+}
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/terraform.tfvars b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/variables.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/iam/300-policy.json b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/iam/300-policy.json
new file mode 100644
index 000000000..cebe8bff4
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/iam/300-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/provider.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/provider.tf
new file mode 100644
index 000000000..8a53b98b7
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/rds.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/rds.tf
new file mode 100644
index 000000000..100b4353a
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/rds.tf
@@ -0,0 +1,22 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  db_name              = "database300red"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+
+  tags = {
+    Name = "300_db_instance_red"
+  }
+}
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/terraform.tfvars b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/variables.tf b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/provider.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..29edd9913
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-306-redshift_clusters_audit_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/redshift.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/redshift.tf
new file mode 100644
index 000000000..5b3d890ac
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/redshift.tf
@@ -0,0 +1,76 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "redshift-306-green"
+  database_name                = "redshift306green"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+  cluster_parameter_group_name = aws_redshift_parameter_group.this.name
+
+  logging {
+    enable      = true
+    bucket_name = aws_s3_bucket.this.id
+  }
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-306-green"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "enable_user_activity_logging"
+    value = "true"
+  }
+}
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-306-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    sid    = "Put bucket policy needed for audit logging"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["redshift.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-306-green/*"]
+  }
+  statement {
+    sid    = "Get bucket policy needed for audit logging "
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["redshift.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-306-green"]
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  min_numeric      = 1
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/variables.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/iam/306-policy.json b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/iam/306-policy.json
new file mode 100644
index 000000000..cae151366
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/iam/306-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+                "redshift:DescribeLoggingStatus",
+                "redshift:DescribeClusterParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/provider.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..d13d6f616
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-306-redshift_clusters_audit_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/redshift.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/redshift.tf
new file mode 100644
index 000000000..bbce99d63
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/redshift.tf
@@ -0,0 +1,27 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "redshift-306-red"
+  database_name                = "redshift306red"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+  cluster_parameter_group_name = aws_redshift_parameter_group.this.name
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-306-red"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "enable_user_activity_logging"
+    value = "false"
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  min_numeric      = 1
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/variables.tf b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-306-redshift_clusters_audit_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/ecs.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/ecs.tf
new file mode 100644
index 000000000..72ef22483
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/ecs.tf
@@ -0,0 +1,41 @@
+resource "aws_ecs_cluster" "this" {
+  name = "308_ecs_cluster_green"
+}
+
+data "aws_ecs_task_definition" "this" {
+  task_definition = aws_ecs_task_definition.this.family
+  depends_on      = [aws_ecs_task_definition.this]
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "service"
+  cpu                      = 256
+  memory                   = 512
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "web",
+    "image": "nginx",
+    "cpu": 2,
+    "memory": 10
+  }
+]
+DEFINITION
+}
+
+
+resource "aws_ecs_service" "this" {
+  name            = "308_ecs_service_green"
+  launch_type     = "FARGATE"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    assign_public_ip = false
+  }
+}
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/provider.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/provider.tf
new file mode 100644
index 000000000..eb65cf7f4
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/route_tables.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/route_tables.tf
new file mode 100644
index 000000000..cf24d3397
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/route_tables.tf
@@ -0,0 +1,31 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "table1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table" "table2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "association1" {
+  subnet_id      = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.table1.id
+}
+
+resource "aws_route_table_association" "association2" {
+  subnet_id      = aws_subnet.subnet2.id
+  route_table_id = aws_route_table.table2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/terraform.tfvars b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/variables.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/vpc.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/vpc.tf
new file mode 100644
index 000000000..019400166
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/green/vpc.tf
@@ -0,0 +1,28 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "308_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/iam/308-policy.json b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/iam/308-policy.json
new file mode 100644
index 000000000..ad24edd92
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/iam/308-policy.json
@@ -0,0 +1,18 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeRegions",
+                "ecs:ListClusters",
+                "ecs:ListContainerInstances",
+                "ecs:DescribeContainerInstances",
+                "ec2:DescribeInstances",
+                "ec2:DescribeVolumes",
+                "ecs:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/ecs.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/ecs.tf
new file mode 100644
index 000000000..f1f99b7c6
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/ecs.tf
@@ -0,0 +1,40 @@
+resource "aws_ecs_cluster" "this" {
+  name = "308_ecs_cluster_red"
+}
+
+data "aws_ecs_task_definition" "this" {
+  task_definition = aws_ecs_task_definition.this.family
+  depends_on = [aws_ecs_task_definition.this]
+}
+
+resource "aws_ecs_task_definition" "this" {
+    family                = "service"
+    cpu             = 256
+    memory          = 512
+    requires_compatibilities = ["FARGATE"]
+    network_mode          = "awsvpc"
+    container_definitions = <<DEFINITION
+[
+  {
+    "name": "web",
+    "image": "nginx",
+    "cpu": 2,
+    "memory": 10
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "308_ecs_service_red"
+  launch_type     = "FARGATE"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    assign_public_ip = true
+  }
+}
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/provider.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/provider.tf
new file mode 100644
index 000000000..793cb29dc
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/route_tables.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/route_tables.tf
new file mode 100644
index 000000000..453ac4ff9
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/route_tables.tf
@@ -0,0 +1,31 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "table1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table" "table2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "association1" {
+  subnet_id = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.table1.id
+}
+
+resource "aws_route_table_association" "association2" {
+  subnet_id = aws_subnet.subnet2.id
+  route_table_id = aws_route_table.table2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/terraform.tfvars b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/variables.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/vpc.tf b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/vpc.tf
new file mode 100644
index 000000000..739736bff
--- /dev/null
+++ b/terraform/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red/vpc.tf
@@ -0,0 +1,28 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "308_security_group_red"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/provider.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/provider.tf
new file mode 100644
index 000000000..02a86addc
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/sg.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/sg.tf
new file mode 100644
index 000000000..cd842f65b
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "309_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 135
+    to_port     = 135
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/terraform.tfvars b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/variables.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
new file mode 100644
index 000000000..2a65337fe
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/provider.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/provider.tf
new file mode 100644
index 000000000..034de2ab3
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/sg.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/sg.tf
new file mode 100644
index 000000000..d11c1b3c9
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "309_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 135
+    to_port     = 135
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/terraform.tfvars b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/variables.tf b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/provider.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/provider.tf
new file mode 100644
index 000000000..8084720cb
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/sg.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/sg.tf
new file mode 100644
index 000000000..245b5bb01
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "310_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 143
+    to_port     = 143
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/terraform.tfvars b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/variables.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
new file mode 100644
index 000000000..2a65337fe
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/provider.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/provider.tf
new file mode 100644
index 000000000..0e806d858
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/sg.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/sg.tf
new file mode 100644
index 000000000..17c33c82b
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "310_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 143
+    to_port     = 143
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/terraform.tfvars b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/variables.tf b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/provider.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/provider.tf
new file mode 100644
index 000000000..b0fc7a5b5
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/sg.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/sg.tf
new file mode 100644
index 000000000..be7978c8d
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/sg.tf
@@ -0,0 +1,24 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "312_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = ["1433", "1434"]
+    content{ 
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["10.0.0.0/16"]
+    }
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/terraform.tfvars b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/variables.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/iam/312-policy.json b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/iam/312-policy.json
new file mode 100644
index 000000000..1a7dd81c1
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/iam/312-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups"              
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/provider.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/provider.tf
new file mode 100644
index 000000000..059526d2d
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/sg.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/sg.tf
new file mode 100644
index 000000000..2df3d08d1
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/sg.tf
@@ -0,0 +1,24 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "312_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = ["1433", "1434"]
+    content {
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/terraform.tfvars b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/variables.tf b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/provider.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/provider.tf
new file mode 100644
index 000000000..7dfa64c3e
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/sg.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/sg.tf
new file mode 100644
index 000000000..fc8508f24
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "313_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 4333
+    to_port     = 4333
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/terraform.tfvars b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/variables.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
new file mode 100644
index 000000000..2a65337fe
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/provider.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/provider.tf
new file mode 100644
index 000000000..079798d21
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/sg.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/sg.tf
new file mode 100644
index 000000000..93cce6191
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "313_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 4333
+    to_port     = 4333
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/terraform.tfvars b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/variables.tf b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/provider.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/provider.tf
new file mode 100644
index 000000000..3d9cc05e1
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/sg.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/sg.tf
new file mode 100644
index 000000000..04121421e
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "314_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 5500
+    to_port     = 5500
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/terraform.tfvars b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/variables.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/iam/314-policy.json b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/iam/314-policy.json
new file mode 100644
index 000000000..fa7447b52
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/iam/314-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",              
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"             
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/provider.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/provider.tf
new file mode 100644
index 000000000..5011c49c4
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/sg.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/sg.tf
new file mode 100644
index 000000000..43e0abde8
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "314_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 5500
+    to_port     = 5500
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/terraform.tfvars b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/variables.tf b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/provider.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/provider.tf
new file mode 100644
index 000000000..c4f454e48
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/sg.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/sg.tf
new file mode 100644
index 000000000..c3d50a835
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "315_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 5601
+    to_port     = 5601
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/terraform.tfvars b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/variables.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/iam/315-policy.json b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/iam/315-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/iam/315-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/provider.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/provider.tf
new file mode 100644
index 000000000..7105667af
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/sg.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/sg.tf
new file mode 100644
index 000000000..475712142
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "315_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 5601
+    to_port     = 5601
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/terraform.tfvars b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/variables.tf b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/provider.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/provider.tf
new file mode 100644
index 000000000..5ac5c24ab
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/sg.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/sg.tf
new file mode 100644
index 000000000..f7056947e
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/sg.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+resource "aws_security_group" "this" {
+  name   = "316_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    cidr_blocks = ["10.0.0.0/16"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/terraform.tfvars b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/variables.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/iam/316-policy.json b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/iam/316-policy.json
new file mode 100644
index 000000000..2273a9015
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/iam/316-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeRegions",
+                "ec2:DescribeSecurityGroupRules"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/provider.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/provider.tf
new file mode 100644
index 000000000..841365f33
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/sg.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/sg.tf
new file mode 100644
index 000000000..6640dccab
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/sg.tf
@@ -0,0 +1,21 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "316_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 8080
+    to_port     = 8080
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/terraform.tfvars b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/variables.tf b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/provider.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/provider.tf
new file mode 100644
index 000000000..77e33a1f2
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/sg.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/sg.tf
new file mode 100644
index 000000000..ef7475c3b
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/sg.tf
@@ -0,0 +1,25 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "317_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = ["9200", "9300"]
+    content{ 
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["10.0.0.0/16"]
+    }
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/terraform.tfvars b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/variables.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/iam/317-policy.json b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/iam/317-policy.json
new file mode 100644
index 000000000..1a7dd81c1
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/iam/317-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups"              
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/provider.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/provider.tf
new file mode 100644
index 000000000..49b441ecd
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/sg.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/sg.tf
new file mode 100644
index 000000000..ee07b4c5a
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/sg.tf
@@ -0,0 +1,25 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "317_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = ["9200", "9300"]
+    content {
+      from_port   = ingress.value
+      to_port     = ingress.value
+      protocol    = "tcp"
+      cidr_blocks = ["0.0.0.0/0"]
+    }
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/terraform.tfvars b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/variables.tf b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/cluster.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/cluster.tf
new file mode 100644
index 000000000..a586fe5ac
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/cluster.tf
@@ -0,0 +1,17 @@
+resource "aws_rds_cluster" "default" {
+  cluster_identifier  = "cluster-318-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster318green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+  port                = 6033
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/provider.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/provider.tf
new file mode 100644
index 000000000..a3827e82d
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/terraform.tfvars b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/variables.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/iam/318-policy.json b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/iam/318-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/iam/318-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/cluster.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/cluster.tf
new file mode 100644
index 000000000..83a70823b
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "default" {
+  cluster_identifier  = "cluster-318-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster318red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/provider.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/provider.tf
new file mode 100644
index 000000000..13b167bf2
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/provider.tf
@@ -0,0 +1,4 @@
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/terraform.tfvars b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/variables.tf b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/provider.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/provider.tf
new file mode 100644
index 000000000..537a77221
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-319-rds_instances_storage_is_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/rds.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/rds.tf
new file mode 100644
index 000000000..c010082ed
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/rds.tf
@@ -0,0 +1,23 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database319green"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+  storage_encrypted     = true
+
+  tags = {
+    Name = "319_db_instance_green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/terraform.tfvars b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/variables.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/iam/319-policy.json b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/iam/319-policy.json
new file mode 100644
index 000000000..805b5cf76
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/iam/319-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/provider.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/provider.tf
new file mode 100644
index 000000000..d110ff760
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-319-rds_instances_storage_is_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/rds.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/rds.tf
new file mode 100644
index 000000000..b475edf2e
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/rds.tf
@@ -0,0 +1,22 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database319red"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+
+  tags = {
+    Name = "319_db_instance_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/terraform.tfvars b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/variables.tf b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-319-rds_instances_storage_is_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/provider.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/provider.tf
new file mode 100644
index 000000000..cc2db5c41
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/snapshot.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/snapshot.tf
new file mode 100644
index 000000000..30cc02c26
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/snapshot.tf
@@ -0,0 +1,28 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database320green"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+  storage_encrypted     = true
+
+  tags = {
+    Name = "320_db_instance_green"
+  }
+}
+
+resource "aws_db_snapshot" "this" {
+  db_instance_identifier = aws_db_instance.this.id
+  db_snapshot_identifier = "snapshot320green"
+}
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/terraform.tfvars b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/variables.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/iam/320-policy.json b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/iam/320-policy.json
new file mode 100644
index 000000000..79eeb50b2
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/iam/320-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBSnapshots"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/provider.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/provider.tf
new file mode 100644
index 000000000..9a470eada
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/snapshot.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/snapshot.tf
new file mode 100644
index 000000000..a3f8046c2
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/snapshot.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database320red"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+
+  tags = {
+    Name = "320_db_instance_red"
+  }
+}
+
+resource "aws_db_snapshot" "this" {
+  db_instance_identifier = aws_db_instance.this.id
+  db_snapshot_identifier = "snapshot320red"
+}
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/terraform.tfvars b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/variables.tf b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-320-rds_snapshots_storage_is_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/api.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/api.tf
new file mode 100644
index 000000000..2cb8a55fd
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/api.tf
@@ -0,0 +1,54 @@
+
+resource "aws_api_gateway_client_certificate" "this" {
+  description = "322_client_certificate_green"
+}
+
+
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "322_api_gateway_rest_api_green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "322_api_gateway_stage_green"
+  client_certificate_id = aws_api_gateway_client_certificate.this.id
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    logging_level = "INFO"
+  }
+}
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/provider.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/provider.tf
new file mode 100644
index 000000000..01c08fe39
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/terraform.tfvars b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/variables.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/iam/322-policy.json b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/iam/322-policy.json
new file mode 100644
index 000000000..3bc2c3fa4
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/iam/322-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/api.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/api.tf
new file mode 100644
index 000000000..d11673a53
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/api.tf
@@ -0,0 +1,47 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "322_api_gateway_rest_api_red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "322_api_gateway_stage_red"
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    logging_level   = "INFO"
+  }
+}
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/provider.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/provider.tf
new file mode 100644
index 000000000..7e1cf46e7
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/terraform.tfvars b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/variables.tf b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/api.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/api.tf
new file mode 100644
index 000000000..9a8ab051b
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/api.tf
@@ -0,0 +1,41 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "323_api_green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "323_stage_green"
+  cache_cluster_enabled = true
+  cache_cluster_size    = 0.5
+  xray_tracing_enabled  = true
+}
+
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/provider.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/provider.tf
new file mode 100644
index 000000000..b40d16d83
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-323-rest_api_aws_x_ray_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/terraform.tfvars b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/variables.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/iam/323-policy.json b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/iam/323-policy.json
new file mode 100644
index 000000000..3bc2c3fa4
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/iam/323-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/api.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/api.tf
new file mode 100644
index 000000000..79c05004a
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/api.tf
@@ -0,0 +1,40 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "323_api_red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "323_stage_red"
+  cache_cluster_enabled = true
+  cache_cluster_size = 0.5
+}
+
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/provider.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/provider.tf
new file mode 100644
index 000000000..66b167e46
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-323-rest_api_aws_x_ray_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/terraform.tfvars b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/variables.tf b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-323-rest_api_aws_x_ray_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/cloudfront.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/cloudfront.tf
new file mode 100644
index 000000000..99eaedf6a
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/cloudfront.tf
@@ -0,0 +1,45 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-324-green"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myGreenS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/provider.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/provider.tf
new file mode 100644
index 000000000..ee3c89409
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-324-cloudfront_default_root_object_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/terraform.tfvars b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/variables.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/iam/324-policy.json b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/iam/324-policy.json
new file mode 100644
index 000000000..6f2408318
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/iam/324-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudfront:ListDistributions",
+                "cloudfront:GetDistributionConfig"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/cloudfront.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/cloudfront.tf
new file mode 100644
index 000000000..a9dbe327b
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-324-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+  
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+ 
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/provider.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/provider.tf
new file mode 100644
index 000000000..75fffe186
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-324-cloudfront_default_root_object_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/terraform.tfvars b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/variables.tf b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-324-cloudfront_default_root_object_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/cloudfront.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/cloudfront.tf
new file mode 100644
index 000000000..a81283146
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/cloudfront.tf
@@ -0,0 +1,90 @@
+resource "aws_s3_bucket" "primary" {
+  bucket        = "primary-bucket-326-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "primary" {
+  bucket = aws_s3_bucket.primary.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket" "failover" {
+  bucket        = "failover-bucket-326-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "failover" {
+  bucket = aws_s3_bucket.failover.id
+  acl    = "private"
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  comment = "origin_access_indentity_326_green"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin_group {
+    origin_id = "groupS3"
+
+    failover_criteria {
+      status_codes = [403, 404, 500, 502]
+    }
+
+    member {
+      origin_id = "primaryS3"
+    }
+
+    member {
+      origin_id = "failoverS3"
+    }
+  }
+
+  origin {
+    domain_name = aws_s3_bucket.primary.bucket_regional_domain_name
+    origin_id   = "primaryS3"
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  origin {
+    domain_name = aws_s3_bucket.failover.bucket_regional_domain_name
+    origin_id   = "failoverS3"
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = "groupS3"
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/provider.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/provider.tf
new file mode 100644
index 000000000..fc48a15ec
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-326-cloudfront_origin_failover_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/terraform.tfvars b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/variables.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/iam/326-policy.json b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/iam/326-policy.json
new file mode 100644
index 000000000..d4780a874
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/iam/326-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "cloudfront:GetDistributionConfig",
+				"cloudfront:ListDistributions",
+				"tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/cloudfront.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/cloudfront.tf
new file mode 100644
index 000000000..d7fdb2fa8
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/cloudfront.tf
@@ -0,0 +1,90 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-326-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myredS3"
+}
+
+data "aws_caller_identity" "this" {
+  provider = aws
+}
+
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = [
+      "s3:GetBucketACL",
+      "s3:PutBucketACL",
+    ]
+
+    resources = [
+      "arn:aws:s3:::bucket-326-red",
+    ]
+
+    principals {
+      type = "AWS"
+
+      identifiers = [
+        data.aws_caller_identity.this.account_id,
+      ]
+    }
+  }
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  logging_config {
+    include_cookies = true
+    bucket          = aws_s3_bucket.this.bucket_regional_domain_name
+    prefix          = "myprefix"
+  }
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  provider = aws
+  comment  = "326_cloudfront_origin_access_identity_red"
+}
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/provider.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/provider.tf
new file mode 100644
index 000000000..746b4cdd7
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-326-cloudfront_origin_failover_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/terraform.tfvars b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/variables.tf b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-326-cloudfront_origin_failover_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/green/dms.tf b/terraform/ecc-aws-327-dms_replication_not_public/green/dms.tf
new file mode 100644
index 000000000..b56b20b54
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/green/dms.tf
@@ -0,0 +1,75 @@
+# Database Migration Service requires the below IAM Roles to be created before
+# replication instances can be created. See the DMS Documentation for
+# additional information: https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#CHAP_Security.APIRole
+#  * dms-vpc-role
+#  * dms-cloudwatch-logs-role
+#  * dms-access-for-endpoint
+
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = aws_iam_role.dms-access-for-endpoint.name
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = aws_iam_role.dms-cloudwatch-logs-role.name
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = aws_iam_role.dms-vpc-role.name
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
+
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  multi_az                   = false
+  publicly_accessible        = false
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-327-green"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/green/provider.tf b/terraform/ecc-aws-327-dms_replication_not_public/green/provider.tf
new file mode 100644
index 000000000..3a277334e
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-327-dms_replication_not_public"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/green/terraform.tfvars b/terraform/ecc-aws-327-dms_replication_not_public/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/green/variables.tf b/terraform/ecc-aws-327-dms_replication_not_public/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/iam/327-policy.json b/terraform/ecc-aws-327-dms_replication_not_public/iam/327-policy.json
new file mode 100644
index 000000000..088b6134e
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/iam/327-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/red/dms.tf b/terraform/ecc-aws-327-dms_replication_not_public/red/dms.tf
new file mode 100644
index 000000000..308f3a409
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/red/dms.tf
@@ -0,0 +1,75 @@
+# Database Migration Service requires the below IAM Roles to be created before
+# replication instances can be created. See the DMS Documentation for
+# additional information: https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#CHAP_Security.APIRole
+#  * dms-vpc-role
+#  * dms-cloudwatch-logs-role
+#  * dms-access-for-endpoint
+
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = aws_iam_role.dms-access-for-endpoint.name
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = aws_iam_role.dms-cloudwatch-logs-role.name
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = data.aws_iam_policy_document.dms_assume_role.json
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = aws_iam_role.dms-vpc-role.name
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
+
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  multi_az                   = false
+  publicly_accessible        = true
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-327-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/red/provider.tf b/terraform/ecc-aws-327-dms_replication_not_public/red/provider.tf
new file mode 100644
index 000000000..855b35cf3
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-327-dms_replication_not_public"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/red/terraform.tfvars b/terraform/ecc-aws-327-dms_replication_not_public/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-327-dms_replication_not_public/red/variables.tf b/terraform/ecc-aws-327-dms_replication_not_public/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-327-dms_replication_not_public/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/dynamodb.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/dynamodb.tf
new file mode 100644
index 000000000..7a4447f3b
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/dynamodb.tf
@@ -0,0 +1,15 @@
+resource "aws_dynamodb_table" "this" {
+  name         = "329_dynamodb_table_green"
+  hash_key     = "GreenTableHashKey"
+  billing_mode = "PAY_PER_REQUEST"
+
+  point_in_time_recovery {
+    enabled = true
+  }
+
+  attribute {
+    name = "GreenTableHashKey"
+    type = "S"
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/provider.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/provider.tf
new file mode 100644
index 000000000..d179cdfc2
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-329-dynamodb_tables_pitr_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/terraform.tfvars b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/variables.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/iam/329-policy.json b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/iam/329-policy.json
new file mode 100644
index 000000000..24fccbe88
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/iam/329-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dynamodb:ListTables",
+                "dynamodb:DescribeTable",
+                "dynamodb:DescribeContinuousBackups",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/dynamodb.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/dynamodb.tf
new file mode 100644
index 000000000..1b7d877af
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/dynamodb.tf
@@ -0,0 +1,10 @@
+resource "aws_dynamodb_table" "this" {
+  name         = "329_dynamodb_table_red"
+  hash_key     = "RedTableHashKey"
+  billing_mode = "PAY_PER_REQUEST"
+
+  attribute {
+    name = "RedTableHashKey"
+    type = "S"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/provider.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/provider.tf
new file mode 100644
index 000000000..7645a9c1c
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-329-dynamodb_tables_pitr_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/terraform.tfvars b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/variables.tf b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-329-dynamodb_tables_pitr_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/dynamodb.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/dynamodb.tf
new file mode 100644
index 000000000..28ea3ed22
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/dynamodb.tf
@@ -0,0 +1,28 @@
+resource "aws_iam_role" "this" {
+  name = "role_for_dax_330_green"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name       = "cluster-330-green"
+  iam_role_arn       = aws_iam_role.this.arn
+  node_type          = "dax.r4.large"
+  replication_factor = 1
+
+  server_side_encryption {
+    enabled = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/provider.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..a835fac5f
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-330-dynamodb_dax_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/variables.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/iam/330-policy.json b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/iam/330-policy.json
new file mode 100644
index 000000000..142b8657b
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/iam/330-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dax:DescribeClusters",
+                "dax:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/dynamodb.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/dynamodb.tf
new file mode 100644
index 000000000..c36841ecf
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/dynamodb.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "this" {
+  name = "role_for_dax_red"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name       = "cluster-330-red"
+  iam_role_arn       = aws_iam_role.this.arn
+  node_type          = "dax.r4.large"
+  replication_factor = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/provider.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..8e2dd53e0
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-330-dynamodb_dax_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/variables.tf b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-330-dynamodb_dax_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-331-ec2_stopped_instance/green/ec2.tf b/terraform/ecc-aws-331-ec2_stopped_instance/green/ec2.tf
new file mode 100644
index 000000000..2d1c3256f
--- /dev/null
+++ b/terraform/ecc-aws-331-ec2_stopped_instance/green/ec2.tf
@@ -0,0 +1,21 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+  provisioner "local-exec" {
+    command = "aws ec2 stop-instances --instance-ids ${aws_instance.this.id}"
+  }
+
+  tags = {
+    Name = "331_instance_green"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-331-ec2_stopped_instance/green/provider.tf b/terraform/ecc-aws-331-ec2_stopped_instance/green/provider.tf
new file mode 100644
index 000000000..45661c26d
--- /dev/null
+++ b/terraform/ecc-aws-331-ec2_stopped_instance/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-331-ec2_stopped_instance"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-331-ec2_stopped_instance/green/terraform.tfvars b/terraform/ecc-aws-331-ec2_stopped_instance/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-331-ec2_stopped_instance/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-331-ec2_stopped_instance/green/variables.tf b/terraform/ecc-aws-331-ec2_stopped_instance/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-331-ec2_stopped_instance/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-331-ec2_stopped_instance/iam/331-policy.json b/terraform/ecc-aws-331-ec2_stopped_instance/iam/331-policy.json
new file mode 100644
index 000000000..1a02f8802
--- /dev/null
+++ b/terraform/ecc-aws-331-ec2_stopped_instance/iam/331-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/ec2.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/ec2.tf
new file mode 100644
index 000000000..ab90c5409
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/ec2.tf
@@ -0,0 +1,24 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  network_interface {
+    network_interface_id = aws_network_interface.this.id
+    device_index         = 0
+  }
+  tags = {
+    Name = "332_instance_green"
+  }
+}
+
+resource "aws_network_interface" "this" {
+  subnet_id = aws_subnet.this.id
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/provider.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/provider.tf
new file mode 100644
index 000000000..3ce857691
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-332-ec2_instance_no_public_ip"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/route_tables.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/route_tables.tf
new file mode 100644
index 000000000..40e968747
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/route_tables.tf
@@ -0,0 +1,17 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/terraform.tfvars b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/variables.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/vpc.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/vpc.tf
new file mode 100644
index 000000000..364600558
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/green/vpc.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_security_group" "this" {
+  name   = "332_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/iam/332-policy.json b/terraform/ecc-aws-332-ec2_instance_no_public_ip/iam/332-policy.json
new file mode 100644
index 000000000..510c2d8d2
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/iam/332-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/ec2.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/ec2.tf
new file mode 100644
index 000000000..717c18ed2
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/ec2.tf
@@ -0,0 +1,29 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  network_interface {
+    network_interface_id = aws_network_interface.this.id
+    device_index         = 0
+  }
+
+  tags = {
+    Name = "332_instance_green"
+  }
+}
+
+resource "aws_network_interface" "this" {
+  subnet_id = aws_subnet.this.id
+
+  tags = {
+    Name = "primary_network_interface"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/provider.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/provider.tf
new file mode 100644
index 000000000..a3b0ef858
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-332-ec2_instance_no_public_ip"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/route_tables.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/route_tables.tf
new file mode 100644
index 000000000..40e968747
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/route_tables.tf
@@ -0,0 +1,17 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/terraform.tfvars b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/variables.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/vpc.tf b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/vpc.tf
new file mode 100644
index 000000000..634d8b140
--- /dev/null
+++ b/terraform/ecc-aws-332-ec2_instance_no_public_ip/red/vpc.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "332_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/provider.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/provider.tf
new file mode 100644
index 000000000..00ebc8df8
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-333-ec2_service_use_vpc_endpoints"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/terraform.tfvars b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/variables.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/vpc.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/vpc.tf
new file mode 100644
index 000000000..0a3d20783
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/green/vpc.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  tags = {
+    Name = "333_vpc_green"
+  }
+}
+
+resource "aws_security_group" "this" {
+  name        = "333_security_group_green"
+  description = "333_security_group_description_green"
+}
+
+resource "aws_vpc_endpoint" "this" {
+  vpc_id            = aws_vpc.this.id
+  service_name      = "com.amazonaws.us-east-1.ec2"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids = [
+    aws_security_group.this.id,
+  ]
+
+  depends_on = [aws_security_group.this, aws_vpc.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/iam/333-policy.json b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/iam/333-policy.json
new file mode 100644
index 000000000..538d1820e
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/iam/333-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcs",
+                "ec2:DescribeVpcEndpoints"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/provider.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/provider.tf
new file mode 100644
index 000000000..e223e1d38
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-333-ec2_service_use_vpc_endpoints"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/terraform.tfvars b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/variables.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/vpc.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/vpc.tf
new file mode 100644
index 000000000..7c7e422ff
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red/vpc.tf
@@ -0,0 +1,23 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  tags = {
+    Name = "333_vpc_red"
+  }
+}
+
+resource "aws_security_group" "this" {
+  name        = "333_security_group_red"
+  description = "333_security_group_description_red"
+}
+
+resource "aws_vpc_endpoint" "this" {
+  vpc_id            = aws_vpc.this.id
+  service_name      = "com.amazonaws.us-east-1.s3"
+  vpc_endpoint_type = "Interface"
+
+  security_group_ids = [
+    aws_security_group.this.id,
+  ]
+
+  depends_on = [aws_security_group.this, aws_vpc.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/provider.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/provider.tf
new file mode 100644
index 000000000..de03eb097
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-333-ec2_service_use_vpc_endpoints"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/terraform.tfvars b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/variables.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/vpc.tf b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/vpc.tf
new file mode 100644
index 000000000..d05880aa9
--- /dev/null
+++ b/terraform/ecc-aws-333-ec2_service_use_vpc_endpoints/red1/vpc.tf
@@ -0,0 +1,6 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  tags = {
+    Name = "333_vpc_red1"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/green/acl.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/acl.tf
new file mode 100644
index 000000000..b0abda375
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/acl.tf
@@ -0,0 +1,14 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_network_acl" "this" {
+  vpc_id             = aws_vpc.this.id
+  subnet_ids         = [aws_subnet.this.id]
+}
+
+resource "aws_subnet" "this" {
+  vpc_id             = aws_vpc.this.id
+  cidr_block         = "10.0.1.0/24"
+  availability_zone  = "us-east-1a"
+}
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/green/provider.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/provider.tf
new file mode 100644
index 000000000..850eda1e7
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-334-vpc_unsued_network_acl"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/green/terraform.tfvars b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/green/variables.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/iam/334-policy.json b/terraform/ecc-aws-334-vpc_unsued_network_acl/iam/334-policy.json
new file mode 100644
index 000000000..b801ded71
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/iam/334-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkAcls"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/red/acl.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/acl.tf
new file mode 100644
index 000000000..a9c592a54
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/acl.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_network_acl" "this" {
+  vpc_id             = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/red/provider.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/provider.tf
new file mode 100644
index 000000000..1bb6e4525
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-334-vpc_unsued_network_acl"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/red/terraform.tfvars b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-334-vpc_unsued_network_acl/red/variables.tf b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-334-vpc_unsued_network_acl/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/ec2.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/ec2.tf
new file mode 100644
index 000000000..5090867b6
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/ec2.tf
@@ -0,0 +1,29 @@
+resource "aws_instance" "this" {
+  ami                         = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  subnet_id                   = aws_subnet.this.id
+
+  tags = {
+    Name = "335_ec2_instance_green"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/provider.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/provider.tf
new file mode 100644
index 000000000..1a8944036
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-335-ec2_instance_should_not_use_multiple_eni"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/terraform.tfvars b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/variables.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/iam/335-policy.json b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/iam/335-policy.json
new file mode 100644
index 000000000..4a3386d8f
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/iam/335-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/ec2.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/ec2.tf
new file mode 100644
index 000000000..714f4b57e
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/ec2.tf
@@ -0,0 +1,39 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  subnet_id     = aws_subnet.this.id
+
+  tags = {
+    Name = "335_ec2_instance_red"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_network_interface" "this" {
+  subnet_id   = aws_subnet.this.id
+  private_ips = ["10.0.1.49"]
+
+  attachment {
+    instance     = aws_instance.this.id
+    device_index = 1
+  }
+}
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/provider.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/provider.tf
new file mode 100644
index 000000000..06a514fe2
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-335-ec2_instance_should_not_use_multiple_eni"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/terraform.tfvars b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/variables.tf b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/ecs.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/ecs.tf
new file mode 100644
index 000000000..5e689e48f
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "336_ecs_task_definition_green"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": true,
+    "user": "test" 
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "336_ecs_service_green"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/provider.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/provider.tf
new file mode 100644
index 000000000..b46b4f573
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/terraform.tfvars b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/variables.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/iam/336-policy.json b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/iam/336-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/iam/336-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/ecs.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/ecs.tf
new file mode 100644
index 000000000..611e7c4a0
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "336_ecs_task_definition_red"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": false,
+    "user": "root" 
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "336_ecs_service_red"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/provider.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/provider.tf
new file mode 100644
index 000000000..d4139eb48
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/terraform.tfvars b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/variables.tf b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/green/efs.tf b/terraform/ecc-aws-337-efs_in_backup_plan/green/efs.tf
new file mode 100644
index 000000000..035e90014
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/green/efs.tf
@@ -0,0 +1,12 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "337_efs_green"
+  encrypted      = true
+}
+
+resource "aws_efs_backup_policy" "policy" {
+  file_system_id = aws_efs_file_system.this.id
+
+  backup_policy {
+    status = "ENABLED"
+  }
+}
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/green/provider.tf b/terraform/ecc-aws-337-efs_in_backup_plan/green/provider.tf
new file mode 100644
index 000000000..77c0b9ccc
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-337-efs_in_backup_plan"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/green/terraform.tfvars b/terraform/ecc-aws-337-efs_in_backup_plan/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/green/variables.tf b/terraform/ecc-aws-337-efs_in_backup_plan/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/iam/337-policy.json b/terraform/ecc-aws-337-efs_in_backup_plan/iam/337-policy.json
new file mode 100644
index 000000000..ba985bb8b
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/iam/337-policy.json
@@ -0,0 +1,11 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "elasticfilesystem:DescribeFileSystems",
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/red/efs.tf b/terraform/ecc-aws-337-efs_in_backup_plan/red/efs.tf
new file mode 100644
index 000000000..5e3ac619a
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/red/efs.tf
@@ -0,0 +1,12 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "337_efs_red"
+  encrypted      = true
+}
+
+resource "aws_efs_backup_policy" "policy" {
+  file_system_id = aws_efs_file_system.this.id
+
+  backup_policy {
+    status = "DISABLED"
+  }
+}
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/red/provider.tf b/terraform/ecc-aws-337-efs_in_backup_plan/red/provider.tf
new file mode 100644
index 000000000..b678e2336
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-337-efs_in_backup_plan"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/red/terraform.tfvars b/terraform/ecc-aws-337-efs_in_backup_plan/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-337-efs_in_backup_plan/red/variables.tf b/terraform/ecc-aws-337-efs_in_backup_plan/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-337-efs_in_backup_plan/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/elastic_beanstalk.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/elastic_beanstalk.tf
new file mode 100644
index 000000000..3f239965f
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/elastic_beanstalk.tf
@@ -0,0 +1,21 @@
+resource "aws_elastic_beanstalk_application" "this" {
+  name        = "338_application_green"
+  description = "338_application_green"
+}
+
+resource "aws_elastic_beanstalk_environment" "this" {
+  name                = "environment-338-green"
+  application         = aws_elastic_beanstalk_application.this.name
+  solution_stack_name = "64bit Amazon Linux 2 v3.3.7 running Python 3.8"
+
+  setting {
+    namespace = "aws:elasticbeanstalk:healthreporting:system"
+    name      = "SystemType"
+    value     = "enhanced"
+  }
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/provider.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/provider.tf
new file mode 100644
index 000000000..1c0a0308e
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/terraform.tfvars b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/variables.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/iam/338-policy.json b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/iam/338-policy.json
new file mode 100644
index 000000000..a01c5b538
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/iam/338-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticbeanstalk:DescribeEnvironments",
+                "elasticbeanstalk:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/elastic_beanstalk.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/elastic_beanstalk.tf
new file mode 100644
index 000000000..3e1b1bdc5
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/elastic_beanstalk.tf
@@ -0,0 +1,21 @@
+resource "aws_elastic_beanstalk_application" "this" {
+  name        = "338_application_red"
+  description = "338_application_red"
+}
+
+resource "aws_elastic_beanstalk_environment" "this" {
+  name                = "environment-338-red"
+  application         = aws_elastic_beanstalk_application.this.name
+  solution_stack_name = "64bit Amazon Linux 2 v3.3.7 running Python 3.8"
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:healthreporting:system"
+    name      = "SystemType"
+    value     = "basic"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/provider.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/provider.tf
new file mode 100644
index 000000000..c1b4dbcf7
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/terraform.tfvars b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/variables.tf b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/alb.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/alb.tf
new file mode 100644
index 000000000..f0b6830a5
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/alb.tf
@@ -0,0 +1,42 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-339-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-339-green/*"]
+  }
+}
+
+resource "aws_alb" "this" {
+  name                       = "alb-339-green"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+  drop_invalid_header_fields = true
+  access_logs {
+    bucket  = aws_s3_bucket.this.id
+    enabled = true
+  }
+}
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/provider.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/provider.tf
new file mode 100644
index 000000000..4c4073101
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-339-alb_drop_invalid_http_header"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/terraform.tfvars b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/variables.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/vpc.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/vpc.tf
new file mode 100644
index 000000000..1a133da28
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/green/vpc.tf
@@ -0,0 +1,32 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "339_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/iam/339-policy.json b/terraform/ecc-aws-339-alb_drop_invalid_http_header/iam/339-policy.json
new file mode 100644
index 000000000..ec485a510
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/iam/339-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+				"elasticloadbalancing:DescribeLoadBalancers",
+				"elasticloadbalancing:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/alb.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/alb.tf
new file mode 100644
index 000000000..d18074a49
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-339-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-339-red/*"]
+  }
+}
+
+resource "aws_alb" "this" {
+  name                       = "alb-339-red"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+  access_logs {
+    bucket  = aws_s3_bucket.this.id
+    enabled = true
+  }
+}
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/provider.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/provider.tf
new file mode 100644
index 000000000..2dd1f5670
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-339-alb_drop_invalid_http_header"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/terraform.tfvars b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/variables.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/vpc.tf b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/vpc.tf
new file mode 100644
index 000000000..d2bb184ea
--- /dev/null
+++ b/terraform/ecc-aws-339-alb_drop_invalid_http_header/red/vpc.tf
@@ -0,0 +1,32 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "339_security_group_red"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/alb.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/alb.tf
new file mode 100644
index 000000000..04ecc2950
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_lb" "this" {
+  name                       = "alb-341-green"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+  enable_deletion_protection = true
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "341_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/provider.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/provider.tf
new file mode 100644
index 000000000..7b19e3f34
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-341-alb_deletion_protection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/terraform.tfvars b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/variables.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/iam/341-policy.json b/terraform/ecc-aws-341-elb_deletion_protection_enabled/iam/341-policy.json
new file mode 100644
index 000000000..d286a18ed
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/iam/341-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancerAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/alb.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/alb.tf
new file mode 100644
index 000000000..398fd9ddf
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_lb" "this" {
+  name                       = "alb-341-Red"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+  enable_deletion_protection = false
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "341_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/provider.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/provider.tf
new file mode 100644
index 000000000..66a725c1a
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-341-alb_deletion_protection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/terraform.tfvars b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/variables.tf b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-341-elb_deletion_protection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/alb.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/alb.tf
new file mode 100644
index 000000000..4db41f84b
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/alb.tf
@@ -0,0 +1,68 @@
+resource "aws_lb" "this" {
+  name                       = "alb-342-green"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+}
+
+resource "aws_lb_listener" "this" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "443"
+      protocol    = "HTTPS"
+      status_code = "HTTP_301"
+    }
+
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "342_security_group_green"
+  vpc_id      = aws_vpc.this.id
+}
+
+resource "aws_security_group_rule" "rule1" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+    security_group_id = aws_security_group.this.id
+  }
+
+resource "aws_security_group_rule" "rule2" {
+    type        = "egress"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+    security_group_id = aws_security_group.this.id
+  }
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/provider.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/provider.tf
new file mode 100644
index 000000000..f30377ff2
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-342-alb_http_to_https_redirection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/terraform.tfvars b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/variables.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/iam/342-policy.json b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/iam/342-policy.json
new file mode 100644
index 000000000..fe3239530
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/iam/342-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeListeners"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/alb.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/alb.tf
new file mode 100644
index 000000000..c49bab687
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/alb.tf
@@ -0,0 +1,68 @@
+resource "aws_lb" "this" {
+  name                       = "alb-342-red"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+}
+
+resource "aws_lb_listener" "this" {
+  load_balancer_arn = aws_lb.this.arn
+  port              = "80"
+  protocol          = "HTTP"
+
+  default_action {
+    type = "redirect"
+
+    redirect {
+      port        = "81"
+      protocol    = "HTTP"
+      status_code = "HTTP_301"
+    }
+
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "342_security_group_green"
+  vpc_id      = aws_vpc.this.id
+}
+
+resource "aws_security_group_rule" "rule1" {
+    type        = "ingress"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+    security_group_id = aws_security_group.this.id
+  }
+
+resource "aws_security_group_rule" "rule2" {
+    type        = "egress"
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+    security_group_id = aws_security_group.this.id
+  }
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/provider.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/provider.tf
new file mode 100644
index 000000000..0892df77b
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-342-alb_http_to_https_redirection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/terraform.tfvars b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/variables.tf b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-342-alb_http_to_https_redirection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/emr.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/emr.tf
new file mode 100644
index 000000000..ae75a24f0
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/emr.tf
@@ -0,0 +1,29 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "343_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ec2_attributes {
+    subnet_id                         = aws_subnet.private.id
+    emr_managed_master_security_group = aws_security_group.master_security_group.id
+    emr_managed_slave_security_group  = aws_security_group.slave_security_group.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+    service_access_security_group     = aws_security_group.service_access_security_group.id
+  }
+
+  master_instance_group {
+    name           = "343_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "343_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.private, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this, aws_nat_gateway.this]
+}
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/iam.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/iam.tf
new file mode 100644
index 000000000..cb4d3b030
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "343_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "343_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "343_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/provider.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/provider.tf
new file mode 100644
index 000000000..507db80f5
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-343-emr_master_nodes_no_public_ip"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/terraform.tfvars b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/variables.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/vpc.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/vpc.tf
new file mode 100644
index 000000000..bd40227bb
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/green/vpc.tf
@@ -0,0 +1,276 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "343_vpc_green"
+  }
+}
+
+resource "aws_subnet" "private" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "public" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "master_security_group" {
+  name                   = "343_master_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
+  }
+  ingress {
+    from_port = 0
+    to_port   = 65535
+    protocol  = "udp"
+    self      = true
+  }
+  ingress {
+    from_port = 0
+    to_port   = 65535
+    protocol  = "tcp"
+    self      = true
+  }
+  ingress {
+    from_port = "-1"
+    to_port   = "-1"
+    protocol  = "icmp"
+    self      = true
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group_rule" "master_sg_ingress1" {
+  type                     = "ingress"
+  from_port                = 8443
+  to_port                  = 8443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.master_security_group.id
+  source_security_group_id = aws_security_group.service_access_security_group.id
+}
+
+resource "aws_security_group_rule" "master_sg_ingress2" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 0
+  protocol                 = "-1"
+  security_group_id        = aws_security_group.master_security_group.id
+  source_security_group_id = aws_security_group.slave_security_group.id
+}
+
+resource "aws_security_group_rule" "master_sg_ingress3" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 65535
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.master_security_group.id
+  source_security_group_id = aws_security_group.slave_security_group.id
+}
+
+resource "aws_security_group_rule" "master_sg_ingress4" {
+  type                     = "ingress"
+  from_port                = "-1"
+  to_port                  = "-1"
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.master_security_group.id
+  source_security_group_id = aws_security_group.slave_security_group.id
+}
+
+resource "aws_security_group_rule" "master_sg_ingress5" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 65535
+  protocol                 = "udp"
+  security_group_id        = aws_security_group.master_security_group.id
+  source_security_group_id = aws_security_group.slave_security_group.id
+}
+
+resource "aws_security_group" "slave_security_group" {
+  name                   = "343_slave_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "-1"
+    self      = true
+  }
+  ingress {
+    from_port = 0
+    to_port   = 65535
+    protocol  = "udp"
+    self      = true
+  }
+  ingress {
+    from_port = 0
+    to_port   = 65535
+    protocol  = "tcp"
+    self      = true
+  }
+  ingress {
+    from_port = "-1"
+    to_port   = "-1"
+    protocol  = "icmp"
+    self      = true
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group_rule" "slave_sg_ingress1" {
+  type                     = "ingress"
+  from_port                = 8443
+  to_port                  = 8443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.slave_security_group.id
+  source_security_group_id = aws_security_group.service_access_security_group.id
+}
+
+resource "aws_security_group_rule" "slave_sg_ingress2" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 0
+  protocol                 = "-1"
+  security_group_id        = aws_security_group.slave_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group_rule" "slave_sg_ingress3" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 65535
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.slave_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group_rule" "slave_sg_ingress4" {
+  type                     = "ingress"
+  from_port                = 0
+  to_port                  = 65535
+  protocol                 = "udp"
+  security_group_id        = aws_security_group.slave_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group_rule" "slave_sg_ingress5" {
+  type                     = "ingress"
+  from_port                = "-1"
+  to_port                  = "-1"
+  protocol                 = "icmp"
+  security_group_id        = aws_security_group.slave_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group" "service_access_security_group" {
+  name   = "343_service_access_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_security_group_rule" "service_access_sg_ingress" {
+  type                     = "ingress"
+  from_port                = 9443
+  to_port                  = 9443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.service_access_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group_rule" "service_access_sg_egress1" {
+  type                     = "egress"
+  from_port                = 8443
+  to_port                  = 8443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.service_access_security_group.id
+  source_security_group_id = aws_security_group.master_security_group.id
+}
+
+resource "aws_security_group_rule" "service_access_sg_egress2" {
+  type                     = "egress"
+  from_port                = 8443
+  to_port                  = 8443
+  protocol                 = "tcp"
+  security_group_id        = aws_security_group.service_access_security_group.id
+  source_security_group_id = aws_security_group.slave_security_group.id
+}
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+resource "aws_eip" "this" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_nat_gateway" "this" {
+  allocation_id = aws_eip.this.id
+  subnet_id     = aws_subnet.public.id
+  depends_on    = [aws_eip.this]
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway" {
+  subnet_id      = aws_subnet.public.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway" {
+  subnet_id      = aws_subnet.private.id
+  route_table_id = aws_route_table.route_table_nat_gateway.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/iam/343-policy.json b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/iam/343-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/iam/343-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/emr.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/emr.tf
new file mode 100644
index 000000000..53d226e79
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/emr.tf
@@ -0,0 +1,31 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "343_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "343_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "343_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/iam.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/iam.tf
new file mode 100644
index 000000000..c3ca55ed3
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "343_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "343_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "343_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/provider.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/provider.tf
new file mode 100644
index 000000000..f43bcd180
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-343-emr_master_nodes_no_public_ip"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/terraform.tfvars b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/variables.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/vpc.tf b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/vpc.tf
new file mode 100644
index 000000000..44aace91b
--- /dev/null
+++ b/terraform/ecc-aws-343-emr_master_nodes_no_public_ip/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "343_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "343_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/es.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/es.tf
new file mode 100644
index 000000000..f8bdd4148
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/es.tf
@@ -0,0 +1,20 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-344-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 3
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+
+  node_to_node_encryption {
+    enabled = true
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/provider.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..720385b10
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-344-elasticsearch_node_to_node_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/variables.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/iam/344-policy.json b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/iam/344-policy.json
new file mode 100644
index 000000000..7767fa7e3
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/iam/344-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeDomains",
+                "es:DescribeElasticsearchDomains"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/es.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/es.tf
new file mode 100644
index 000000000..3bb1bc5a1
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/es.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-344-red"
+
+  elasticsearch_version = "7.10"
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 2
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/provider.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..cab0e9015
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-344-elasticsearch_node_to_node_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/variables.tf b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/es.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/es.tf
new file mode 100644
index 000000000..c7f091a1d
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/es.tf
@@ -0,0 +1,46 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "loggroup-elasticsearch-345"
+}
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_name = "elasticsearch-345"
+
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": "arn:aws:logs:*"
+    }
+  ]
+}
+CONFIG
+}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-345-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+ ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+  
+  log_publishing_options {
+    cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+    log_type                 = "ES_APPLICATION_LOGS"
+  }
+}
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/provider.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/provider.tf
new file mode 100644
index 000000000..f389f861d
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/terraform.tfvars b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/variables.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/iam/345-policy.json b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/iam/345-policy.json
new file mode 100644
index 000000000..45f226fe6
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/iam/345-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeDomains",
+                "es:DescribeElasticsearchDomains",
+				"es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/es.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/es.tf
new file mode 100644
index 000000000..f8a3a9bca
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/es.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-345-red"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+ ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/provider.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/provider.tf
new file mode 100644
index 000000000..186c40137
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/terraform.tfvars b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/variables.tf b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/provider.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/provider.tf
new file mode 100644
index 000000000..b0f77d966
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/rds.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/rds.tf
new file mode 100644
index 000000000..d1b4a4689
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/rds.tf
@@ -0,0 +1,52 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  db_name              = "database346green"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  monitoring_role_arn  = aws_iam_role.this.arn
+  skip_final_snapshot  = true
+  monitoring_interval  = 30
+
+  tags = {
+    Name = "346_db_instance_green"
+  }
+}
+
+resource "aws_iam_role" "this" {
+  name = "346-role-green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "monitoring.rds.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+data "aws_iam_policy" "this" {
+  arn = "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole"
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = data.aws_iam_policy.this.arn
+}
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/terraform.tfvars b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/variables.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/iam/346-policy.json b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/iam/346-policy.json
new file mode 100644
index 000000000..a5a9cc864
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/iam/346-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/provider.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/provider.tf
new file mode 100644
index 000000000..2f5f23247
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/rds.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/rds.tf
new file mode 100644
index 000000000..accbb6c4f
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/rds.tf
@@ -0,0 +1,22 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  db_name              = "database346red"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+
+  tags = {
+    Name = "346_db_instance_red"
+  }
+}
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/terraform.tfvars b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/variables.tf b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/cluster.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/cluster.tf
new file mode 100644
index 000000000..f1f501e39
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/cluster.tf
@@ -0,0 +1,17 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-347-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster347green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+  deletion_protection = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/provider.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/provider.tf
new file mode 100644
index 000000000..f487ad5fc
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/terraform.tfvars b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/variables.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/iam/347-policy.json b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/iam/347-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/iam/347-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/cluster.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/cluster.tf
new file mode 100644
index 000000000..cce13b1bf
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-347-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster347red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/provider.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/provider.tf
new file mode 100644
index 000000000..be73bb1a3
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/terraform.tfvars b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/variables.tf b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-347-rds_cluster_deletion_protection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/provider.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/provider.tf
new file mode 100644
index 000000000..cae8c71c2
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-348-rds_instance_deletion_protection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/rds.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/rds.tf
new file mode 100644
index 000000000..1f5ff6e98
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/rds.tf
@@ -0,0 +1,25 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  engine                  = "mysql"
+  engine_version          = "5.7"
+  instance_class          = "db.t2.micro"
+  allocated_storage       = 10
+  storage_type            = "gp2"
+  db_name                 = "database348green"
+  username                = "root"
+  password                = random_password.this.result
+  multi_az                = true
+  deletion_protection     = true
+  skip_final_snapshot     = true
+
+  tags = {
+    Name = "348_db_instance_green"
+  }
+}
+
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/terraform.tfvars b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/variables.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/iam/348-policy.json b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/iam/348-policy.json
new file mode 100644
index 000000000..545a39a4f
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/iam/348-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/provider.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/provider.tf
new file mode 100644
index 000000000..e60cd7b30
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-348-rds_instance_deletion_protection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/rds.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/rds.tf
new file mode 100644
index 000000000..65ce5823b
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/rds.tf
@@ -0,0 +1,23 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+resource "aws_db_instance" "this" {
+  engine              = "mysql"
+  engine_version      = "5.7"
+  instance_class      = "db.t2.micro"
+  allocated_storage   = 10
+  storage_type        = "gp2"
+  db_name             = "database348red"
+  username            = "root"
+  password            = random_password.this.result
+  multi_az            = true
+  deletion_protection = false
+  skip_final_snapshot = true
+
+  tags = {
+    Name = "348_db_instance_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/terraform.tfvars b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/variables.tf b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-348-rds_instance_deletion_protection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/provider.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..1166c3507
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-349-rds_oracle_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/rds.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..6f33fa797
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/rds.tf
@@ -0,0 +1,26 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-349-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2021-04.rur-2021-04.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green349"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["alert", "audit", "listener", "trace"]
+
+  tags = {
+    Name = "349_db_instance_green"
+  }
+}
+
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/variables.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/iam/349-policy.json b/terraform/ecc-aws-349-rds_oracle_logging_enabled/iam/349-policy.json
new file mode 100644
index 000000000..021fa87cd
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/iam/349-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/provider.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..bc606c10f
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-349-rds_oracle_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/rds.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..2d08a220c
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/rds.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-349-red"
+  engine                          = "oracle-se2"
+  engine_version                  = "19.0.0.0.ru-2021-04.rur-2021-04.r1"
+  instance_class                  = "db.t3.small"
+  license_model                   = "bring-your-own-license"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red349"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["alert", "audit", "listener"]
+
+  tags = {
+    Name = "349_db_instance_red"
+  }
+}
+
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/variables.tf b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-349-rds_oracle_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/provider.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..c2813cda1
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-350-rds_postgresql_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/rds.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..dac54efe4
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/rds.tf
@@ -0,0 +1,41 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-350-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green350"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql", "upgrade"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  tags = {
+    Name = "350_db_instance_green"
+  }
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-350-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/variables.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/iam/350-policy.json b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/iam/350-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/iam/350-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/provider.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..9ae9c7ce5
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-350-rds_postgresql_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/rds.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..9288c29b9
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/rds.tf
@@ -0,0 +1,38 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-350-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red350"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  tags = {
+    Name = "350_db_instance_red"
+  }
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-350-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+}
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/variables.tf b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-350-rds_postgresql_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/provider.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..4fcba2423
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-351-rds_mysql_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/rds.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..3130721f4
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/rds.tf
@@ -0,0 +1,46 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-351-green"
+  engine                          = "mysql"
+  engine_version                  = "8.0.26"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green351"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit","error","general","slowquery"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  tags = {
+    Name = "351_db_instance_green"
+  }
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-351-green"
+  family = "mysql8.0"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }  
+}
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/variables.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/iam/351-policy.json b/terraform/ecc-aws-351-rds_mysql_logging_enabled/iam/351-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/iam/351-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/provider.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..b59cdc504
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-351-rds_mysql_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/rds.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..4f004dcbd
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/rds.tf
@@ -0,0 +1,38 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-351-red"
+  engine                          = "mysql"
+  engine_version                  = "8.0.26"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red351"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit","error","general","slowquery"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  tags = {
+    Name = "351_db_instance_red"
+  }
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-351-red"
+  family = "mysql8.0"
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+}
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/variables.tf b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-351-rds_mysql_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/provider.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..0188ce15b
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-353-rds_sql_server_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/rds.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..ce2b2aaae
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/rds.tf
@@ -0,0 +1,24 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-353-green"
+  engine                          = "sqlserver-web"
+  engine_version                  = "15.00.4073.23.v1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 20
+  storage_type                    = "gp2"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["agent", "error"]
+
+  tags = {
+    Name = "352_db_instance_green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/variables.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/iam/353-policy.json b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/iam/353-policy.json
new file mode 100644
index 000000000..021fa87cd
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/iam/353-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/provider.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..160da83f7
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-353-rds_sql_server_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/rds.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..94a7321cc
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/rds.tf
@@ -0,0 +1,25 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-353-red"
+  engine                          = "sqlserver-web"
+  engine_version                  = "15.00.4073.23.v1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 20
+  license_model                   = "license-included"
+  storage_type                    = "gp2"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["agent"]
+
+  tags = {
+    Name = "352_db_instance_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/variables.tf b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-353-rds_sql_server_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/provider.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..919296b6b
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-354-rds_aurora_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/rds.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..497cba6d6
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/rds.tf
@@ -0,0 +1,70 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-354-green"
+  engine                          = "aurora"
+  engine_version                  = "5.6.mysql_aurora.1.21.0"
+  database_name                   = "green354"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-354-green"
+  family = "aurora5.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-354-green"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-354-green"
+  family = "aurora5.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/variables.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/iam/354-policy.json b/terraform/ecc-aws-354-rds_aurora_logging_enabled/iam/354-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/iam/354-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/provider.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..171fc9a2f
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-354-rds_aurora_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/rds.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..33ca16f4d
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/rds.tf
@@ -0,0 +1,57 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-354-red"
+  engine                          = "aurora"
+  engine_version                  = "5.6.mysql_aurora.1.21.0"
+  database_name                   = "red354"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-354-red"
+  family = "aurora5.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-354-red"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-354-red"
+  family = "aurora5.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+}
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/variables.tf b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-354-rds_aurora_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/provider.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..2a6ce48aa
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-355-rds_aurora_mysql_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/rds.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..2a37a6e44
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/rds.tf
@@ -0,0 +1,70 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-355-green"
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7.mysql_aurora.2.10.0"
+  database_name                   = "green355"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-355-green"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-355-green"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-355-green"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/variables.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/iam/355-policy.json b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/iam/355-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/iam/355-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/provider.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..dbb039eec
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-355-rds_aurora_mysql_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/rds.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..79d7f3677
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/rds.tf
@@ -0,0 +1,57 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-355-red"
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7.mysql_aurora.2.10.0"
+  database_name                   = "red355"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-355-red"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-355-red"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-355-red"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/variables.tf b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-355-rds_aurora_mysql_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/provider.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..b04e58a7b
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-356-rds_aurora_postgresql_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/rds.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..29f750b50
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/rds.tf
@@ -0,0 +1,62 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-356-green"
+  engine                          = "aurora-postgresql"
+  engine_version                  = "13.3"
+  database_name                   = "green356"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-356-green"
+  family = "aurora-postgresql13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-356-green"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t3.medium"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-356-green"
+  family = "aurora-postgresql13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+
+}
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/variables.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/iam/356-policy.json b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/iam/356-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/iam/356-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/provider.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..2039aa48a
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-356-rds_aurora_postgresql_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/rds.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..2e07d3104
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/rds.tf
@@ -0,0 +1,52 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-356-red"
+  engine                          = "aurora-postgresql"
+  engine_version                  = "13.3"
+  database_name                   = "red356"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-356-red"
+  family = "aurora-postgresql13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-356-red"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t3.medium"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-356-red"
+  family = "aurora-postgresql13"
+
+}
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/variables.tf b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/provider.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/provider.tf
new file mode 100644
index 000000000..66526b044
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-357-rds_instance_iam_authentication_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/rds.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/rds.tf
new file mode 100644
index 000000000..ff020efdd
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/rds.tf
@@ -0,0 +1,21 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage                   = 10
+  engine                              = "mysql"
+  engine_version                      = "5.7"
+  instance_class                      = "db.t3.micro"
+  db_name                                = "database357green"
+  username                            = "root"
+  password                            = random_password.this.result
+  parameter_group_name                = "default.mysql5.7"
+  skip_final_snapshot                 = true
+  iam_database_authentication_enabled = true
+
+}
+
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/terraform.tfvars b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/variables.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/iam/357-policy.json b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/iam/357-policy.json
new file mode 100644
index 000000000..a5a9cc864
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/iam/357-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/provider.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/provider.tf
new file mode 100644
index 000000000..2dc5af738
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-357-rds_instance_iam_authentication_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/rds.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/rds.tf
new file mode 100644
index 000000000..0215e8480
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/rds.tf
@@ -0,0 +1,19 @@
+resource "aws_db_instance" "this" {
+  allocated_storage    = 10
+  engine               = "mysql"
+  engine_version       = "5.7"
+  instance_class       = "db.t3.micro"
+  db_name                 = "database357red"
+  username             = "root"
+  password             = random_password.this.result
+  parameter_group_name = "default.mysql5.7"
+  skip_final_snapshot  = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/terraform.tfvars b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/variables.tf b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-357-rds_instance_iam_authentication_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/cluster.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/cluster.tf
new file mode 100644
index 000000000..27d105974
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/cluster.tf
@@ -0,0 +1,18 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier                  = "cluster-358-green"
+  engine                              = "aurora-mysql"
+  engine_version                      = "5.7.mysql_aurora.2.03.2"
+  database_name                       = "cluster358green"
+  master_username                     = "root"
+  master_password                     = random_password.this.result
+  skip_final_snapshot                 = true
+  iam_database_authentication_enabled = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/provider.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/provider.tf
new file mode 100644
index 000000000..c039ee0cf
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-358-rds_cluster_iam_authentication_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/terraform.tfvars b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/terraform.tfvars
new file mode 100644
index 000000000..7512f8569
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "default"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/variables.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/iam/347-policy.json b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/iam/347-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/iam/347-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/cluster.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/cluster.tf
new file mode 100644
index 000000000..0236d0159
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/cluster.tf
@@ -0,0 +1,17 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-358-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster358red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/provider.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/provider.tf
new file mode 100644
index 000000000..12b778357
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-358-rds_cluster_iam_authentication_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/terraform.tfvars b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/terraform.tfvars
new file mode 100644
index 000000000..7512f8569
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "default"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/variables.tf b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-358-rds_cluster_iam_authentication_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/cluster.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/cluster.tf
new file mode 100644
index 000000000..12e9d4a42
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/cluster.tf
@@ -0,0 +1,18 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-359-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.07.2"
+  database_name       = "cluster359green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+  backtrack_window    = 600
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/provider.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/provider.tf
new file mode 100644
index 000000000..27dd1e2e6
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/terraform.tfvars b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/variables.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/iam/359-policy.json b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/iam/359-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/iam/359-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/cluster.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/cluster.tf
new file mode 100644
index 000000000..7438cde4c
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/cluster.tf
@@ -0,0 +1,17 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-359-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.07.2"
+  database_name       = "cluster359red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/provider.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/provider.tf
new file mode 100644
index 000000000..f584be956
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/terraform.tfvars b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/variables.tf b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/cluster.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/cluster.tf
new file mode 100644
index 000000000..07bf929b8
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/cluster.tf
@@ -0,0 +1,42 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-360-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster360green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster_instance" "instance1" {
+  identifier         = "rds-cluster-instance1-360-red"
+  cluster_identifier = aws_rds_cluster.this.id
+  instance_class     = "db.t2.small"
+  engine             = aws_rds_cluster.this.engine
+  engine_version     = aws_rds_cluster.this.engine_version
+  availability_zone  = "us-east-1d"
+  depends_on = [
+    aws_rds_cluster.this
+  ]
+}
+
+resource "aws_rds_cluster_instance" "instance2" {
+  identifier         = "rds-cluster-instance2-360-red"
+  cluster_identifier = aws_rds_cluster.this.id
+  instance_class     = "db.t2.small"
+  engine             = aws_rds_cluster.this.engine
+  engine_version     = aws_rds_cluster.this.engine_version
+  availability_zone  = "us-east-1c"
+
+  depends_on = [
+    aws_rds_cluster.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/provider.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/provider.tf
new file mode 100644
index 000000000..4254d47d5
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-360-rds_cluster_multi_az_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/terraform.tfvars b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/variables.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/iam/360-policy.json b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/iam/360-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/iam/360-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/cluster.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/cluster.tf
new file mode 100644
index 000000000..fe9e368e3
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/cluster.tf
@@ -0,0 +1,28 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "rds-cluster-360-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.03.2"
+  database_name       = "cluster360red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier         = "rds-cluster-instance-360-red"
+  cluster_identifier = aws_rds_cluster.this.id
+  instance_class     = "db.t2.small"
+  engine             = aws_rds_cluster.this.engine
+  engine_version     = aws_rds_cluster.this.engine_version
+  depends_on = [
+    aws_rds_cluster.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/provider.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/provider.tf
new file mode 100644
index 000000000..595535d80
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-360-rds_cluster_multi_az_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/terraform.tfvars b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/variables.tf b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-360-rds_cluster_multi_az_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/provider.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/provider.tf
new file mode 100644
index 000000000..01f49e33b
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-361-redshift_cluster_encrypted_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/redshift.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/redshift.tf
new file mode 100644
index 000000000..3eeb0f630
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/redshift.tf
@@ -0,0 +1,26 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "c7n-361-redshift-green"
+  database_name                = "c7nredshiftgreen"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+  cluster_parameter_group_name = aws_redshift_parameter_group.this.name
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-361-green"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "require_ssl"
+    value = "true"
+  }
+}
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/terraform.tfvars b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/variables.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/iam/361-policy.json b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/iam/361-policy.json
new file mode 100644
index 000000000..9687a1cc4
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/iam/361-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusterParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/provider.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/provider.tf
new file mode 100644
index 000000000..3d6644df2
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-361-redshift_cluster_encrypted_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/redshift.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/redshift.tf
new file mode 100644
index 000000000..bc909899a
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/redshift.tf
@@ -0,0 +1,26 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "c7n-361-redshift-red"
+  database_name                = "redshiftred"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+  cluster_parameter_group_name = aws_redshift_parameter_group.this.name
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-361-red"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "require_ssl"
+    value = "false"
+  }
+}
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/terraform.tfvars b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/variables.tf b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-361-redshift_cluster_encrypted_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/provider.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/provider.tf
new file mode 100644
index 000000000..7b4711c85
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-362-redshift_cluster_automatic_snapshot_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/redshift.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/redshift.tf
new file mode 100644
index 000000000..30709d43f
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier                  = "c7n-362-redshift-green"
+  database_name                       = "c7nredshiftgreen"
+  master_username                     = "root"
+  master_password                     = random_password.this.result
+  node_type                           = "dc2.large"
+  skip_final_snapshot                 = true
+  automated_snapshot_retention_period = 7
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/terraform.tfvars b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/variables.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/iam/362-policy.json b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/iam/362-policy.json
new file mode 100644
index 000000000..ea4f3e0d3
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/iam/362-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/provider.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/provider.tf
new file mode 100644
index 000000000..bf7cdadd7
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-362-redshift_cluster_automatic_snapshot_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/redshift.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/redshift.tf
new file mode 100644
index 000000000..27c3a6e83
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-362-redshift-red"
+  database_name       = "c7nredshiftred"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/terraform.tfvars b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/variables.tf b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/provider.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/provider.tf
new file mode 100644
index 000000000..0e1d77c6f
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/redshift.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/redshift.tf
new file mode 100644
index 000000000..88c910c58
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier    = "c7n-363-redshift-green"
+  database_name         = "c7nredshiftgreen"
+  master_username       = "root"
+  master_password       = random_password.this.result
+  node_type             = "dc2.large"
+  skip_final_snapshot   = true
+  allow_version_upgrade = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+}
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/terraform.tfvars b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/variables.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
new file mode 100644
index 000000000..0240d8128
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/provider.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/provider.tf
new file mode 100644
index 000000000..720d9d03d
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/redshift.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/redshift.tf
new file mode 100644
index 000000000..a2cc9c084
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier    = "c7n-363-redshift-red"
+  database_name         = "c7nredshiftred"
+  master_username       = "root"
+  master_password       = random_password.this.result
+  node_type             = "dc2.large"
+  skip_final_snapshot   = true
+  allow_version_upgrade = false
+}
+
+resource "random_password" "this" {
+  length      = 10
+  special     = true
+  min_numeric = 1
+}
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/terraform.tfvars b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/variables.tf b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/provider.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/provider.tf
new file mode 100644
index 000000000..4245ead6e
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/redshift.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/redshift.tf
new file mode 100644
index 000000000..94936376a
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier   = "c7n-364-redshift-green"
+  database_name        = "c7nredshiftgreen"
+  master_username      = "root"
+  master_password      = random_password.this.result
+  node_type            = "dc2.large"
+  skip_final_snapshot  = true
+  enhanced_vpc_routing = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/terraform.tfvars b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/variables.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/iam/364-policy.json b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/iam/364-policy.json
new file mode 100644
index 000000000..e0617d26e
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/iam/364-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/provider.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/provider.tf
new file mode 100644
index 000000000..7d6845673
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/redshift.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/redshift.tf
new file mode 100644
index 000000000..da4bb690a
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier   = "c7n-364-redshift-red"
+  database_name        = "c7nredshiftred"
+  master_username      = "root"
+  master_password      = random_password.this.result
+  node_type            = "dc2.large"
+  skip_final_snapshot  = true
+  enhanced_vpc_routing = false
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/terraform.tfvars b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/variables.tf b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/provider.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..ae14ecfab
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-368-sns_kms_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/sns.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/sns.tf
new file mode 100644
index 000000000..7ea048512
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/sns.tf
@@ -0,0 +1,4 @@
+resource "aws_sns_topic" "this" {
+  name              = "rule-368-green"
+  kms_master_key_id = "alias/aws/sns"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/variables.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/iam/368-policy.json b/terraform/ecc-aws-368-sns_kms_encryption_enabled/iam/368-policy.json
new file mode 100644
index 000000000..f367906a3
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/iam/368-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "sns:GetTopicAttributes",
+				"sns:ListTagsForResource",
+				"sns:ListTopics"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/provider.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..cf13e1cf0
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-368-sns_kms_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/sns.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/sns.tf
new file mode 100644
index 000000000..4b7720537
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "user_updates" {
+  name              = "rule-368-red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/variables.tf b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-368-sns_kms_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/ec2.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/ec2.tf
new file mode 100644
index 000000000..1e8886d3d
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/ec2.tf
@@ -0,0 +1,36 @@
+resource "aws_instance" "this" {
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+  security_groups      = [aws_security_group.this.name]
+  
+  tags = {
+    Name = "370_instance_green"
+  }
+
+  depends_on = [aws_security_group.this, aws_iam_instance_profile.this]
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_ssm_association" "this" {
+  name                = "AWS-UpdateSSMAgent"
+  association_name    = "370_association_green"
+  compliance_severity = "MEDIUM"
+  schedule_expression = "rate(30 minutes)"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  depends_on = [aws_instance.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/iam.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/iam.tf
new file mode 100644
index 000000000..ec0b4104b
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/iam.tf
@@ -0,0 +1,23 @@
+resource "aws_iam_instance_profile" "this" {
+  name = "370_profile_green"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "370_role_green"
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+    "Effect": "Allow",
+    "Principal": {"Service": "ec2.amazonaws.com"},
+    "Action": "sts:AssumeRole"
+     }
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/provider.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/provider.tf
new file mode 100644
index 000000000..4179686d6
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-370-ec2_instance_managed_by_systems_manager"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/terraform.tfvars b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/variables.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/vpc.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/vpc.tf
new file mode 100644
index 000000000..adf245aa3
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/green/vpc.tf
@@ -0,0 +1,32 @@
+data "aws_vpc" "this" {
+  default = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "370_security_group_green"
+  vpc_id = data.aws_vpc.this.id
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/iam/370-policy.json b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/iam/370-policy.json
new file mode 100644
index 000000000..5510fd120
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/iam/370-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "tag:GetResources",
+                "ssm:DescribeInstanceInformation"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/ec2.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/ec2.tf
new file mode 100644
index 000000000..ef9030f9b
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/ec2.tf
@@ -0,0 +1,18 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+  tags = {
+    Name = "370_instance_red"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/provider.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/provider.tf
new file mode 100644
index 000000000..2b9524dce
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-370-ec2_instance_managed_by_systems_manager"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/terraform.tfvars b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/variables.tf b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-370-ec2_instance_managed_by_systems_manager/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/ec2.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/ec2.tf
new file mode 100644
index 000000000..936414ffb
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/ec2.tf
@@ -0,0 +1,36 @@
+resource "aws_instance" "this" {
+  ami                  = data.aws_ami.this.id
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+  security_groups      = [aws_security_group.this.name]
+  
+  tags = {
+    Name = "371_instance_green"
+  }
+
+  depends_on = [aws_security_group.this, aws_iam_instance_profile.this]
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_ssm_association" "this" {
+  name                = "AWS-UpdateSSMAgent"
+  association_name    = "371_association_green"
+  compliance_severity = "MEDIUM"
+  schedule_expression = "rate(30 minutes)"
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  depends_on = [aws_instance.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/iam.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/iam.tf
new file mode 100644
index 000000000..7d848b458
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/iam.tf
@@ -0,0 +1,23 @@
+resource "aws_iam_instance_profile" "this" {
+  name = "371_profile_green"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "371_role_green"
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+    "Effect": "Allow",
+    "Principal": {"Service": "ec2.amazonaws.com"},
+    "Action": "sts:AssumeRole"
+     }
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/provider.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/provider.tf
new file mode 100644
index 000000000..b52fe27c4
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-371-ec2_managed_instance_association_compliance_status_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/terraform.tfvars b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/variables.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/vpc.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/vpc.tf
new file mode 100644
index 000000000..c541d7ec4
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/green/vpc.tf
@@ -0,0 +1,32 @@
+data "aws_vpc" "this" {
+  default = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "371_security_group_green"
+  vpc_id = data.aws_vpc.this.id
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/iam/371-policy.json b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/iam/371-policy.json
new file mode 100644
index 000000000..927cdf83b
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/iam/371-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ssm:ListResourceComplianceSummaries"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/ec2.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/ec2.tf
new file mode 100644
index 000000000..56fb0cf24
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/ec2.tf
@@ -0,0 +1,32 @@
+resource "aws_instance" "this" {
+  ami                  = "ami-04ad2567c9e3d7893"
+  instance_type        = "t2.micro"
+  iam_instance_profile = aws_iam_instance_profile.this.name
+  security_groups      = [aws_security_group.this.name]
+  
+  tags = {
+    Name = "371_instance_red"
+  }
+
+  depends_on = [aws_security_group.this, aws_iam_instance_profile.this]
+}
+
+resource "aws_ssm_association" "this" {
+  name                = "AWS-ConfigureAWSPackage"
+  association_name    = "371_association_red"
+  compliance_severity = "LOW"
+  schedule_expression = "rate(30 minutes)"
+
+  parameters = {
+    action = "Install"
+    installationType = "In-place update"
+    name = "AmazonCloudWatchAgent"
+  }
+
+  targets {
+    key    = "InstanceIds"
+    values = [aws_instance.this.id]
+  }
+
+  depends_on = [aws_instance.this]
+}
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/iam.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/iam.tf
new file mode 100644
index 000000000..5af715186
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/iam.tf
@@ -0,0 +1,23 @@
+ resource "aws_iam_instance_profile" "this" {
+  name = "371_profile_red"
+  role = aws_iam_role.this.name
+}
+
+resource "aws_iam_role" "this" {
+  name               = "371_role_red"
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": {
+    "Effect": "Allow",
+    "Principal": {"Service": "ec2.amazonaws.com"},
+    "Action": "sts:AssumeRole"
+     }
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+} 
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/provider.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/provider.tf
new file mode 100644
index 000000000..7f0c0d2d9
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-371-ec2_managed_instance_association_compliance_status_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/terraform.tfvars b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/variables.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/vpc.tf b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/vpc.tf
new file mode 100644
index 000000000..138eb9ef3
--- /dev/null
+++ b/terraform/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red/vpc.tf
@@ -0,0 +1,32 @@
+data "aws_vpc" "this" {
+  default = true
+}
+
+resource "aws_security_group" "this" {
+  name   = "371_security_group_red"
+  vpc_id = data.aws_vpc.this.id
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 443
+    to_port     = 443
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+} 
\ No newline at end of file
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/ec2.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/ec2.tf
new file mode 100644
index 000000000..42e2bb39b
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/ec2.tf
@@ -0,0 +1,25 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+  metadata_options {
+    http_endpoint = "enabled"
+    http_tokens   = "required"
+  }
+  
+  tags = {
+    Name             = "372_instance_green"
+    CustodianRule    = "ecc-aws-372-ec2_instance_imdsv2_enabled"
+    ComplianceStatus = "Green"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/provider.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/provider.tf
new file mode 100644
index 000000000..044c9d07b
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-372-ec2_instance_imdsv2_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/terraform.tfvars b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/variables.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/iam/372.json b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/iam/372.json
new file mode 100644
index 000000000..fa52ff5c3
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/iam/372.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances",
+                "ec2:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/ec2.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/ec2.tf
new file mode 100644
index 000000000..5c6ace0cc
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/ec2.tf
@@ -0,0 +1,25 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+  metadata_options {
+    http_tokens = "optional"
+    http_endpoint = "enabled"
+  }
+  
+  tags = {
+    Name             = "372_instance_red"
+    CustodianRule    = "ecc-aws-372-ec2_instance_imdsv2_enabled"
+    ComplianceStatus = "Red"
+  }  
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/provider.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/provider.tf
new file mode 100644
index 000000000..e65d795ab
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-372-ec2_instance_imdsv2_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/terraform.tfvars b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/variables.tf b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-372-ec2_instance_imdsv2_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/eks.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/eks.tf
new file mode 100644
index 000000000..0604d9cad
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/eks.tf
@@ -0,0 +1,44 @@
+resource "aws_eks_cluster" "this" {
+  name                      = "373_eks_cluster_green"
+  role_arn                  = aws_iam_role.this.arn
+  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-373-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/provider.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..eed0b0727
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-373-eks_control_plane_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/variables.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/vpc.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/vpc.tf
new file mode 100644
index 000000000..58f0f6e7b
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/iam/373-policy.json b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/iam/373-policy.json
new file mode 100644
index 000000000..4adc151cd
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/iam/373-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:DescribeCluster",
+                "eks:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/eks.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/eks.tf
new file mode 100644
index 000000000..069da65f9
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/eks.tf
@@ -0,0 +1,43 @@
+resource "aws_eks_cluster" "this" {
+  name                      = "373_eks_cluster_red"
+  role_arn                  = aws_iam_role.this.arn
+  enabled_cluster_log_types = ["api", "audit", "controllerManager", "scheduler"]
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-373-cluster-red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/provider.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..bb7ddbebb
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-373-eks_control_plane_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/variables.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/vpc.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/vpc.tf
new file mode 100644
index 000000000..58f0f6e7b
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/eks.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/eks.tf
new file mode 100644
index 000000000..60dcc3ee6
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/eks.tf
@@ -0,0 +1,43 @@
+resource "aws_eks_cluster" "this" {
+  name     = "373_eks_cluster_red1"
+  role_arn = aws_iam_role.this.arn
+  
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-373-cluster-red1"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/provider.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/provider.tf
new file mode 100644
index 000000000..8d86951df
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-373-eks_control_plane_logging_enabled"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/terraform.tfvars b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/variables.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/vpc.tf b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/vpc.tf
new file mode 100644
index 000000000..58f0f6e7b
--- /dev/null
+++ b/terraform/ecc-aws-373-eks_control_plane_logging_enabled/red1/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/eks.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/eks.tf
new file mode 100644
index 000000000..9240c2e6f
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/eks.tf
@@ -0,0 +1,44 @@
+resource "aws_eks_cluster" "this" {
+  name     = "374_eks_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-373-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/provider.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/provider.tf
new file mode 100644
index 000000000..9257979bf
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/terraform.tfvars b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/variables.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/vpc.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/vpc.tf
new file mode 100644
index 000000000..bb0c6109d
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/green/vpc.tf
@@ -0,0 +1,47 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "374_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = [443, 10250]
+    content {
+      from_port = ingress.value
+      to_port   = ingress.value
+      protocol  = "tcp"
+      self      = true
+
+    }
+  }
+
+
+  dynamic "egress" {
+    for_each = [443, 10250]
+    content {
+      from_port = egress.value
+      to_port   = egress.value
+      protocol  = "tcp"
+      self      = true
+
+    }
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/iam/374-policy.json b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/iam/374-policy.json
new file mode 100644
index 000000000..2c4710620
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/iam/374-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "eks:ListClusters",
+                "eks:DescribeCluster",
+                "ec2:DescribeSecurityGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/eks.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/eks.tf
new file mode 100644
index 000000000..5cfc3a7ab
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/eks.tf
@@ -0,0 +1,44 @@
+resource "aws_eks_cluster" "this" {
+  name     = "374_eks_cluster_red"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids         = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    security_group_ids = [aws_security_group.this.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-373-cluster-red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/provider.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/provider.tf
new file mode 100644
index 000000000..281b05b96
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/terraform.tfvars b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/variables.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/vpc.tf b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/vpc.tf
new file mode 100644
index 000000000..ddb959289
--- /dev/null
+++ b/terraform/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red/vpc.tf
@@ -0,0 +1,43 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "374_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  dynamic "ingress" {
+    for_each = [443, 22]
+    content {
+      from_port = ingress.value
+      to_port   = ingress.value
+      protocol  = "tcp"
+      self      = true
+
+    }
+  }
+
+  egress {
+    from_port        = 0
+    to_port          = 0
+    protocol         = "-1"
+    cidr_blocks      = ["0.0.0.0/0"]
+    ipv6_cidr_blocks = ["::/0"]
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/eks.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/green/eks.tf
new file mode 100644
index 000000000..9358d6b5b
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/eks.tf
@@ -0,0 +1,51 @@
+resource "aws_eks_cluster" "this" {
+  name                      = "375_eks_cluster_green"
+  role_arn                  = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  
+  encryption_config {
+        resources = [ "secrets" ]
+        provider {
+            key_arn = aws_kms_key.this.arn
+        }
+    }
+
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-375-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/kms.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/green/kms.tf
new file mode 100644
index 000000000..debc35de2
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/kms.tf
@@ -0,0 +1,33 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/key-375"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+  
+}
+
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/provider.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/green/provider.tf
new file mode 100644
index 000000000..15e94e43d
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-375-eks_secrets_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/terraform.tfvars b/terraform/ecc-aws-375-eks_secrets_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/variables.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/green/vpc.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/green/vpc.tf
new file mode 100644
index 000000000..58f0f6e7b
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/iam/375-policy.json b/terraform/ecc-aws-375-eks_secrets_encrypted/iam/375-policy.json
new file mode 100644
index 000000000..4adc151cd
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/iam/375-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:DescribeCluster",
+                "eks:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/red/eks.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/red/eks.tf
new file mode 100644
index 000000000..88566ecc8
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/red/eks.tf
@@ -0,0 +1,43 @@
+resource "aws_eks_cluster" "this" {
+  name                      = "375_eks_cluster_red"
+  role_arn                  = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-375-cluster-red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/red/provider.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/red/provider.tf
new file mode 100644
index 000000000..e56bc3cc0
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-375-eks_secrets_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/red/terraform.tfvars b/terraform/ecc-aws-375-eks_secrets_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/red/variables.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-375-eks_secrets_encrypted/red/vpc.tf b/terraform/ecc-aws-375-eks_secrets_encrypted/red/vpc.tf
new file mode 100644
index 000000000..651e5cf1b
--- /dev/null
+++ b/terraform/ecc-aws-375-eks_secrets_encrypted/red/vpc.tf
@@ -0,0 +1,22 @@
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "375_aws_vpc_red"
+  }
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id = aws_vpc.this.id
+
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/green/ecr.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/ecr.tf
new file mode 100644
index 000000000..06dcedf88
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/ecr.tf
@@ -0,0 +1,4 @@
+resource "aws_ecr_repository" "this" {
+  name                 = "376_ecr_respository_green"
+  image_tag_mutability = "IMMUTABLE"
+}
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/green/provider.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/provider.tf
new file mode 100644
index 000000000..354422bf5
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-376-ecr_immutable_image_tags"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/green/terraform.tfvars b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/green/variables.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/iam/376-policy.json b/terraform/ecc-aws-376-ecr_immutable_image_tags/iam/376-policy.json
new file mode 100644
index 000000000..068fbe0d1
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/iam/376-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecr:DescribeRepositories",
+                "ecr:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/red/ecr.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/ecr.tf
new file mode 100644
index 000000000..eca77050c
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/ecr.tf
@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "this" {
+  name = "376_ecr_respository_red"
+}
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/red/provider.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/provider.tf
new file mode 100644
index 000000000..5122be00a
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-376-ecr_immutable_image_tags"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/red/terraform.tfvars b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-376-ecr_immutable_image_tags/red/variables.tf b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-376-ecr_immutable_image_tags/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/ecr.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/ecr.tf
new file mode 100644
index 000000000..298a51e6e
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/ecr.tf
@@ -0,0 +1,6 @@
+resource "aws_ecr_repository" "this" {
+  name = "377_ecr_respository_green"
+  encryption_configuration {
+    encryption_type = "KMS"
+  }
+}
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/provider.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..450e54067
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-377-ecr_repository_kms_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/variables.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/iam/377-policy.json b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/iam/377-policy.json
new file mode 100644
index 000000000..068fbe0d1
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/iam/377-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecr:DescribeRepositories",
+                "ecr:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/ecr.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/ecr.tf
new file mode 100644
index 000000000..3ac8b7b59
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/ecr.tf
@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "this" {
+  name = "377_ecr_respository_red"
+}
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/provider.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..1fca73b89
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-377-ecr_repository_kms_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/variables.tf b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-377-ecr_repository_kms_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/ecr.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/ecr.tf
new file mode 100644
index 000000000..c8bea1037
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/ecr.tf
@@ -0,0 +1,7 @@
+resource "aws_ecr_repository" "this" {
+  name           = "378_ecr_respository_green"
+
+  image_scanning_configuration {
+    scan_on_push = true
+  }
+}
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/provider.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/provider.tf
new file mode 100644
index 000000000..35d4ff90d
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-378-ecr_image_scanning_on_push_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/terraform.tfvars b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/variables.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/iam/378-policy.json b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/iam/378-policy.json
new file mode 100644
index 000000000..068fbe0d1
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/iam/378-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecr:DescribeRepositories",
+                "ecr:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/ecr.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/ecr.tf
new file mode 100644
index 000000000..e30d544cc
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/ecr.tf
@@ -0,0 +1,8 @@
+resource "aws_ecr_repository" "this" {
+  name           = "378_ecr_repository_red"
+
+
+  image_scanning_configuration {
+    scan_on_push = false
+  }
+}
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/provider.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/provider.tf
new file mode 100644
index 000000000..4dbdd3eb2
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-378-ecr_image_scanning_on_push_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/terraform.tfvars b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/variables.tf b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-378-ecr_image_scanning_on_push_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/provider.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/provider.tf
new file mode 100644
index 000000000..430f75a40
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/rds.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/rds.tf
new file mode 100644
index 000000000..e2de5543d
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/rds.tf
@@ -0,0 +1,34 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-379-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green379"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-379-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_rotation_age"
+    value = "60"
+  }
+}
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/terraform.tfvars b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/variables.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/iam/379-policy.json b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/iam/379-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/iam/379-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/provider.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/provider.tf
new file mode 100644
index 000000000..4f804d51b
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/rds.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/rds.tf
new file mode 100644
index 000000000..7036c32a5
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-379-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red379"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-379-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_rotation_age"
+    value = "120"
+  }
+}
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/terraform.tfvars b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/variables.tf b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/provider.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/provider.tf
new file mode 100644
index 000000000..be3b4a6f6
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/rds.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/rds.tf
new file mode 100644
index 000000000..58d7896f7
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/rds.tf
@@ -0,0 +1,34 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-380-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green380"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-380-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_rotation_size"
+    value = "1000000"
+  }
+
+}
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/variables.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/iam/380-policy.json b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/iam/380-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/iam/380-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/provider.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/provider.tf
new file mode 100644
index 000000000..4e77e9b6e
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/rds.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/rds.tf
new file mode 100644
index 000000000..9c5db4d00
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/rds.tf
@@ -0,0 +1,29 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-380-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red380"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-380-red"
+  family = "postgres13"
+
+}
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/variables.tf b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/provider.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..07dd48828
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-381-postgresql_debug_print_parse_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/rds.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..745904a26
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/rds.tf
@@ -0,0 +1,34 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-381-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                          = "green381"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-381-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_print_parse"
+    value = "0"
+  }
+
+}
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/variables.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/iam/381-policy.json b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/iam/381-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/iam/381-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/provider.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..3fa77b56d
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-381-postgresql_debug_print_parse_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/rds.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..17b190093
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-381-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red381"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-381-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_print_parse"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/variables.tf b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/provider.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..923d8a62c
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/rds.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..2f7249142
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-382-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green382"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-382-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_print_rewritten"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/variables.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/iam/382-policy.json b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/iam/382-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/iam/382-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/provider.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..131803d71
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/rds.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..11c696be8
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-382-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red382"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-382-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_print_rewritten"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/variables.tf b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/provider.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..e568fb9b9
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-383-postgresql_debug_print_plan_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/rds.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..7db042f07
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/rds.tf
@@ -0,0 +1,28 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-383-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green383"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-383-green"
+  family = "postgres13"
+
+}
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/variables.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/iam/383-policy.json b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/iam/383-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/iam/383-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/provider.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..fe3de325e
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-383-postgresql_debug_print_plan_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/rds.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..d24f6ada6
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-383-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red383"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-383-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_print_plan"
+    value = "1"
+  }
+
+}
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/variables.tf b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/provider.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..934faa9ce
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-384-postgresql_debug_pretty_print_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/rds.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..dd88d5943
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-384-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green384"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-384-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "debug_pretty_print"
+    value = "1"
+  }
+
+}
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/variables.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/iam/384-policy.json b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/iam/384-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/iam/384-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/provider.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..601d9666c
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-384-postgresql_debug_pretty_print_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/rds.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..2da6dda58
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/rds.tf
@@ -0,0 +1,26 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-384-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red384"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-384-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/variables.tf b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/provider.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..29c41822a
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-385-postgresql_log_connections_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/rds.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..76de7acf9
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-385-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green385"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-385-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_connections"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/variables.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/iam/385-policy.json b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/iam/385-policy.json
new file mode 100644
index 000000000..50941b53c
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/iam/385-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/provider.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..c358957df
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-385-postgresql_log_connections_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/rds.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..285e3f2bc
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/rds.tf
@@ -0,0 +1,26 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-385-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red385"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-385-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/variables.tf b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-385-postgresql_log_connections_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/provider.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..6b69e6a1c
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-386-postgresql_log_disconnections_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/rds.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..93d30757d
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-386-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green386"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-386-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_disconnections"
+    value = "1"
+  }
+
+}
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/variables.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/iam/386-policy.json b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/iam/386-policy.json
new file mode 100644
index 000000000..716801c09
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/iam/386-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/provider.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..7ef549a2b
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-386-postgresql_log_disconnections_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/rds.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..24ad00c7b
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/rds.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-386-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red386"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-386-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/variables.tf b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/provider.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/provider.tf
new file mode 100644
index 000000000..9cd6508c2
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/rds.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/rds.tf
new file mode 100644
index 000000000..1dc06836f
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-387-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green387"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-387-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_error_verbosity"
+    value = "default"
+  }
+
+}
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/variables.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/iam/387-policy.json b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/iam/387-policy.json
new file mode 100644
index 000000000..716801c09
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/iam/387-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/provider.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/provider.tf
new file mode 100644
index 000000000..db8b1517c
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/rds.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/rds.tf
new file mode 100644
index 000000000..2f7130289
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-387-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red387"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-387-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_error_verbosity"
+    value = "terse"
+  }
+}
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/variables.tf b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/provider.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..152de1ab9
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-388-postgresql_log_hostname_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/rds.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..bda4621df
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-388-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green388"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-388-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_hostname"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/variables.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/iam/388-policy.json b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/iam/388-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/iam/388-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/provider.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..a7ad3b2e7
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-388-postgresql_log_hostname_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/rds.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..f3747eafb
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-388-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green388"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-388-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_hostname"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/variables.tf b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-388-postgresql_log_hostname_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/provider.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/provider.tf
new file mode 100644
index 000000000..3185184e3
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-389-postgresql_log_statement_flag_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/rds.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/rds.tf
new file mode 100644
index 000000000..6502319a7
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-389-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green389"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-389-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+}
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/variables.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/iam/389-policy.json b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/iam/389-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/iam/389-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/provider.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/provider.tf
new file mode 100644
index 000000000..fc4097fe7
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-389-postgresql_log_statement_flag_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/rds.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/rds.tf
new file mode 100644
index 000000000..d63f836ff
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-389-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green389"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-389-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_statement"
+    value = "none"
+  }
+}
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/variables.tf b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/provider.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/provider.tf
new file mode 100644
index 000000000..cd5c119df
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/rds.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/rds.tf
new file mode 100644
index 000000000..79aa7eea2
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-390-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green390"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-390-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_destination"
+    value = "csvlog"
+  }
+}
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/terraform.tfvars b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/variables.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/iam/390-policy.json b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/iam/390-policy.json
new file mode 100644
index 000000000..716801c09
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/iam/390-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/provider.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/provider.tf
new file mode 100644
index 000000000..aac0297a3
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/rds.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/rds.tf
new file mode 100644
index 000000000..767c37c80
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/rds.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-390-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red390"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-390-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/terraform.tfvars b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/variables.tf b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/provider.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..3d34b5f08
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-391-postgresql_log_checkpoints_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/rds.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..e1441f789
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-391-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green391"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-391-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_checkpoints"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/variables.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/iam/391-policy.json b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/iam/391-policy.json
new file mode 100644
index 000000000..716801c09
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/iam/391-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/provider.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..3bfc8c6f0
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-391-postgresql_log_checkpoints_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/rds.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..c226b2714
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-391-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red391"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-391-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_checkpoints"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/variables.tf b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/provider.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..b6abd96c3
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-392-postgresql_log_lock_waits_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/rds.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..f8e203618
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-392-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green392"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-392-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_lock_waits"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/variables.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/iam/392-policy.json b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/iam/392-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/iam/392-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/provider.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..475db2733
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-392-postgresql_log_lock_waits_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/rds.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..8800dbf19
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/rds.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-392-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green392"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-392-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/variables.tf b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/provider.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..f505f355c
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-393-postgresql_log_duration_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/rds.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..efb26167d
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-393-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green393"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-393-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_duration"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/variables.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/iam/393-policy.json b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/iam/393-policy.json
new file mode 100644
index 000000000..716801c09
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/iam/393-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/provider.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..c55177ac6
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-393-postgresql_log_duration_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/rds.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..bb36c1346
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/rds.tf
@@ -0,0 +1,27 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-393-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red393"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-393-red"
+  family = "postgres13"
+}
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/variables.tf b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-393-postgresql_log_duration_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/provider.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/provider.tf
new file mode 100644
index 000000000..07f434978
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-394-transit_gateway_default_route_table_association_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/terraform.tfvars b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/transit_gateway.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/transit_gateway.tf
new file mode 100644
index 000000000..f84116e1e
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  default_route_table_association = "disable"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/variables.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/iam/394-policy.json b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/iam/394-policy.json
new file mode 100644
index 000000000..b1057eb14
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/iam/394-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeTransitGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/provider.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/provider.tf
new file mode 100644
index 000000000..9a1b403d5
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-394-transit_gateway_default_route_table_association_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/terraform.tfvars b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/transit_gateway.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/transit_gateway.tf
new file mode 100644
index 000000000..8b0722b7c
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  default_route_table_association = "enable"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/variables.tf b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/provider.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/provider.tf
new file mode 100644
index 000000000..022d81b38
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-395-transit_gateway_default_route_table_propagation_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/terraform.tfvars b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/transit_gateway.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/transit_gateway.tf
new file mode 100644
index 000000000..5a55930b1
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  default_route_table_propagation = "disable"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/variables.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/iam/395-policy.json b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/iam/395-policy.json
new file mode 100644
index 000000000..b1057eb14
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/iam/395-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeTransitGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/provider.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/provider.tf
new file mode 100644
index 000000000..ddd0fc8a5
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-395-transit_gateway_default_route_table_propagation_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/terraform.tfvars b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/transit_gateway.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/transit_gateway.tf
new file mode 100644
index 000000000..8b0722b7c
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  default_route_table_association = "enable"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/variables.tf b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/api.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/api.tf
new file mode 100644
index 000000000..2ab27db45
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/api.tf
@@ -0,0 +1,84 @@
+resource "aws_wafregional_ipset" "this" {
+  name = "wafIpset396Green"
+
+  ip_set_descriptor {
+    type  = "IPV4"
+    value = "192.0.7.0/24"
+  }
+}
+
+resource "aws_wafregional_rule" "this" {
+  name        = "wafRule396Green"
+  metric_name = "wafRule396Green"
+
+  predicate {
+    data_id = aws_wafregional_ipset.this.id
+    negated = false
+    type    = "IPMatch"
+  }
+}
+
+resource "aws_wafregional_web_acl" "this" {
+  name        = "wafWebAcl396Green"
+  metric_name = "wafWebAcl396Green"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rule {
+    action {
+      type = "BLOCK"
+    }
+
+    priority = 1
+    rule_id  = aws_wafregional_rule.this.id
+  }
+}
+
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi396Green"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi396Green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "apiGatewayStage396Green"
+}
+
+resource "aws_wafregional_web_acl_association" "this" {
+  resource_arn = aws_api_gateway_stage.this.arn
+  web_acl_id   = aws_wafregional_web_acl.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/provider.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/provider.tf
new file mode 100644
index 000000000..dad3f3f4c
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-396-rest_api_gateway_is_protected_by_waf"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/terraform.tfvars b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/variables.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/iam/396-policy.json b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/iam/396-policy.json
new file mode 100644
index 000000000..d9f23055a
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/iam/396-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/api.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/api.tf
new file mode 100644
index 000000000..28a4ca219
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/api.tf
@@ -0,0 +1,41 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi396Red"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi396Red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "apiGatewayStage396Red"
+}
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/provider.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/provider.tf
new file mode 100644
index 000000000..0ea21d67c
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-396-rest_api_gateway_is_protected_by_waf"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/terraform.tfvars b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/variables.tf b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/api.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/api.tf
new file mode 100644
index 000000000..9e3e4c2ff
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/api.tf
@@ -0,0 +1,41 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi397Green"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+  minimum_compression_size = 100
+  name                     = "apiGatewayRestApi397Green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "apiGatewayStage397Green"
+}
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/provider.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/provider.tf
new file mode 100644
index 000000000..ae933fb99
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-397-rest_api_gateway_contend_encoding_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/terraform.tfvars b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/variables.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/iam/397-policy.json b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/iam/397-policy.json
new file mode 100644
index 000000000..3bc2c3fa4
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/iam/397-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/api.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/api.tf
new file mode 100644
index 000000000..69a1b3036
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/api.tf
@@ -0,0 +1,41 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi397Red"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+  minimum_compression_size = -1
+  name                     = "apiGatewayRestApi397Red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "apiGatewayStage397Red"
+}
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/provider.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/provider.tf
new file mode 100644
index 000000000..31866b663
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-397-rest_api_gateway_contend_encoding_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/terraform.tfvars b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/variables.tf b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/api.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/api.tf
new file mode 100644
index 000000000..35a2df819
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/api.tf
@@ -0,0 +1,43 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi398Green"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi398Green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "apiGatewayStage398Green"
+  cache_cluster_enabled = true
+  cache_cluster_size    = "0.5"
+}
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/provider.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/provider.tf
new file mode 100644
index 000000000..0c581532d
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-398-rest_api_gateway_cache_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/terraform.tfvars b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/variables.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/iam/398-policy.json b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/iam/398-policy.json
new file mode 100644
index 000000000..d9f23055a
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/iam/398-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/api.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/api.tf
new file mode 100644
index 000000000..d19c5ae00
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/api.tf
@@ -0,0 +1,41 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi398Red"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi398Red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "apiGatewayStage398Red"
+}
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/provider.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/provider.tf
new file mode 100644
index 000000000..9728b61c4
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-398-rest_api_gateway_cache_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/terraform.tfvars b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/variables.tf b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-398-rest_api_gateway_cache_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/glue.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/glue.tf
new file mode 100644
index 000000000..5947effc0
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/glue.tf
@@ -0,0 +1,11 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "SSE-KMS"
+    }
+
+    connection_password_encryption {
+      return_connection_password_encrypted = false
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/provider.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/provider.tf
new file mode 100644
index 000000000..0edc9dac1
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-400-glue_data_catalog_encrypted_at_rest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/terraform.tfvars b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/variables.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/iam/400-policy.json b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/iam/400-policy.json
new file mode 100644
index 000000000..423cb07ce
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/iam/400-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetDataCatalogEncryptionSettings"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/glue.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/glue.tf
new file mode 100644
index 000000000..7bb96bf7f
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/glue.tf
@@ -0,0 +1,10 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "DISABLED"
+    }
+    connection_password_encryption {
+      return_connection_password_encrypted = false
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/provider.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/provider.tf
new file mode 100644
index 000000000..5a18ea5c1
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-400-glue_data_catalog_encrypted_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/terraform.tfvars b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/variables.tf b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/glue.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/glue.tf
new file mode 100644
index 000000000..867b4b5a8
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/glue.tf
@@ -0,0 +1,17 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "SSE-KMS"
+      sse_aws_kms_key_id      = aws_kms_key.this.arn
+    }
+
+    connection_password_encryption {
+      return_connection_password_encrypted = false
+    }
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "401_kms_key_green"
+  deletion_window_in_days = 7
+}
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/provider.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/provider.tf
new file mode 100644
index 000000000..82a9ca641
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/terraform.tfvars b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/variables.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/iam/401-policy.json b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/iam/401-policy.json
new file mode 100644
index 000000000..298b8252f
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/iam/401-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetDataCatalogEncryptionSettings",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/glue.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/glue.tf
new file mode 100644
index 000000000..cfc747fdc
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/glue.tf
@@ -0,0 +1,10 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "SSE-KMS"
+    }
+    connection_password_encryption {
+      return_connection_password_encrypted = false
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/provider.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/provider.tf
new file mode 100644
index 000000000..9239d6095
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/terraform.tfvars b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/variables.tf b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/glue.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/glue.tf
new file mode 100644
index 000000000..9593c4b29
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/glue.tf
@@ -0,0 +1,22 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "402_security_configuration_green"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "CSE-KMS"
+      kms_key_arn = data.aws_kms_key.this.arn
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
+
+data "aws_kms_key" "this" {
+  key_id = "alias/aws/glue"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/provider.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/provider.tf
new file mode 100644
index 000000000..64acfa682
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-402-glue_job_bookmarks_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/terraform.tfvars b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/variables.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/iam/402-policy.json b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/iam/402-policy.json
new file mode 100644
index 000000000..54b41a0d3
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/iam/402-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetSecurityConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/glue.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/glue.tf
new file mode 100644
index 000000000..e31502fd7
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/glue.tf
@@ -0,0 +1,18 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "402_security_configuration_red"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/provider.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/provider.tf
new file mode 100644
index 000000000..aebd13ffa
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-402-glue_job_bookmarks_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/terraform.tfvars b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/variables.tf b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-402-glue_job_bookmarks_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/glue.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/glue.tf
new file mode 100644
index 000000000..f3f43c61e
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/glue.tf
@@ -0,0 +1,22 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "403_security_configuration_green"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "SSE-KMS"
+      kms_key_arn                = data.aws_kms_key.this.arn
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
+
+data "aws_kms_key" "this" {
+  key_id = "alias/aws/glue"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/provider.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/provider.tf
new file mode 100644
index 000000000..a14f49093
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-403-glue_cloudwatch_logs_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/terraform.tfvars b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/variables.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/iam/403-policy.json b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/iam/403-policy.json
new file mode 100644
index 000000000..54b41a0d3
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/iam/403-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetSecurityConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/glue.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/glue.tf
new file mode 100644
index 000000000..634ee233b
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/glue.tf
@@ -0,0 +1,18 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "403_security_configuration_red"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/provider.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/provider.tf
new file mode 100644
index 000000000..62978f042
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-403-glue_cloudwatch_logs_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/terraform.tfvars b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/variables.tf b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-403-glue_cloudwatch_logs_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/glue.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/glue.tf
new file mode 100644
index 000000000..1763bd64f
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/glue.tf
@@ -0,0 +1,22 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "404_security_configuration_green"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "SSE-KMS"
+      kms_key_arn = data.aws_kms_key.this.arn
+    }
+  }
+}
+
+data "aws_kms_key" "this" {
+  key_id = "alias/aws/s3"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/provider.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..69e2a40ca
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-404-glue_s3_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/variables.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/iam/404-policy.json b/terraform/ecc-aws-404-glue_s3_encryption_enabled/iam/404-policy.json
new file mode 100644
index 000000000..d6c05a9d0
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/iam/404-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetSecurityConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/glue.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/glue.tf
new file mode 100644
index 000000000..8e7d8b6d2
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/glue.tf
@@ -0,0 +1,17 @@
+resource "aws_glue_security_configuration" "this" {
+  name = "404_security_configuration_red"
+
+  encryption_configuration {
+    cloudwatch_encryption {
+      cloudwatch_encryption_mode = "DISABLED"
+    }
+
+    job_bookmarks_encryption {
+      job_bookmarks_encryption_mode = "DISABLED"
+    }
+
+    s3_encryption {
+      s3_encryption_mode = "DISABLED"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/provider.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..dae851186
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-404-glue_s3_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/variables.tf b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-404-glue_s3_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/emr.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/emr.tf
new file mode 100644
index 000000000..5484cd6ae
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/emr.tf
@@ -0,0 +1,67 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "405_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+  security_configuration = "${aws_emr_security_configuration.this.name}"
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "405_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "405_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  kerberos_attributes {
+    kdc_admin_password = random_password.this.result
+    cross_realm_trust_principal_password = random_password.this.result
+    realm              = "EC2.INTERNAL"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "aws_emr_security_configuration" "this" {
+  name = "405_kerberos_green"
+
+  configuration = <<EOF
+{
+  "AuthenticationConfiguration": {
+    "KerberosConfiguration": {
+      "Provider": "ClusterDedicatedKdc",
+      "ClusterDedicatedKdcConfiguration": {
+        "TicketLifetimeInHours": 24,
+        "CrossRealmTrustConfiguration": {
+          "Realm": "AD.DOMAIN.COM",
+          "Domain": "ad.domain.com",
+          "AdminServer": "ad.domain.com",
+          "KdcServer": "ad.domain.com"
+        }
+      }
+    }
+  }
+}
+EOF
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/iam.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/iam.tf
new file mode 100644
index 000000000..905367b6c
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "405_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "405_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "405_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/provider.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/provider.tf
new file mode 100644
index 000000000..00a2fa09f
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-405-emr_kerberos_authentication_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/terraform.tfvars b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/variables.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/vpc.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/vpc.tf
new file mode 100644
index 000000000..abfc7348d
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/green/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "405_vpc_green"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "405_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/iam/405-policy.json b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/iam/405-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/iam/405-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/emr.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/emr.tf
new file mode 100644
index 000000000..9f2ddc990
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/emr.tf
@@ -0,0 +1,31 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "405_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "405_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "405_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/iam.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/iam.tf
new file mode 100644
index 000000000..c3d31af4b
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "405_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "405_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "405_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/provider.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/provider.tf
new file mode 100644
index 000000000..d42493343
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-405-emr_kerberos_authentication_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/terraform.tfvars b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/variables.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/vpc.tf b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/vpc.tf
new file mode 100644
index 000000000..2e9f48ff4
--- /dev/null
+++ b/terraform/ecc-aws-405-emr_kerberos_authentication_enabled/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "405_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "405_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/emr.tf b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/emr.tf
new file mode 100644
index 000000000..1913191f7
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/emr.tf
@@ -0,0 +1,30 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "407_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "407_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "407_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/iam.tf b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/iam.tf
new file mode 100644
index 000000000..c3ed69fb2
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "407_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "407_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "407_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/provider.tf b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/provider.tf
new file mode 100644
index 000000000..300be9d00
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-407-emr_clusters_in_vpc"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/terraform.tfvars b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/variables.tf b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/green/vpc.tf b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/vpc.tf
new file mode 100644
index 000000000..b02c3c230
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/green/vpc.tf
@@ -0,0 +1,45 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "407_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-407-emr_clusters_in_vpc/iam/407-policy.json b/terraform/ecc-aws-407-emr_clusters_in_vpc/iam/407-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-407-emr_clusters_in_vpc/iam/407-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/emr.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/emr.tf
new file mode 100644
index 000000000..c37dee080
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/emr.tf
@@ -0,0 +1,42 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "408_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+  log_uri                           = "s3://${aws_s3_bucket.this.id}/"
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "408_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "408_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-408-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/iam.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/iam.tf
new file mode 100644
index 000000000..a1a737d74
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "408_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "408_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "408_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/provider.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/provider.tf
new file mode 100644
index 000000000..b571f0525
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-408-emr_logging_to_s3_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/terraform.tfvars b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/variables.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/vpc.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/vpc.tf
new file mode 100644
index 000000000..d437ce669
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/green/vpc.tf
@@ -0,0 +1,45 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "408_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/iam/408-policy.json b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/iam/408-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/iam/408-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/emr.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/emr.tf
new file mode 100644
index 000000000..385d0608b
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/emr.tf
@@ -0,0 +1,32 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "408_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "408_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "408_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/iam.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/iam.tf
new file mode 100644
index 000000000..6c3059c30
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "408_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "408_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "408_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/provider.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/provider.tf
new file mode 100644
index 000000000..8b2d8218c
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-408-emr_logging_to_s3_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/terraform.tfvars b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/variables.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/vpc.tf b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/vpc.tf
new file mode 100644
index 000000000..5ffdb744d
--- /dev/null
+++ b/terraform/ecc-aws-408-emr_logging_to_s3_enabled/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "408_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "408_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/internet-gateway.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/internet-gateway.tf
new file mode 100644
index 000000000..b34416238
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/internet-gateway.tf
@@ -0,0 +1,7 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/provider.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/provider.tf
new file mode 100644
index 000000000..b5e13b078
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-409-vpc_unused_internet_gateway"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/terraform.tfvars b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/variables.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/iam/409-policy.json b/terraform/ecc-aws-409-vpc_unused_internet_gateway/iam/409-policy.json
new file mode 100644
index 000000000..f51976580
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/iam/409-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeInternetGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/internet-gateway.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/internet-gateway.tf
new file mode 100644
index 000000000..0c97bc2a5
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/internet-gateway.tf
@@ -0,0 +1,2 @@
+resource "aws_internet_gateway" "this" {
+}
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/provider.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/provider.tf
new file mode 100644
index 000000000..0188e1f7b
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-409-vpc_unused_internet_gateway"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/terraform.tfvars b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/variables.tf b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-409-vpc_unused_internet_gateway/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/green/provider.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/provider.tf
new file mode 100644
index 000000000..a9d909df0
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-411-unused_virtual_private_gateways"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/green/terraform.tfvars b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/green/variables.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/green/vpg.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/vpg.tf
new file mode 100644
index 000000000..7d8fd42e7
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/green/vpg.tf
@@ -0,0 +1,7 @@
+resource "aws_vpn_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/iam/411-policy.json b/terraform/ecc-aws-411-unused_virtual_private_gateways/iam/411-policy.json
new file mode 100644
index 000000000..27b1c8599
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/iam/411-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpnGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/red/provider.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/provider.tf
new file mode 100644
index 000000000..343140954
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-411-unused_virtual_private_gateways"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/red/terraform.tfvars b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/red/variables.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-411-unused_virtual_private_gateways/red/vpg.tf b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/vpg.tf
new file mode 100644
index 000000000..19fb051f6
--- /dev/null
+++ b/terraform/ecc-aws-411-unused_virtual_private_gateways/red/vpg.tf
@@ -0,0 +1,7 @@
+resource "aws_vpn_gateway" "vpn_gw" {
+
+  tags = {
+    Name = "411-vpn-gateway-red"
+  }
+}
+
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/elasticache.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/elasticache.tf
new file mode 100644
index 000000000..da36acda3
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/elasticache.tf
@@ -0,0 +1,7 @@
+resource "aws_elasticache_cluster" "memcached" {
+  cluster_id               = "c7n-413-elasticache-memcached-cluster-green"
+  engine                   = "memcached"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 11211
+}
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/provider.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/provider.tf
new file mode 100644
index 000000000..c9bbd0ee3
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-413-elasticache_previous_generation_instances_not_used"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/terraform.tfvars b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/variables.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/iam/413-policy.json b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/iam/413-policy.json
new file mode 100644
index 000000000..308fe3350
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/iam/413-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/elasticache.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/elasticache.tf
new file mode 100644
index 000000000..b93fc5178
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/elasticache.tf
@@ -0,0 +1,9 @@
+# 26.04.2022 Terraform cannot launch ElastiCache Cache Cluster with previous generation node type
+resource "aws_elasticache_cluster" "redis" {
+  cluster_id               = "c7n-413-elasticache-redis-cluster-red"
+  engine                   = "redis"
+  engine_version           = "5.0.6"
+  node_type                = "cache.m3.medium"
+  num_cache_nodes          = 1
+  port                     = 6379
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/provider.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/provider.tf
new file mode 100644
index 000000000..75d929813
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-413-elasticache_previous_generation_instances_not_used"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/terraform.tfvars b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/variables.tf b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-413-elasticache_previous_generation_instances_not_used/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/green/elasticache.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/green/elasticache.tf
new file mode 100644
index 000000000..c14688ac7
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/green/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id               = "c7n-414-elasticache-cluster-green"
+  engine                   = "redis"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 6379
+  snapshot_retention_limit = 7
+}
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/green/provider.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/green/provider.tf
new file mode 100644
index 000000000..bce285a8b
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-414-elasticache_automatic_backups"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/green/terraform.tfvars b/terraform/ecc-aws-414-elasticache_automatic_backups/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/green/variables.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/iam/414-policy.json b/terraform/ecc-aws-414-elasticache_automatic_backups/iam/414-policy.json
new file mode 100644
index 000000000..51960c3c7
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/iam/414-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/red/elasticache.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/red/elasticache.tf
new file mode 100644
index 000000000..302f99089
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/red/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id               = "c7n-414-elasticache-cluster-red"
+  engine                   = "redis"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 6379
+  snapshot_retention_limit = 0
+}
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/red/provider.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/red/provider.tf
new file mode 100644
index 000000000..8c1d2f52a
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-414-elasticache_automatic_backups"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/red/terraform.tfvars b/terraform/ecc-aws-414-elasticache_automatic_backups/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-414-elasticache_automatic_backups/red/variables.tf b/terraform/ecc-aws-414-elasticache_automatic_backups/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-414-elasticache_automatic_backups/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/elasticache.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/elasticache.tf
new file mode 100644
index 000000000..9d5e2d68b
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/elasticache.tf
@@ -0,0 +1,15 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "c7n-415-elasticache-cluster-green"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-415-elasticache-group-green"
+  description                   = "415_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+
+  transit_encryption_enabled    = true
+}
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/provider.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/provider.tf
new file mode 100644
index 000000000..d014dfb44
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-415-elasticache_encrypted_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/terraform.tfvars b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/variables.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/iam/415-policy.json b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/iam/415-policy.json
new file mode 100644
index 000000000..51960c3c7
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/iam/415-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/elasticache.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/elasticache.tf
new file mode 100644
index 000000000..6c72b89a7
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/elasticache.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "c7n-415-elasticache-cluster-red"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-415-elasticache-group-red"
+  description                   = "415_elasticache_group_red"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+}
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/provider.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/provider.tf
new file mode 100644
index 000000000..6b4d9a4d5
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-415-elasticache_encrypted_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/terraform.tfvars b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/variables.tf b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-415-elasticache_encrypted_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/elasticache.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/elasticache.tf
new file mode 100644
index 000000000..dd0c9250a
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/elasticache.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-416-elasticache-group-green"
+  description                   = "416_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+  at_rest_encryption_enabled    = true
+  kms_key_id                    = aws_kms_key.this.arn 
+}
+
+resource "aws_kms_key" "this" {
+  description             = "416_kms_key_green"
+  deletion_window_in_days = 7
+}
+
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/provider.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/provider.tf
new file mode 100644
index 000000000..6fa5803a7
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-416-elasticache_encrypted_at_rest_using_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/terraform.tfvars b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/variables.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
new file mode 100644
index 000000000..5cd48688c
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "elasticache:DescribeReplicationGroups"
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/elasticache.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/elasticache.tf
new file mode 100644
index 000000000..fe3ed0e55
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-416-elasticache-group-red"
+  description                   = "416_elasticache_group_red"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/provider.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/provider.tf
new file mode 100644
index 000000000..a39b8e937
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-416-elasticache_encrypted_at_rest_using_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/terraform.tfvars b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/variables.tf b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/elasticache.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/elasticache.tf
new file mode 100644
index 000000000..b0a800dba
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/elasticache.tf
@@ -0,0 +1,12 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-418-elasticache-group-green"
+  description                   = "418_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 2
+  port                          = 6379
+  subnet_group_name             = "c7n-418-elasticache-subnet-green"
+  multi_az_enabled              = true
+  automatic_failover_enabled    = true
+  depends_on = [aws_elasticache_subnet_group.this]
+}
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/provider.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/provider.tf
new file mode 100644
index 000000000..cf284ecf5
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-418-elasticache_redis_multi_az_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/terraform.tfvars b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/variables.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/vpc.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/vpc.tf
new file mode 100644
index 000000000..dde235ac3
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/green/vpc.tf
@@ -0,0 +1,22 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
+
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1b"
+}
+
+
+resource "aws_elasticache_subnet_group" "this" {
+  name       = "c7n-418-elasticache-subnet-green"
+  subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+}
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/iam/418-policy.json b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/iam/418-policy.json
new file mode 100644
index 000000000..5897299e0
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/iam/418-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeReplicationGroups",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/elasticache.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/elasticache.tf
new file mode 100644
index 000000000..15c257780
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-418-elasticache-group-red"
+  description                   = "418_elasticache_group_red"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+}
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/provider.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/provider.tf
new file mode 100644
index 000000000..483d4d700
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-418-elasticache_redis_multi_az_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/terraform.tfvars b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/variables.tf b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-418-elasticache_redis_multi_az_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/elasticache.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/elasticache.tf
new file mode 100644
index 000000000..bbe8bd900
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/elasticache.tf
@@ -0,0 +1,21 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-419-elasticache-group-green"
+  description                   = "419_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+  transit_encryption_enabled    = true
+  auth_token                    = random_password.this.result
+  subnet_group_name             = "c7n-419-elasticache-subnet-green"
+
+  depends_on = [aws_elasticache_subnet_group.this]
+}
+
+resource "random_password" "this" {
+  length           = 18
+  min_lower        = 1
+  min_upper        = 1
+  min_numeric      = 1
+  special          = false
+}
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/provider.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/provider.tf
new file mode 100644
index 000000000..7040c2183
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-419-elasticache_redis_auth_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/terraform.tfvars b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/variables.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/vpc.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/vpc.tf
new file mode 100644
index 000000000..91a6b5a83
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/green/vpc.tf
@@ -0,0 +1,14 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_elasticache_subnet_group" "this" {
+  name       = "c7n-419-elasticache-subnet-green"
+  subnet_ids = [aws_subnet.this.id]
+}
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/iam/419-policy.json b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/iam/419-policy.json
new file mode 100644
index 000000000..51960c3c7
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/iam/419-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/elasticache.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/elasticache.tf
new file mode 100644
index 000000000..aa3a761b9
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-419-elasticache-group-red"
+  description                   = "419_elasticache_group_red"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+}
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/provider.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/provider.tf
new file mode 100644
index 000000000..bce36270d
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-419-elasticache_redis_auth_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/terraform.tfvars b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/variables.tf b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-419-elasticache_redis_auth_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/green/elasticache.tf b/terraform/ecc-aws-420-elasticache_latest_version/green/elasticache.tf
new file mode 100644
index 000000000..13c361f6b
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/green/elasticache.tf
@@ -0,0 +1,15 @@
+resource "aws_elasticache_cluster" "redis" {
+  cluster_id               = "c7n-420-elasticache-redis-cluster-green"
+  engine                   = "redis"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 6379
+}
+
+resource "aws_elasticache_cluster" "memcached" {
+  cluster_id               = "c7n-420-elasticache-memcached-cluster-green"
+  engine                   = "memcached"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 11211
+}
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/green/provider.tf b/terraform/ecc-aws-420-elasticache_latest_version/green/provider.tf
new file mode 100644
index 000000000..b5701f57f
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-420-elasticache_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/green/terraform.tfvars b/terraform/ecc-aws-420-elasticache_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/green/variables.tf b/terraform/ecc-aws-420-elasticache_latest_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/iam/420-policy.json b/terraform/ecc-aws-420-elasticache_latest_version/iam/420-policy.json
new file mode 100644
index 000000000..308fe3350
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/iam/420-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/red/elasticache.tf b/terraform/ecc-aws-420-elasticache_latest_version/red/elasticache.tf
new file mode 100644
index 000000000..d967934d6
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/red/elasticache.tf
@@ -0,0 +1,17 @@
+resource "aws_elasticache_cluster" "redis" {
+  cluster_id               = "c7n-420-elasticache-redis-cluster-red"
+  engine                   = "redis"
+  engine_version           = "5.0.6"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 6379
+}
+
+resource "aws_elasticache_cluster" "memcached" {
+  cluster_id               = "c7n-420-elasticache-memcached-cluster-red"
+  engine                   = "memcached"
+  engine_version           = "1.5.16"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 11211
+}
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/red/provider.tf b/terraform/ecc-aws-420-elasticache_latest_version/red/provider.tf
new file mode 100644
index 000000000..e4e32e3a1
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-420-elasticache_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/red/terraform.tfvars b/terraform/ecc-aws-420-elasticache_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-420-elasticache_latest_version/red/variables.tf b/terraform/ecc-aws-420-elasticache_latest_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-420-elasticache_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/es.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/es.tf
new file mode 100755
index 000000000..fbfe8bb4c
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/es.tf
@@ -0,0 +1,63 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "425_cloudwatch_log_group_green"
+}
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_name = "425_policy_green"
+
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": [
+       "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+      ]
+    }
+  ]
+}
+CONFIG
+}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-425-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+
+  domain_endpoint_options {
+    enforce_https       = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+  }
+
+  log_publishing_options {
+    cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+    log_type                 = "INDEX_SLOW_LOGS"
+    enabled                  = true
+  }
+
+    log_publishing_options {
+    cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+    log_type                 = "SEARCH_SLOW_LOGS"
+    enabled                  = true
+  }
+}
+
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/provider.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/provider.tf
new file mode 100755
index 000000000..e559e6274
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-425-elasticsearch_slow_logs_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/terraform.tfvars b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/terraform.tfvars
new file mode 100755
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/variables.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/variables.tf
new file mode 100755
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/iam/425-policy.json b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/iam/425-policy.json
new file mode 100644
index 000000000..cfa3cc4e1
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/iam/425-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeElasticsearchDomains",
+                "es:ListDomainNames",
+                "es:DescribeDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/es.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/es.tf
new file mode 100755
index 000000000..71fa35605
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/es.tf
@@ -0,0 +1,58 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "425_cloudwatch_log_group_red"
+}
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_name = "425_policy_red"
+
+  policy_document = <<CONFIG
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "es.amazonaws.com"
+      },
+      "Action": [
+        "logs:PutLogEvents",
+        "logs:PutLogEventsBatch",
+        "logs:CreateLogStream"
+      ],
+      "Resource": [
+       "arn:aws:logs:${var.default-region}:${data.aws_caller_identity.this.account_id}:log-group:${aws_cloudwatch_log_group.this.name}:log-stream:*"
+      ]
+    }
+  ]
+}
+CONFIG
+}
+
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-425-red"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type = "t3.small.elasticsearch"
+  }
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+
+  domain_endpoint_options {
+    enforce_https       = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+  }
+
+    log_publishing_options {
+    cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+    log_type                 = "SEARCH_SLOW_LOGS"
+    enabled                  = true
+  }
+
+  depends_on=[aws_cloudwatch_log_group.this, aws_cloudwatch_log_resource_policy.this]
+}
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/provider.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/provider.tf
new file mode 100755
index 000000000..e73fe59e5
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-425-elasticsearch_slow_logs_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/terraform.tfvars b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/terraform.tfvars
new file mode 100755
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/variables.tf b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/variables.tf
new file mode 100755
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-425-elasticsearch_slow_logs_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/elasticache.tf b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/elasticache.tf
new file mode 100644
index 000000000..7ff8fef78
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/elasticache.tf
@@ -0,0 +1,26 @@
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "elasticache-group-427-green"
+  description                   = "427_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+  transit_encryption_enabled    = true
+  auth_token                    = random_password.this.result
+  subnet_group_name             = "elasticache-subnet-427-green"
+  depends_on = [aws_elasticache_subnet_group.this]
+}
+
+resource "random_password" "this" {
+  length      = 18
+  min_lower   = 1
+  min_upper   = 1
+  min_numeric = 1
+  special     = false
+}
+
+
+resource "aws_elasticache_subnet_group" "this" {
+  name       = "elasticache-subnet-427-green"
+  subnet_ids = [aws_subnet.this.id]
+}
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/provider.tf b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/provider.tf
new file mode 100644
index 000000000..fc7df0338
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-427-elasticache_auth_token_rotated_every_90_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/terraform.tfvars b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/variables.tf b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/vpc.tf b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/vpc.tf
new file mode 100644
index 000000000..ae68ebf03
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green/vpc.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.0.0/24"
+  availability_zone = "us-east-1a"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/iam/427-policy.json b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/iam/427-policy.json
new file mode 100644
index 000000000..308fe3350
--- /dev/null
+++ b/terraform/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/iam/427-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/elasticsearch.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/elasticsearch.tf
new file mode 100644
index 000000000..4b006b0bf
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/elasticsearch.tf
@@ -0,0 +1,47 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-429-green"
+  elasticsearch_version = "OpenSearch_1.1"
+  
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+
+  encrypt_at_rest {
+    enabled    = true
+    kms_key_id = aws_kms_key.this.arn
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Elasticsearch"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/429-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..8ca3688c8
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-432-elasticsearch_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/iam/429-policy.json b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/iam/429-policy.json
new file mode 100644
index 000000000..b99131c3f
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/iam/429-policy.json
@@ -0,0 +1,18 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags",
+				"kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/elasticsearch.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/elasticsearch.tf
new file mode 100644
index 000000000..c93be3c6f
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/elasticsearch.tf
@@ -0,0 +1,14 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-429-red"
+  elasticsearch_version = "OpenSearch_1.1"
+  
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+
+  encrypt_at_rest {
+    enabled    = true
+  }
+}
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..706c0ca1d
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-429-elasticsearch_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/asg.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/asg.tf
new file mode 100644
index 000000000..53f286406
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/asg.tf
@@ -0,0 +1,41 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "430_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "430-autoscaling_group-green"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-430-autoscaling_group_cooldown_period"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                = "ComplianceStatus"
+        value               = "Green"
+        propagate_at_launch = true
+  } 
+  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/provider.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/provider.tf
new file mode 100644
index 000000000..f59809df6
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-430-autoscaling_group_cooldown_period"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/terraform.tfvars b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/variables.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/iam/430-policy.json b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/iam/430-policy.json
new file mode 100644
index 000000000..de2970768
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/iam/430-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "autoscaling:DescribeAutoScalingGroups",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/asg.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/asg.tf
new file mode 100644
index 000000000..141d1b849
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/asg.tf
@@ -0,0 +1,43 @@
+# If Cooldown period hasn't been set from the first time, run "terraform apply" again, it should be updated.
+resource "aws_launch_template" "this" {
+  name_prefix   = "430_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name              = "430-autoscaling_group-red"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+  default_cooldown   = "0"
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-430-autoscaling_group_cooldown_period"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                = "ComplianceStatus"
+        value               = "Red"
+        propagate_at_launch = true
+  }  
+  
+}
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/provider.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/provider.tf
new file mode 100644
index 000000000..3f52f013e
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-430-autoscaling_group_cooldown_period"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/terraform.tfvars b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/variables.tf b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-430-autoscaling_group_cooldown_period/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/green/elasticsearch.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/elasticsearch.tf
new file mode 100644
index 000000000..3f642f284
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/elasticsearch.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-431-green"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+  cluster_config {
+    instance_type = "t2.small.elasticsearch"
+  }
+
+  domain_endpoint_options {
+    enforce_https = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+  }
+}
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/green/provider.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/provider.tf
new file mode 100644
index 000000000..ef5da9d5b
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-431-elasticsearch_enforces_https"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/green/terraform.tfvars b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/green/variables.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/iam/431-policy.json b/terraform/ecc-aws-431-elasticsearch_enforces_https/iam/431-policy.json
new file mode 100644
index 000000000..e7e730411
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/iam/431-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/red/elasticsearch.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/elasticsearch.tf
new file mode 100644
index 000000000..b0d2fbe53
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/elasticsearch.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-431-red"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/red/provider.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/provider.tf
new file mode 100644
index 000000000..d54ea9259
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-431-elasticsearch_enforces_https"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/red/terraform.tfvars b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-431-elasticsearch_enforces_https/red/variables.tf b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-431-elasticsearch_enforces_https/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/green/elasticsearch.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/green/elasticsearch.tf
new file mode 100644
index 000000000..418b272c2
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/green/elasticsearch.tf
@@ -0,0 +1,9 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-432-green"
+  elasticsearch_version = "OpenSearch_2.3"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/green/provider.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/green/provider.tf
new file mode 100644
index 000000000..8ca3688c8
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-432-elasticsearch_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/green/terraform.tfvars b/terraform/ecc-aws-432-elasticsearch_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/green/variables.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/iam/432-policy.json b/terraform/ecc-aws-432-elasticsearch_latest_version/iam/432-policy.json
new file mode 100644
index 000000000..e7e730411
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/iam/432-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/red/elasticsearch.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/red/elasticsearch.tf
new file mode 100644
index 000000000..4cf2a36f6
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/red/elasticsearch.tf
@@ -0,0 +1,9 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-432-red"
+  elasticsearch_version = "7.4"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/red/provider.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/red/provider.tf
new file mode 100644
index 000000000..1f5d7b284
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-432-elasticsearch_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/red/terraform.tfvars b/terraform/ecc-aws-432-elasticsearch_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-432-elasticsearch_latest_version/red/variables.tf b/terraform/ecc-aws-432-elasticsearch_latest_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-432-elasticsearch_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/asg.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/asg.tf
new file mode 100644
index 000000000..64dc25a58
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/asg.tf
@@ -0,0 +1,34 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "433_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "433-autoscaling_group-green"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  lifecycle {
+    ignore_changes = [load_balancers, target_group_arns]
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/elb.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/elb.tf
new file mode 100644
index 000000000..acb0782bf
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/elb.tf
@@ -0,0 +1,21 @@
+resource "aws_autoscaling_attachment" "this" {
+  autoscaling_group_name = aws_autoscaling_group.this.id
+  elb                    = aws_elb.this.id
+}
+
+resource "aws_elb" "this" {
+  name               = "elb-433-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  cross_zone_load_balancing = true
+  idle_timeout              = 400
+
+}
+
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/provider.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/provider.tf
new file mode 100644
index 000000000..1b03bac9d
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-433-autoscaling_group_has_associated_elb"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/terraform.tfvars b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/variables.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/asg.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/asg.tf
new file mode 100644
index 000000000..ae7e960f0
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/asg.tf
@@ -0,0 +1,33 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "433_launch_template_green1"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "433-autoscaling_group-green1"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  lifecycle {
+    ignore_changes = [load_balancers, target_group_arns]
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/lb.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/lb.tf
new file mode 100644
index 000000000..309352c0e
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/lb.tf
@@ -0,0 +1,16 @@
+resource "aws_autoscaling_attachment" "this" {
+  autoscaling_group_name = aws_autoscaling_group.this.id
+  lb_target_group_arn   = aws_lb_target_group.this.arn
+}
+
+resource "aws_lb_target_group" "this" {
+  name     = "lb-433-green1"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = aws_vpc.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.10.0.0/16"
+}
+
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/provider.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/provider.tf
new file mode 100644
index 000000000..1b03bac9d
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-433-autoscaling_group_has_associated_elb"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/terraform.tfvars b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/variables.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/iam/433-policy.json b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/iam/433-policy.json
new file mode 100644
index 000000000..de2970768
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/iam/433-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "autoscaling:DescribeAutoScalingGroups",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/asg.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/asg.tf
new file mode 100644
index 000000000..05d208f5a
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/asg.tf
@@ -0,0 +1,30 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "433_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "433-autoscaling_group-red"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/provider.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/provider.tf
new file mode 100644
index 000000000..a70b608d5
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-433-autoscaling_group_has_associated_elb"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/terraform.tfvars b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/variables.tf b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-433-autoscaling_group_has_associated_elb/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..341f5cb12
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-434-xray-encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/x-ray.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/x-ray.tf
new file mode 100644
index 000000000..d6a19ef19
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/green/x-ray.tf
@@ -0,0 +1,33 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt X-ray"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+# Removing this resource from Terraform has no effect to the encryption configuration within X-Ray.
+resource "aws_xray_encryption_config" "this" {
+  type   = "KMS"
+  key_id = aws_kms_key.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/iam/434-policy.json b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/iam/434-policy.json
new file mode 100644
index 000000000..b6aa49b78
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/iam/434-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action":  [
+                "xray:GetEncryptionConfig",
+                "iam:ListAccountAliases",
+                "kms:DescribeKey"
+        ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..4013a2705
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-434-xray-encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/x-ray.tf b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/x-ray.tf
new file mode 100644
index 000000000..edb1694c2
--- /dev/null
+++ b/terraform/ecc-aws-434-xray-encrypted_with_kms_cmk/red/x-ray.tf
@@ -0,0 +1,8 @@
+data "aws_kms_key" "this" {
+  key_id = "alias/aws/xray"
+}
+
+resource "aws_xray_encryption_config" "this" {
+  type   = "KMS"
+  key_id = data.aws_kms_key.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/iam.tf b/terraform/ecc-aws-435-workspaces_unused_instances/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/provider.tf b/terraform/ecc-aws-435-workspaces_unused_instances/green/provider.tf
new file mode 100644
index 000000000..80d245d3b
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-435-workspaces_unused_instances"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/terraform.tfvars b/terraform/ecc-aws-435-workspaces_unused_instances/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/variables.tf b/terraform/ecc-aws-435-workspaces_unused_instances/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/vpc.tf b/terraform/ecc-aws-435-workspaces_unused_instances/green/vpc.tf
new file mode 100644
index 000000000..599dd121a
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/vpc.tf
@@ -0,0 +1,73 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/green/workspace.tf b/terraform/ecc-aws-435-workspaces_unused_instances/green/workspace.tf
new file mode 100644
index 000000000..193bf90c4
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/green/workspace.tf
@@ -0,0 +1,51 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+# In order to create green infrastruscture, run "terraform apply", when infrastructure will be ready connect to WorkSpace.
+# Here you can find a description of how to do it: https://docs.aws.amazon.com/workspaces/latest/adminguide/getting-started.html#quick-setup-connect-workspace.  
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-435-workspaces_unused_instances/iam/435-policy.json b/terraform/ecc-aws-435-workspaces_unused_instances/iam/435-policy.json
new file mode 100644
index 000000000..bbf1efb12
--- /dev/null
+++ b/terraform/ecc-aws-435-workspaces_unused_instances/iam/435-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaces",
+                "workspaces:DescribeWorkspacesConnectionStatus",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/asg.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/asg.tf
new file mode 100644
index 000000000..38860fb56
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/asg.tf
@@ -0,0 +1,42 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "436_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name                = "436-autoscaling_group-green"
+  desired_capacity    = 1
+  max_size            = 1
+  min_size            = 1
+  vpc_zone_identifier = [aws_subnet.this.id, aws_subnet.this1.id]
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  tag {
+    key                 = "CustodianRule"
+    value               = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+    propagate_at_launch = true
+  }
+
+  tag {
+    key                 = "ComplianceStatus"
+    value               = "Green"
+    propagate_at_launch = true
+  }
+
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/provider.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/provider.tf
new file mode 100644
index 000000000..292e5bcc2
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/terraform.tfvars b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/variables.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/vpc.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/vpc.tf
new file mode 100644
index 000000000..a622af16f
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/green/vpc.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.1.0/24"
+  availability_zone = "us-east-1b"
+}
+
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/iam/436-policy.json b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/iam/436-policy.json
new file mode 100644
index 000000000..de2970768
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/iam/436-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "autoscaling:DescribeAutoScalingGroups",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/asg.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/asg.tf
new file mode 100644
index 000000000..7bf676fcb
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/asg.tf
@@ -0,0 +1,42 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "436_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "436-autoscaling_group-red"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                = "ComplianceStatus"
+        value               = "Red"
+        propagate_at_launch = true
+  }  
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/provider.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/provider.tf
new file mode 100644
index 000000000..bee311e6f
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/terraform.tfvars b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/variables.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/asg.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/asg.tf
new file mode 100644
index 000000000..51b48e69c
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/asg.tf
@@ -0,0 +1,43 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "436_launch_template_red1"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name                = "436-autoscaling_group-red1"
+  vpc_zone_identifier = [aws_subnet.this.id]
+  desired_capacity    = 1
+  max_size            = 1
+  min_size            = 1
+
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                = "ComplianceStatus"
+        value               = "Red1"
+        propagate_at_launch = true
+  } 
+  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/provider.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/provider.tf
new file mode 100644
index 000000000..599ed982d
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-436-autoscaling_group_utilize_multi_az"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/terraform.tfvars b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/variables.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/vpc.tf b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/vpc.tf
new file mode 100644
index 000000000..35967aab0
--- /dev/null
+++ b/terraform/ecc-aws-436-autoscaling_group_utilize_multi_az/red1/vpc.tf
@@ -0,0 +1,15 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
+
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/iam.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/provider.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/provider.tf
new file mode 100644
index 000000000..b6989dccb
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-437-workspaces_instances_are_healthy"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/terraform.tfvars b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/variables.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/vpc.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/vpc.tf
new file mode 100644
index 000000000..599dd121a
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/vpc.tf
@@ -0,0 +1,73 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/workspace.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/workspace.tf
new file mode 100644
index 000000000..ce6d34269
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/green/workspace.tf
@@ -0,0 +1,47 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/iam/437-policy.json b/terraform/ecc-aws-437-workspaces_instances_are_healthy/iam/437-policy.json
new file mode 100644
index 000000000..be4d37c4a
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/iam/437-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaces",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/iam.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/provider.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/provider.tf
new file mode 100644
index 000000000..c7621b4bf
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-437-workspaces_instances_are_healthy"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/terraform.tfvars b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/variables.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/vpc.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/vpc.tf
new file mode 100644
index 000000000..599dd121a
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/vpc.tf
@@ -0,0 +1,73 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/workspace.tf b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/workspace.tf
new file mode 100644
index 000000000..aa37e7b7f
--- /dev/null
+++ b/terraform/ecc-aws-437-workspaces_instances_are_healthy/red/workspace.tf
@@ -0,0 +1,58 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+# To create an UNHEALTHY WorkSpace, you can change hostname of the workstation. In order to do this:
+# 1) Connect to a workstation (https://docs.aws.amazon.com/workspaces/latest/adminguide/getting-started.html#quick-setup-connect-workspace) 
+# 2) Type the following command to edit /etc/hostname:
+#    sudo vi /etc/hostname 
+# 3) Setup a new name.
+# 4) Reboot the system to changes take effect.
+# After these steps, WorkSpaces will start rebooting process. 
+# After some time, Amazon WorkSpaces console will show status UNHEALTHY, and you won't be able to connect to WorkSpace.
+# Then you can destroy infrastructure.
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/asg.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/asg.tf
new file mode 100644
index 000000000..c1946923c
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/asg.tf
@@ -0,0 +1,41 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "438_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name                = "438-autoscaling_group-green"
+  vpc_zone_identifier = [aws_subnet.this.id, aws_subnet.this1.id]
+  desired_capacity    = 1
+  max_size            = 1
+  min_size            = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-438-autoscaling_group_has_valid_configuration"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                = "ComplianceStatus"
+        value               = "Green"
+        propagate_at_launch = true
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/provider.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/provider.tf
new file mode 100644
index 000000000..f03bd1113
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-438-autoscaling_group_has_valid_configuration"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/terraform.tfvars b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/variables.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/vpc.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/vpc.tf
new file mode 100644
index 000000000..76467c893
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/green/vpc.tf
@@ -0,0 +1,19 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.1.0/24"
+  availability_zone = "us-east-1b"
+}
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/iam/438-policy.json b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/iam/438-policy.json
new file mode 100644
index 000000000..1a2b06b68
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/iam/438-policy.json
@@ -0,0 +1,23 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeAutoScalingGroups",
+                "ec2:DescribeLaunchTemplateVersions",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeKeyPairs",
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeTags",
+                "elasticloadbalancing:DescribeTargetGroups",
+                "ec2:DescribeSnapshots",
+                "ec2:DescribeImages",
+                "elasticloadbalancing:DescribeTargetHealth"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/asg.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/asg.tf
new file mode 100644
index 000000000..a10d19d9c
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/asg.tf
@@ -0,0 +1,54 @@
+# In order to create red infrastructure manual steps are required.
+# 1. Before running 'terraform apply' create key pair using a 'ssh-keygen -f ~/key_pair -m PEM' command.
+# 2. Run 'terraform apply'.
+# 3. Go to https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs and delete '438_key_pair_red' key pair.
+# 4. Run custodian policy.
+
+
+resource "aws_key_pair" "this" {
+  key_name   = "438_key_pair_red"
+  public_key = file("${path.module}/key_pair.pub")
+}
+
+resource "aws_launch_template" "this" {
+  name_prefix   = "438_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  key_name = "438_key_pair_red"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "438-autoscaling_group-red"
+  vpc_zone_identifier = [aws_subnet.this.id]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-438-autoscaling_group_has_valid_configuration"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                 = "ComplianceStatus"
+        value               = "Red"
+        propagate_at_launch = true
+  }  
+
+}
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/provider.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/provider.tf
new file mode 100644
index 000000000..ddd8f43a9
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-438-autoscaling_group_has_valid_configuration"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/terraform.tfvars b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/variables.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/vpc.tf b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/vpc.tf
new file mode 100644
index 000000000..729083588
--- /dev/null
+++ b/terraform/ecc-aws-438-autoscaling_group_has_valid_configuration/red/vpc.tf
@@ -0,0 +1,14 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.168.0.0/24"
+  availability_zone = "us-east-1a"
+}
+
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/iam.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/provider.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/provider.tf
new file mode 100644
index 000000000..1c5380536
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-439-workspaces_storage_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/terraform.tfvars b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/variables.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/vpc.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/vpc.tf
new file mode 100644
index 000000000..3ccf1a982
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/vpc.tf
@@ -0,0 +1,72 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/green/workspace.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/workspace.tf
new file mode 100644
index 000000000..0ac562def
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/green/workspace.tf
@@ -0,0 +1,52 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  root_volume_encryption_enabled = true
+  user_volume_encryption_enabled = true
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/iam/439-policy.json b/terraform/ecc-aws-439-workspaces_storage_encrypted/iam/439-policy.json
new file mode 100644
index 000000000..be4d37c4a
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/iam/439-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaces",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/iam.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/provider.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/provider.tf
new file mode 100644
index 000000000..88ad9029c
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-439-workspaces_storage_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/terraform.tfvars b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/variables.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/vpc.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/vpc.tf
new file mode 100644
index 000000000..3ccf1a982
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/vpc.tf
@@ -0,0 +1,72 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
diff --git a/terraform/ecc-aws-439-workspaces_storage_encrypted/red/workspace.tf b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/workspace.tf
new file mode 100644
index 000000000..73d6d9a16
--- /dev/null
+++ b/terraform/ecc-aws-439-workspaces_storage_encrypted/red/workspace.tf
@@ -0,0 +1,51 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  root_volume_encryption_enabled = false
+  user_volume_encryption_enabled = false
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/backup_plan.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/backup_plan.tf
new file mode 100644
index 000000000..d9dc418a9
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/backup_plan.tf
@@ -0,0 +1,18 @@
+resource "aws_backup_vault" "this" {
+  name = "440_backup_vault_green"
+}
+
+resource "aws_backup_plan" "this" {
+  name = "440_backup_plan_green"
+
+  rule {
+    rule_name         = "440_backup_rule_green"
+    target_vault_name = aws_backup_vault.this.name
+    schedule          = "cron(0 12 * * ? *)"
+
+    lifecycle {
+      cold_storage_after = 90
+      delete_after       = 180
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/provider.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/provider.tf
new file mode 100644
index 000000000..088717c33
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-440-backup_service_compliant_lifecycle_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/terraform.tfvars b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/variables.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/iam/440-policy.json b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/iam/440-policy.json
new file mode 100644
index 000000000..88ecd1374
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/iam/440-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "backup:ListBackupPlans",
+                "backup:ListTags",
+                "backup:GetBackupPlan"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/backup_plan.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/backup_plan.tf
new file mode 100644
index 000000000..ded711021
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/backup_plan.tf
@@ -0,0 +1,17 @@
+resource "aws_backup_vault" "this" {
+  name = "440_backup_vault_red"
+}
+
+resource "aws_backup_plan" "this" {
+  name = "440_backup_plan_red"
+
+  rule {
+    rule_name         = "440_backup_rule_red"
+    target_vault_name = aws_backup_vault.this.name
+    schedule          = "cron(0 12 * * ? *)"
+
+    lifecycle {
+      cold_storage_after = 365
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/provider.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/provider.tf
new file mode 100644
index 000000000..d242b91c0
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-440-backup_service_compliant_lifecycle_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/terraform.tfvars b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/variables.tf b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/backup_plan.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/backup_plan.tf
new file mode 100644
index 000000000..99750ad9e
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/backup_plan.tf
@@ -0,0 +1,14 @@
+resource "aws_backup_vault" "this" {
+  name        = "442_backup_vault_green"
+  kms_key_arn = aws_kms_key.this.arn
+}
+
+resource "aws_kms_key" "this" {
+  description             = "242_kms_key_green"
+  deletion_window_in_days = 10
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/442_kms_alias_green"
+  target_key_id = aws_kms_key.this.key_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/provider.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/provider.tf
new file mode 100644
index 000000000..9b36f3602
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-442-backups_encrypted_with_kms_customer_master_keys"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/terraform.tfvars b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/variables.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/iam/442-policy.json b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/iam/442-policy.json
new file mode 100644
index 000000000..cfaf532b2
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/iam/442-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "backup:ListBackupVaults",
+                "kms:ListKeys",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/backup_plan.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/backup_plan.tf
new file mode 100644
index 000000000..46d000214
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/backup_plan.tf
@@ -0,0 +1,3 @@
+resource "aws_backup_vault" "this" {
+  name = "442_backup_vault_red"
+}
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/provider.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/provider.tf
new file mode 100644
index 000000000..29624b048
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-442-backups_encrypted_with_kms_customer_master_keys"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/terraform.tfvars b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/variables.tf b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/distribution.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/distribution.tf
new file mode 100644
index 000000000..bc87f27d6
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/distribution.tf
@@ -0,0 +1,64 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "https-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "https-only"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/provider.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/provider.tf
new file mode 100644
index 000000000..a77e6a0b0
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/terraform.tfvars b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/variables.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/iam/444-policy.json b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/iam/444-policy.json
new file mode 100644
index 000000000..cbefe5622
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/iam/444-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/distribution.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/distribution.tf
new file mode 100644
index 000000000..58837386c
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/distribution.tf
@@ -0,0 +1,64 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "https-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1.1"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/provider.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/provider.tf
new file mode 100644
index 000000000..22a21a2b6
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/terraform.tfvars b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/variables.tf b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/provider.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/provider.tf
new file mode 100644
index 000000000..771b9dbd2
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-445-rds_mysql_instances_latest_major_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/rds.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/rds.tf
new file mode 100644
index 000000000..fd74b8cb2
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/rds.tf
@@ -0,0 +1,17 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "8.0.27"
+  instance_class        = "db.t3.micro"
+  db_name               = "database445green"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql8.0"
+  skip_final_snapshot   = true
+}
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/terraform.tfvars b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/variables.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/iam/445-policy.json b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/iam/445-policy.json
new file mode 100644
index 000000000..e77dc54dc
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/iam/445-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/provider.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/provider.tf
new file mode 100644
index 000000000..27196dd89
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-445-rds_mysql_instances_latest_major_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/rds.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/rds.tf
new file mode 100644
index 000000000..d512ebc48
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/rds.tf
@@ -0,0 +1,17 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database445red"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+}
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/terraform.tfvars b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/variables.tf b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-445-rds_mysql_instances_latest_major_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..1d4df26e1
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-447-sqs_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/sqs.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/sqs.tf
new file mode 100644
index 000000000..5c7926bd5
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/sqs.tf
@@ -0,0 +1,60 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt SQS"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/447-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_sqs_queue" "this" {
+  name                              = "447_sqs_green"
+  delay_seconds                     = 90
+  max_message_size                  = 2048
+  message_retention_seconds         = 86400
+  receive_wait_time_seconds         = 10
+  kms_master_key_id                 = aws_kms_key.this.arn
+  kms_data_key_reuse_period_seconds = 300
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = "${aws_sqs_queue.this.id}"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.this.arn}"
+      }
+  ]
+}
+POLICY
+}
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/iam/447-policy.json b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/iam/447-policy.json
new file mode 100644
index 000000000..a0e586c0d
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/iam/447-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sqs:ListQueues",
+                "tag:GetResources",
+                "sqs:GetQueueAttributes",
+                "kms:DescribeKey",
+                "kms:ListAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..cfd751c76
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-447-sqs_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/sqs.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/sqs.tf
new file mode 100644
index 000000000..fd57d6fea
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/sqs.tf
@@ -0,0 +1,28 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "447_sqs_red"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+  kms_master_key_id                 = "alias/aws/sqs"
+  kms_data_key_reuse_period_seconds = 300
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = "${aws_sqs_queue.this.id}"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "First",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "${aws_sqs_queue.this.arn}"
+      }
+  ]
+}
+POLICY
+}
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..238733f78
--- /dev/null
+++ b/terraform/ecc-aws-447-sqs_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,11 @@
+variable "default-region" {
+  type        = string
+  default     = "eu-central-1"
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  default     = "c7n"
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/cloudfront.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/cloudfront.tf
new file mode 100644
index 000000000..7ac1953cf
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/cloudfront.tf
@@ -0,0 +1,102 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-448-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+locals {
+  s3_origin_id = "myGreenS3"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 2048 
+}
+
+resource "aws_cloudfront_public_key" "this" {
+  comment     = "448_public_key_green"
+  encoded_key = tls_private_key.this.public_key_pem
+  name        = "448_public_key_green"
+}
+
+resource "aws_cloudfront_field_level_encryption_profile" "this" {
+  name = "448_cloudfront_field_level_encryption_profile_green"
+
+  encryption_entities {
+    items {
+      public_key_id = aws_cloudfront_public_key.this.id
+      provider_id   = "448_provider_green"
+
+      field_patterns {
+        items = ["CreditCardNumber"]
+      }
+    }
+  }
+}
+
+resource "aws_cloudfront_field_level_encryption_config" "this" {
+  comment = "448_cloudfront_field_level_encryption_config_green"
+  content_type_profile_config {
+    forward_when_content_type_is_unknown = true
+
+    content_type_profiles {
+      items {
+        content_type = "application/x-www-form-urlencoded"
+        format       = "URLEncoded"
+      }
+    }
+  }
+
+  query_arg_profile_config {
+    forward_when_query_arg_profile_is_unknown = true
+
+    query_arg_profiles {
+      items {
+        profile_id = aws_cloudfront_field_level_encryption_profile.this.id
+        query_arg  = "Arg1"
+      }
+    }
+  }
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    field_level_encryption_id = aws_cloudfront_field_level_encryption_config.this.id
+    allowed_methods           = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods            = ["GET", "HEAD"]
+    target_origin_id          = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "https-only"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/provider.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/provider.tf
new file mode 100644
index 000000000..97eb62d99
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-448-cloudfront_distribution_fieldlevel_encryption"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/terraform.tfvars b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/variables.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/iam/448-policy.json b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/iam/448-policy.json
new file mode 100644
index 000000000..e4038a891
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/iam/448-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+				"cloudfront:ListDistributions",
+				"tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/cloudfront.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/cloudfront.tf
new file mode 100644
index 000000000..6d89b031e
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/cloudfront.tf
@@ -0,0 +1,49 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-448-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+    restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/provider.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/provider.tf
new file mode 100644
index 000000000..00367bc0c
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-448-cloudfront_distribution_fieldlevel_encryption"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/terraform.tfvars b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/variables.tf b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/provider.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/provider.tf
new file mode 100644
index 000000000..538b96e0a
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-449-sqs_not_open_to_everyone"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/sqs.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/sqs.tf
new file mode 100644
index 000000000..648790a59
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/sqs.tf
@@ -0,0 +1,28 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "449_sqs_green"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = aws_sqs_queue.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "449_sqs_green",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::111111111111:root"
+      },
+      "Action": "sqs:*",
+      "Resource": "${aws_sqs_queue.this.arn}"
+    }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/terraform.tfvars b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/variables.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/iam/449-policy.json b/terraform/ecc-aws-449-sqs_not_open_to_everyone/iam/449-policy.json
new file mode 100644
index 000000000..00944359b
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/iam/449-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sqs:ListQueues",
+                "tag:GetResources",
+                "sqs:GetQueueAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/provider.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/provider.tf
new file mode 100644
index 000000000..ce55a2652
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-449-sqs_not_open_to_everyone"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/sqs.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/sqs.tf
new file mode 100644
index 000000000..81e1a1ed2
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/sqs.tf
@@ -0,0 +1,26 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "449_sqs_red"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = aws_sqs_queue.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "449_sqs_red",
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:*",
+      "Resource": "${aws_sqs_queue.this.arn}"
+    }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/terraform.tfvars b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/variables.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/provider.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/provider.tf
new file mode 100644
index 000000000..906b43a43
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-449-sqs_not_open_to_everyone"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/sqs.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/sqs.tf
new file mode 100644
index 000000000..6ef33be08
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/sqs.tf
@@ -0,0 +1,28 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "449_sqs_red1"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
+resource "aws_sqs_queue_policy" "this" {
+  queue_url = aws_sqs_queue.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "sqspolicy",
+  "Statement": [
+    {
+      "Sid": "449_sqs_red1",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "*"
+      },
+      "Action": "sqs:*",
+      "Resource": "${aws_sqs_queue.this.arn}"
+    }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/terraform.tfvars b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/variables.tf b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-449-sqs_not_open_to_everyone/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/provider.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/provider.tf
new file mode 100644
index 000000000..da9276f38
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/rds.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/rds.tf
new file mode 100644
index 000000000..85c7425f6
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-451-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green451"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-451-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_parser_stats"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/terraform.tfvars b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/variables.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/iam/451-policy.json b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/iam/451-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/iam/451-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/provider.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/provider.tf
new file mode 100644
index 000000000..994edd539
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/rds.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/rds.tf
new file mode 100644
index 000000000..7ba0ddcc4
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-451-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red451"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-451-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_parser_stats"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/terraform.tfvars b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/variables.tf b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/cloudtrail.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/cloudtrail.tf
new file mode 100644
index 000000000..a3908c250
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/cloudtrail.tf
@@ -0,0 +1,61 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "452_cloudtrail_green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = false
+
+  event_selector {
+    include_management_events = true
+    read_write_type           = "WriteOnly"
+  }
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-452-bucket-green"]
+  }
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-452-bucket-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
+
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-452-bucket-green"
+  force_destroy = true
+}
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/provider.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/provider.tf
new file mode 100644
index 000000000..b403c860b
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-452-cloudtrail_logs_management_events"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/terraform.tfvars b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/variables.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/iam/452-policy.json b/terraform/ecc-aws-452-cloudtrail_logs_management_events/iam/452-policy.json
new file mode 100644
index 000000000..99a5e2e07
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/iam/452-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:GetEventSelectors",
+                "cloudtrail:DescribeTrails",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/cloudtrail.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/cloudtrail.tf
new file mode 100644
index 000000000..29b150ccb
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/cloudtrail.tf
@@ -0,0 +1,65 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "452_cloudtrail_red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = false
+
+  event_selector {
+    include_management_events = false
+    read_write_type           = "WriteOnly"
+    data_resource {
+      type   = "AWS::Lambda::Function"
+      values = ["arn:aws:lambda"]
+    }
+  
+  }
+  depends_on = [
+      aws_s3_bucket.this,
+      aws_s3_bucket_policy.this,
+    ]
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-452-bucket-red"]
+  }
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-452-bucket-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
+
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-452-bucket-red"
+  force_destroy = true
+}
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/provider.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/provider.tf
new file mode 100644
index 000000000..fd073f7c1
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-452-cloudtrail_logs_management_events"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/terraform.tfvars b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/variables.tf b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-452-cloudtrail_logs_management_events/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/event_bus.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/event_bus.tf
new file mode 100644
index 000000000..533768bf1
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/event_bus.tf
@@ -0,0 +1,26 @@
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "453_event_bus_policy_green"
+    effect = "Allow"
+    actions = [
+      "events:DescribeEventBus",
+    ]
+    resources = [
+      "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_green"
+    ]
+
+    principals {
+      type        = "AWS"
+      identifiers = ["111111111111"]
+    }
+  }
+}
+
+resource "aws_cloudwatch_event_bus_policy" "test" {
+  policy         = data.aws_iam_policy_document.this.json
+  event_bus_name = aws_cloudwatch_event_bus.this.name
+}
+
+resource "aws_cloudwatch_event_bus" "this" {
+  name = "453_event_bus_green"
+}
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/provider.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/provider.tf
new file mode 100644
index 000000000..5d0484bf9
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-453-event_bus_is_exposed_to_everyone"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/terraform.tfvars b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/variables.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/iam/453-policy.json b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/iam/453-policy.json
new file mode 100644
index 000000000..8924bfdce
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/iam/453-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "events:ListEventBuses"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/event_bus.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/event_bus.tf
new file mode 100644
index 000000000..71be20c78
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/event_bus.tf
@@ -0,0 +1,26 @@
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "453_event_bus_policy_red"
+    effect = "Allow"
+    actions = [
+      "events:DescribeEventBus",
+    ]
+    resources = [
+      "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_red"
+    ]
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+  }
+}
+
+resource "aws_cloudwatch_event_bus_policy" "test" {
+  policy         = data.aws_iam_policy_document.this.json
+  event_bus_name = aws_cloudwatch_event_bus.this.name
+}
+
+resource "aws_cloudwatch_event_bus" "this" {
+  name = "453_event_bus_red"
+}
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/provider.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/provider.tf
new file mode 100644
index 000000000..a68606e5c
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-453-event_bus_is_exposed_to_everyone"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/terraform.tfvars b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/variables.tf b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-453-event_bus_is_exposed_to_everyone/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/provider.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..cd5a639b2
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-454-postgresql_log_planner_stats_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/rds.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..ba89a749e
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-454-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green454"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-454-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_planner_stats"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/variables.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/iam/454-policy.json b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/iam/454-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/iam/454-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/provider.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..f69de148d
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-454-postgresql_log_planner_stats_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/rds.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..590856bcb
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-454-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red454"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-454-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_planner_stats"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/variables.tf b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/provider.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..6089e6c84
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-455-postgresql_log_executor_stats_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/rds.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..bb36402b9
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-455-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                          = "green455"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-455-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_executor_stats"
+    value = "0"
+  }
+}
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/variables.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/iam/455-policy.json b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/iam/455-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/iam/455-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/provider.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..134e7e9c0
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-455-postgresql_log_executor_stats_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/rds.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..4af28799a
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/rds.tf
@@ -0,0 +1,31 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-455-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red455"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-455-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_executor_stats"
+    value = "1"
+  }
+}
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/variables.tf b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/provider.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/provider.tf
new file mode 100644
index 000000000..e74188722
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/rds.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/rds.tf
new file mode 100644
index 000000000..3f509570f
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-457-green"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green457"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-457-green"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_min_error_statement"
+    value = "error"
+  }
+
+}
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/variables.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/iam/457-policy.json b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/iam/457-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/iam/457-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/provider.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/provider.tf
new file mode 100644
index 000000000..1997fdcff
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/rds.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/rds.tf
new file mode 100644
index 000000000..d606be8a9
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-457-red"
+  engine                          = "postgres"
+  engine_version                  = "13.3"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red457"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-457-red"
+  family = "postgres13"
+
+  parameter {
+    name  = "log_min_error_statement"
+    value = "info"
+  }
+
+}
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/variables.tf b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/glacier_vault.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/glacier_vault.tf
new file mode 100644
index 000000000..100098d6e
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/glacier_vault.tf
@@ -0,0 +1,26 @@
+resource "aws_glacier_vault" "this" {
+  name = "458_glacier_vault_green"
+
+  access_policy = <<EOF
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Sid": "458_glacier_vault_green",
+          "Principal": {
+            "AWS": 
+            [ 
+              "arn:aws:iam::123456789012:root", 
+              "arn:aws:iam::444455556666:root"
+            ]
+          },
+          "Effect": "Allow",
+          "Action": [
+             "glacier:ListVaults"
+          ],
+          "Resource": "arn:aws:glacier:us-east-1:123456789012:vaults/458_glacier_vault_green"
+       }
+    ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/provider.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/provider.tf
new file mode 100644
index 000000000..ec11d6e6a
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/terraform.tfvars b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/variables.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/iam/458-policy.json b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/iam/458-policy.json
new file mode 100644
index 000000000..73a3af64b
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/iam/458-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glacier:GetVaultAccessPolicy",
+                "glacier:ListVaults",
+                "glacier:ListTagsForVault"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/glacier_vault.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/glacier_vault.tf
new file mode 100644
index 000000000..ac83e55df
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/glacier_vault.tf
@@ -0,0 +1,20 @@
+resource "aws_glacier_vault" "this" {
+  name = "458_glacier_vault_red"
+
+  access_policy = <<EOF
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Sid": "458_glacier_vault_red",
+          "Principal": "*",
+          "Effect": "Allow",
+          "Action": [
+             "glacier:ListVaults"
+          ],
+          "Resource": "arn:aws:glacier:us-east-1:111111111111:vaults/458_glacier_vault_red"
+       }
+    ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/provider.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/provider.tf
new file mode 100644
index 000000000..60d0da9c5
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/terraform.tfvars b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/variables.tf b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/green/config.tf b/terraform/ecc-aws-459-config_delivery_failed/green/config.tf
new file mode 100644
index 000000000..d4fde2ebd
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/green/config.tf
@@ -0,0 +1,26 @@
+resource "aws_config_configuration_recorder_status" "this" {
+  name       = aws_config_configuration_recorder.this.name
+  is_enabled = true
+  depends_on = [aws_config_delivery_channel.this]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-459-green"
+  force_destroy = true
+
+}
+
+resource "aws_config_delivery_channel" "this" {
+  name           = "default"
+  s3_bucket_name = aws_s3_bucket.this.bucket
+}
+
+resource "aws_config_configuration_recorder" "this" {
+  name     = "default"
+  role_arn = aws_iam_role.this.arn
+
+  recording_group{
+    all_supported=false
+    resource_types = ["AWS::RDS::DBInstance"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/green/iam.tf b/terraform/ecc-aws-459-config_delivery_failed/green/iam.tf
new file mode 100644
index 000000000..d401eeff7
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/green/iam.tf
@@ -0,0 +1,48 @@
+
+resource "aws_iam_role" "this" {
+  name = "459_role_green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "config.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "459_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/green/provider.tf b/terraform/ecc-aws-459-config_delivery_failed/green/provider.tf
new file mode 100644
index 000000000..e5786fdb5
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-459-config_delivery_failed"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-459-config_delivery_failed/green/terraform.tfvars b/terraform/ecc-aws-459-config_delivery_failed/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-459-config_delivery_failed/green/variables.tf b/terraform/ecc-aws-459-config_delivery_failed/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-459-config_delivery_failed/iam/459-policy.json b/terraform/ecc-aws-459-config_delivery_failed/iam/459-policy.json
new file mode 100644
index 000000000..975dd2eaa
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/iam/459-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "config:DescribeConfigurationRecorders",
+                "config:DescribeConfigurationRecorderStatus",
+                "config:DescribeDeliveryChannels"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/red/config.tf b/terraform/ecc-aws-459-config_delivery_failed/red/config.tf
new file mode 100644
index 000000000..87abe9f84
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/red/config.tf
@@ -0,0 +1,23 @@
+# After running "terraform deploy" wait around 5-10 minutes for AWS Config recorder status to become "FAILURE" 
+
+resource "aws_config_configuration_recorder_status" "this" {
+  name       = aws_config_configuration_recorder.this.name
+  is_enabled = true
+  depends_on = [aws_config_delivery_channel.this]
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-459-red"
+  force_destroy = true
+
+}
+
+resource "aws_config_delivery_channel" "this" {
+  name           = "default"
+  s3_bucket_name = aws_s3_bucket.this.bucket
+}
+
+resource "aws_config_configuration_recorder" "this" {
+  name     = "default"
+  role_arn = aws_iam_role.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/red/iam.tf b/terraform/ecc-aws-459-config_delivery_failed/red/iam.tf
new file mode 100644
index 000000000..72adb327e
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/red/iam.tf
@@ -0,0 +1,56 @@
+
+resource "aws_iam_role" "this" {
+  name = "459_role_red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "config.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "459_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWS_ConfigRole"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "aws iam delete-role --role-name ${aws_iam_role.this.name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+  depends_on = [aws_iam_role_policy.this, aws_config_configuration_recorder_status.this, aws_config_delivery_channel.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-459-config_delivery_failed/red/provider.tf b/terraform/ecc-aws-459-config_delivery_failed/red/provider.tf
new file mode 100644
index 000000000..bbaf2bab5
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-459-config_delivery_failed"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-459-config_delivery_failed/red/terraform.tfvars b/terraform/ecc-aws-459-config_delivery_failed/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-459-config_delivery_failed/red/variables.tf b/terraform/ecc-aws-459-config_delivery_failed/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-459-config_delivery_failed/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-461-dms_latest_version/green/dms.tf b/terraform/ecc-aws-461-dms_latest_version/green/dms.tf
new file mode 100644
index 000000000..f700012a4
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/green/dms.tf
@@ -0,0 +1,11 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage            = 5
+  apply_immediately            = true
+  publicly_accessible          = false
+  replication_instance_class   = "dms.t2.micro"
+  replication_instance_id      = "dms-replication-instance-461-green"
+  engine_version               = "3.4.7"
+  depends_on = [
+    null_resource.this
+  ]
+}
diff --git a/terraform/ecc-aws-461-dms_latest_version/green/iam.tf b/terraform/ecc-aws-461-dms_latest_version/green/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/green/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/green/provider.tf b/terraform/ecc-aws-461-dms_latest_version/green/provider.tf
new file mode 100644
index 000000000..66a1aa8d5
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-461-dms_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/green/terraform.tfvars b/terraform/ecc-aws-461-dms_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-461-dms_latest_version/green/variables.tf b/terraform/ecc-aws-461-dms_latest_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/iam/461-policy.json b/terraform/ecc-aws-461-dms_latest_version/iam/461-policy.json
new file mode 100644
index 000000000..088b6134e
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/iam/461-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/red/dms.tf b/terraform/ecc-aws-461-dms_latest_version/red/dms.tf
new file mode 100644
index 000000000..c671c182c
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/red/dms.tf
@@ -0,0 +1,14 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  publicly_accessible        = false
+  engine_version             = "3.4.2"
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-461-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
diff --git a/terraform/ecc-aws-461-dms_latest_version/red/iam.tf b/terraform/ecc-aws-461-dms_latest_version/red/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/red/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/red/provider.tf b/terraform/ecc-aws-461-dms_latest_version/red/provider.tf
new file mode 100644
index 000000000..2062fa05a
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-461-dms_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-461-dms_latest_version/red/terraform.tfvars b/terraform/ecc-aws-461-dms_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-461-dms_latest_version/red/variables.tf b/terraform/ecc-aws-461-dms_latest_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-461-dms_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..b595f17a1
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/sagemaker.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/sagemaker.tf
new file mode 100644
index 000000000..6b789d87c
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/sagemaker.tf
@@ -0,0 +1,39 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "464-sagemaker-notebook-instance-green"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+  kms_key_id             = aws_kms_key.this.arn
+}
+
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Sagemaker"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/464-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+
+
+resource "aws_iam_role" "this" {
+  name = "464_role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/iam/464-policy.json b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/iam/464-policy.json
new file mode 100644
index 000000000..5b8a23021
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/iam/464-policy.json
@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListTags",
+				"kms:ListKeys",
+                "kms:ListAliases",
+                "kms:DescribeKey"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..2e545c63a
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/sagemaker.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/sagemaker.tf
new file mode 100644
index 000000000..89e562a28
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/sagemaker.tf
@@ -0,0 +1,25 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "464-sagemaker-notebook-instance-red"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+}
+
+
+resource "aws_iam_role" "this" {
+  name = "464_role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/dms.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/dms.tf
new file mode 100644
index 000000000..0a71b0064
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/dms.tf
@@ -0,0 +1,12 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage            = 5
+  apply_immediately            = true
+  publicly_accessible          = false
+  replication_instance_class   = "dms.t2.micro"
+  replication_instance_id      = "dms-replication-instance-469-green"
+  engine_version               = "3.4.6"
+   auto_minor_version_upgrade  = true
+  depends_on = [
+    null_resource.this
+  ]
+}
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/iam.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/provider.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/provider.tf
new file mode 100644
index 000000000..ca8a6b8f9
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-469-dms_auto_minor_version_upgrade"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/terraform.tfvars b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/variables.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/iam/469-policy.json b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/iam/469-policy.json
new file mode 100644
index 000000000..088b6134e
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/iam/469-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/dms.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/dms.tf
new file mode 100644
index 000000000..e641e9e26
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/dms.tf
@@ -0,0 +1,14 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  publicly_accessible        = false
+  engine_version             = "3.4.2"
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-469-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/iam.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/provider.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/provider.tf
new file mode 100644
index 000000000..5d8061739
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-469-dms_auto_minor_version_upgrade"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/terraform.tfvars b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/terraform.tfvars
new file mode 100644
index 000000000..7512f8569
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "default"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/variables.tf b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-469-dms_auto_minor_version_upgrade/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/dms.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/dms.tf
new file mode 100644
index 000000000..0f9d6b3c9
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/dms.tf
@@ -0,0 +1,45 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage            = 5
+  apply_immediately            = true
+  publicly_accessible          = false
+  replication_instance_class   = "dms.t2.micro"
+  replication_instance_id      = "dms-replication-instance-470-green"
+  engine_version               = "3.4.6"
+  auto_minor_version_upgrade   = true
+  kms_key_arn                  = aws_kms_key.this.arn
+  depends_on = [
+    null_resource.this
+  ]
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt DMS"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/470-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/iam.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..b8c8735e8
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/iam/470-policy.json b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/iam/470-policy.json
new file mode 100644
index 000000000..44b4d318d
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/iam/470-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/dms.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/dms.tf
new file mode 100644
index 000000000..a73052b33
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/dms.tf
@@ -0,0 +1,13 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  engine_version             = "3.4.6"
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-470-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/iam.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/iam.tf
new file mode 100644
index 000000000..7a62800e7
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..5c1f39b24
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..7512f8569
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "default"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/provider.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..e652125eb
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-471-oracle_audit_sys_operations_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/rds.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..dd353b070
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-471-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green471"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-471-green"
+  family = "oracle-ee-12.1"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "audit_sys_operations"
+    value = "TRUE"
+  }
+
+}
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/variables.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/iam/471-policy.json b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/iam/471-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/iam/471-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/provider.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..f07c3726b
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-471-oracle_audit_sys_operations_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/rds.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..33024c94c
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-471-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red471"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-471-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "audit_sys_operations"
+    value = "FALSE"
+  }
+}
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/variables.tf b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/provider.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/provider.tf
new file mode 100644
index 000000000..923dba7bf
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-472-oracle_audit_trail_flag_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/rds.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/rds.tf
new file mode 100644
index 000000000..b1c9657f7
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-472-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green472"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-472-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "audit_trail"
+    value = "XML"
+  }
+
+}
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/variables.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/iam/472-policy.json b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/iam/472-policy.json
new file mode 100644
index 000000000..f42a6f83c
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/iam/472-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/provider.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/provider.tf
new file mode 100644
index 000000000..a49e685b7
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-472-oracle_audit_trail_flag_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/rds.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/rds.tf
new file mode 100644
index 000000000..d3d0ddb3f
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-472-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red472"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-472-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "audit_trail"
+    value = "NONE"
+  }
+
+}
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/variables.tf b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/provider.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..589af411a
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-473-oracle_global_names_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/rds.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..1bb43f02c
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-473-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green473"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-473-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "global_names"
+    value = "TRUE"
+  }
+
+}
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/variables.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/iam/473-policy.json b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/iam/473-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/iam/473-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/provider.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..9fa7f3083
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-473-oracle_global_names_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/rds.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..259753e98
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-473-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red473"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-473-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "global_names"
+    value = "FALSE"
+  }
+}
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/variables.tf b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-473-oracle_global_names_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/provider.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/provider.tf
new file mode 100644
index 000000000..755ee90d4
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-474-oracle_remote_listener_flag_empty"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/rds.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/rds.tf
new file mode 100644
index 000000000..cd4017f39
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-474-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green474"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-474-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "remote_listener"
+    value = ""
+  }
+}
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/terraform.tfvars b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/variables.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/iam/474-policy.json b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/iam/474-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/iam/474-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/provider.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/provider.tf
new file mode 100644
index 000000000..b852597ea
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-474-oracle_remote_listener_flag_empty"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/rds.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/rds.tf
new file mode 100644
index 000000000..089fc5a50
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-474-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red474"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-474-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "remote_listener"
+    value = "10.0.159.100:1521"
+  }
+}
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/terraform.tfvars b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/variables.tf b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-474-oracle_remote_listener_flag_empty/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/provider.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/provider.tf
new file mode 100644
index 000000000..2041a1a35
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-475-oracle_sec_max_failed_attempts_flag_is_3_or_less"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/rds.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/rds.tf
new file mode 100644
index 000000000..8b22f62e4
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-475-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green475"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-475-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_max_failed_login_attempts"
+    value = "2"
+  }
+}
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/terraform.tfvars b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/variables.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/iam/475-policy.json b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/iam/475-policy.json
new file mode 100644
index 000000000..f42a6f83c
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/iam/475-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/provider.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/provider.tf
new file mode 100644
index 000000000..363f9257a
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-475-oracle_sec_max_failed_attempts_flag_is_3_or_less"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/rds.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/rds.tf
new file mode 100644
index 000000000..0ae088b7a
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-475-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red475"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-475-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_max_failed_login_attempts"
+    value = "4"
+  }
+}
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/terraform.tfvars b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/variables.tf b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/provider.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/provider.tf
new file mode 100644
index 000000000..b3785e2e6
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/rds.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/rds.tf
new file mode 100644
index 000000000..ac4cb20aa
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-476-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green476"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-476-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_protocol_error_further_action"
+    value = "(DROP,3)"
+  }
+}
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/terraform.tfvars b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/variables.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/iam/476-policy.json b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/iam/476-policy.json
new file mode 100644
index 000000000..f42a6f83c
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/iam/476-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/provider.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/provider.tf
new file mode 100644
index 000000000..80c8fa742
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/rds.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/rds.tf
new file mode 100644
index 000000000..34ef62985
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-476-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red476"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-476-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_protocol_error_further_action"
+    value = "(DROP,15)"
+  }
+}
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/terraform.tfvars b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/variables.tf b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/provider.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/provider.tf
new file mode 100644
index 000000000..b3785e2e6
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/rds.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/rds.tf
new file mode 100644
index 000000000..5f0007187
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-477-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green477"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-477-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_protocol_error_trace_action"
+    value = "LOG"
+  }
+
+}
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/terraform.tfvars b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/variables.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/iam/477-policy.json b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/iam/477-policy.json
new file mode 100644
index 000000000..f42a6f83c
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/iam/477-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/provider.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/provider.tf
new file mode 100644
index 000000000..80c8fa742
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/rds.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/rds.tf
new file mode 100644
index 000000000..aea4280df
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-477-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red477"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-477-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_protocol_error_trace_action"
+    value = "NONE"
+  }
+}
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/terraform.tfvars b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/variables.tf b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/provider.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/provider.tf
new file mode 100644
index 000000000..c81ca4afa
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/rds.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/rds.tf
new file mode 100644
index 000000000..251ab0bfd
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-478-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green478"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-478-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_return_server_release_banner"
+    value = "FALSE"
+  }
+
+}
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/terraform.tfvars b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/variables.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/iam/478-policy.json b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/iam/478-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/iam/478-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/provider.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/provider.tf
new file mode 100644
index 000000000..b766c9344
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/rds.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/rds.tf
new file mode 100644
index 000000000..6d52a90df
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/rds.tf
@@ -0,0 +1,33 @@
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-478-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red478"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-478-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sec_return_server_release_banner"
+    value = "TRUE"
+  }
+}
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/terraform.tfvars b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/variables.tf b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/provider.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..a4fba7a77
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-479-oracle_sql92_security_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/rds.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..c12fbf589
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/rds.tf
@@ -0,0 +1,32 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-479-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green479"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-479-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sql92_security"
+    value = "TRUE"
+  }
+}
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/variables.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/iam/479-policy.json b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/iam/479-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/iam/479-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/provider.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..ed1bd44c4
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-479-oracle_sql92_security_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/rds.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..2ac2fcd9a
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-479-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red479"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-479-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sql92_security"
+    value = "FALSE"
+  }
+
+}
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/variables.tf b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-479-oracle_sql92_security_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/green/provider.tf b/terraform/ecc-aws-480-oracle_trace_files_public/green/provider.tf
new file mode 100644
index 000000000..615d16f2e
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-480-oracle_trace_files_public"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/green/rds.tf b/terraform/ecc-aws-480-oracle_trace_files_public/green/rds.tf
new file mode 100644
index 000000000..f3b5022e9
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-480-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green480"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-480-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "_trace_files_public"
+    value = "FALSE"
+  }
+
+}
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/green/terraform.tfvars b/terraform/ecc-aws-480-oracle_trace_files_public/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/green/variables.tf b/terraform/ecc-aws-480-oracle_trace_files_public/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/iam/480-policy.json b/terraform/ecc-aws-480-oracle_trace_files_public/iam/480-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/iam/480-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/red/provider.tf b/terraform/ecc-aws-480-oracle_trace_files_public/red/provider.tf
new file mode 100644
index 000000000..229d4e731
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-480-oracle_trace_files_public"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/red/rds.tf b/terraform/ecc-aws-480-oracle_trace_files_public/red/rds.tf
new file mode 100644
index 000000000..9c8ff3c46
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-480-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red480"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-480-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "_trace_files_public"
+    value = "TRUE"
+  }
+
+}
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/red/terraform.tfvars b/terraform/ecc-aws-480-oracle_trace_files_public/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-480-oracle_trace_files_public/red/variables.tf b/terraform/ecc-aws-480-oracle_trace_files_public/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-480-oracle_trace_files_public/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/provider.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/provider.tf
new file mode 100644
index 000000000..417041346
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-481-oracle_resource_limit_flag_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/rds.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/rds.tf
new file mode 100644
index 000000000..93757999f
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-481-green"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green481"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-481-green"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "resource_limit"
+    value = "TRUE"
+  }
+
+}
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/terraform.tfvars b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/variables.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/iam/481-policy.json b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/iam/481-policy.json
new file mode 100644
index 000000000..02edea6f9
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/iam/481-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/provider.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/provider.tf
new file mode 100644
index 000000000..8c252e5ad
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-481-oracle_resource_limit_flag_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/rds.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/rds.tf
new file mode 100644
index 000000000..cfd704c61
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-481-red"
+  engine                          = "oracle-ee"
+  engine_version                  = "19.0.0.0.ru-2019-10.rur-2019-10.r1"
+  instance_class                  = "db.t3.small"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red481"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-481-red"
+  family = "oracle-ee-19"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "resource_limit"
+    value = "FALSE"
+  }
+
+}
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/terraform.tfvars b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/variables.tf b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-481-oracle_resource_limit_flag_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/dms.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/green/dms.tf
new file mode 100644
index 000000000..9be2c67cb
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/dms.tf
@@ -0,0 +1,34 @@
+resource "aws_dms_replication_subnet_group" "this" {
+  replication_subnet_group_description = "482_subnet_group_green"
+  replication_subnet_group_id          = "subnet-group-green"
+  
+
+  subnet_ids = [
+    aws_subnet.subnet1.id,
+    aws_subnet.subnet2.id
+  ]
+  
+  depends_on = [
+     aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole
+  ]
+    lifecycle {
+    ignore_changes = [
+    replication_subnet_group_id,
+    tags,
+    ]
+  }
+}
+
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage            = 5
+  apply_immediately            = true
+  multi_az                     = true
+  publicly_accessible          = false
+  replication_instance_class   = "dms.t2.micro"
+  replication_instance_id      = "dms-replication-instance-482-green"
+  replication_subnet_group_id  = aws_dms_replication_subnet_group.this.id
+  depends_on = [
+    null_resource.this,
+    aws_dms_replication_subnet_group.this
+  ]
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/iam.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/green/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/provider.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/green/provider.tf
new file mode 100644
index 000000000..bf3c18d78
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-482-dms_multi_az_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/terraform.tfvars b/terraform/ecc-aws-482-dms_multi_az_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/variables.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/green/vpc.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/green/vpc.tf
new file mode 100644
index 000000000..c46b81cb6
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/green/vpc.tf
@@ -0,0 +1,20 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a" 
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "482_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/iam/482-policy.json b/terraform/ecc-aws-482-dms_multi_az_enabled/iam/482-policy.json
new file mode 100644
index 000000000..06d20e556
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/iam/482-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/red/dms.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/red/dms.tf
new file mode 100644
index 000000000..793e1429c
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/red/dms.tf
@@ -0,0 +1,14 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  multi_az                   = false
+  publicly_accessible        = false
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-482-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/red/iam.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/red/iam.tf
new file mode 100644
index 000000000..010b5281c
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/red/iam.tf
@@ -0,0 +1,53 @@
+  data "aws_iam_policy_document" "dms_assume_role" {
+    statement {
+      actions = ["sts:AssumeRole"]
+
+      principals {
+        identifiers = ["dms.amazonaws.com"]
+        type        = "Service"
+      }
+    }
+  }
+
+  resource "aws_iam_role" "dms-access-for-endpoint" {
+    assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+    name               = "dms-access-for-endpoint"
+  }
+
+  resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+    role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+  }
+
+  resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+    assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+    name               = "dms-cloudwatch-logs-role"
+  }
+
+  resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+    role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+  }
+
+  resource "aws_iam_role" "dms-vpc-role" {
+    assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+    name               = "dms-vpc-role"
+  }
+
+  resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+    policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+    role       = "${aws_iam_role.dms-vpc-role.name}"
+  }
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/red/provider.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/red/provider.tf
new file mode 100644
index 000000000..5f5ebbf48
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-482-dms_multi_az_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/red/terraform.tfvars b/terraform/ecc-aws-482-dms_multi_az_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-482-dms_multi_az_enabled/red/variables.tf b/terraform/ecc-aws-482-dms_multi_az_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-482-dms_multi_az_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/ebs.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/ebs.tf
new file mode 100644
index 000000000..5b5fb594a
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/ebs.tf
@@ -0,0 +1,42 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 5
+  encrypted         = true
+  kms_key_id        = aws_kms_key.this.arn
+  
+  tags = {
+    Name = "487-ebs-volume-green"
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt EBS Volume"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/487-green"
+  target_key_id = aws_kms_key.this.key_id
+}
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..0087ef557
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-487-ebs_volume_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/iam/487-policy.json b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/iam/487-policy.json
new file mode 100644
index 000000000..4823a72c9
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/iam/487-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes",
+                "kms:ListAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/ebs.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/ebs.tf
new file mode 100644
index 000000000..75be1c6bf
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/ebs.tf
@@ -0,0 +1,9 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 5
+  encrypted         = true
+  
+  tags = {
+    Name = "487-ebs-volume-red"
+  }
+}
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..ef8995f20
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-487-ebs_volume_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/ebs.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/ebs.tf
new file mode 100644
index 000000000..dc80845da
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/ebs.tf
@@ -0,0 +1,12 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
+
+resource "aws_ebs_encryption_by_default" "this" {
+  enabled = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/provider.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/provider.tf
new file mode 100644
index 000000000..0cffc7b0e
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-488-ebs_snapshot_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/terraform.tfvars b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/variables.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/iam/488-policy.json b/terraform/ecc-aws-488-ebs_snapshot_encrypted/iam/488-policy.json
new file mode 100644
index 000000000..b12c0a19d
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/iam/488-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSnapshots"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/ebs.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/ebs.tf
new file mode 100644
index 000000000..be01e3436
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/ebs.tf
@@ -0,0 +1,12 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
+
+resource "aws_ebs_encryption_by_default" "this" {
+  enabled = false
+}
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/provider.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/provider.tf
new file mode 100644
index 000000000..db960f5cd
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-488-ebs_snapshot_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/terraform.tfvars b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/variables.tf b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-488-ebs_snapshot_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/green/ebs.tf b/terraform/ecc-aws-489-unused_ebs_volumes/green/ebs.tf
new file mode 100644
index 000000000..9ca55d0ed
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/green/ebs.tf
@@ -0,0 +1,25 @@
+resource "aws_volume_attachment" "this" {
+  device_name = "/dev/sdh"
+  volume_id   = aws_ebs_volume.this.id
+  instance_id = aws_instance.this.id
+}
+resource "aws_instance" "this" {
+  ami               = data.aws_ami.this.id
+  instance_type     = "t2.nano"
+  availability_zone = "us-east-1a"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/green/provider.tf b/terraform/ecc-aws-489-unused_ebs_volumes/green/provider.tf
new file mode 100644
index 000000000..7e3d77248
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-489-unused_ebs_volumes"
+      ComplianceStatus = "Green"
+      Name             = "489-unused_ebs_volumes_green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/green/terraform.tfvars b/terraform/ecc-aws-489-unused_ebs_volumes/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/green/variables.tf b/terraform/ecc-aws-489-unused_ebs_volumes/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/iam/489-policy.json b/terraform/ecc-aws-489-unused_ebs_volumes/iam/489-policy.json
new file mode 100644
index 000000000..6225f200f
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/iam/489-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/red/ebs.tf b/terraform/ecc-aws-489-unused_ebs_volumes/red/ebs.tf
new file mode 100644
index 000000000..8d2ef7aa8
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/red/ebs.tf
@@ -0,0 +1,4 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 1
+}
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/red/provider.tf b/terraform/ecc-aws-489-unused_ebs_volumes/red/provider.tf
new file mode 100644
index 000000000..6bc3e439a
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/red/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-489-unused_ebs_volumes"
+      ComplianceStatus = "Red"
+      Name             = "489-unused_ebs_volumes_red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/red/terraform.tfvars b/terraform/ecc-aws-489-unused_ebs_volumes/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-489-unused_ebs_volumes/red/variables.tf b/terraform/ecc-aws-489-unused_ebs_volumes/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-489-unused_ebs_volumes/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/green/ec2.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/green/ec2.tf
new file mode 100644
index 000000000..521a92514
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/green/ec2.tf
@@ -0,0 +1,33 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  key_name      = aws_key_pair.this.key_name
+
+  provisioner "local-exec" {
+    command = "aws ec2 stop-instances --instance-ids ${aws_instance.this.id}"
+  }
+
+  tags = {
+    Name = "490_instance_green"
+  }
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+
+resource "aws_key_pair" "this" {
+  key_name   = "490_key_pair_green"
+  public_key = tls_private_key.this.public_key_openssh
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/green/provider.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/green/provider.tf
new file mode 100644
index 000000000..66441d9eb
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-490-unused_ec2_access_keys"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/green/terraform.tfvars b/terraform/ecc-aws-490-unused_ec2_access_keys/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/green/variables.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/iam/490-policy.json b/terraform/ecc-aws-490-unused_ec2_access_keys/iam/490-policy.json
new file mode 100644
index 000000000..805ccb1cd
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/iam/490-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeKeyPairs",
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/red/ec2.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/red/ec2.tf
new file mode 100644
index 000000000..bc44aabe2
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/red/ec2.tf
@@ -0,0 +1,10 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "this" {
+  key_name   = "490_key_pair_red"
+  public_key = tls_private_key.this.public_key_openssh
+}
+
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/red/provider.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/red/provider.tf
new file mode 100644
index 000000000..4cac0ea00
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-490-unused_ec2_access_keys"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/red/terraform.tfvars b/terraform/ecc-aws-490-unused_ec2_access_keys/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-490-unused_ec2_access_keys/red/variables.tf b/terraform/ecc-aws-490-unused_ec2_access_keys/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-490-unused_ec2_access_keys/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/provider.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/provider.tf
new file mode 100644
index 000000000..640aadb91
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/rds.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/rds.tf
new file mode 100644
index 000000000..4e5c54ca6
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-492-green"
+  engine                          = "mysql"
+  engine_version                  = "8.0.28"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "green492"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-492-green"
+  family = "mysql8.0"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sql_mode"
+    value = "ALLOW_INVALID_DATES,STRICT_ALL_TABLES,IGNORE_SPACE"
+  }
+
+}
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/terraform.tfvars b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/variables.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/iam/492-policy.json b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/iam/492-policy.json
new file mode 100644
index 000000000..21457f687
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/iam/492-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/provider.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/provider.tf
new file mode 100644
index 000000000..ca25ca3f7
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/rds.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/rds.tf
new file mode 100644
index 000000000..fa724ae97
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/rds.tf
@@ -0,0 +1,33 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-492-red"
+  engine                          = "mysql"
+  engine_version                  = "8.0.28"
+  instance_class                  = "db.t3.micro"
+  allocated_storage               = 10
+  storage_type                    = "gp2"
+  db_name                         = "red492"
+  username                        = "root"
+  password                        = random_password.this.result
+  skip_final_snapshot             = true
+  parameter_group_name            = aws_db_parameter_group.this.id
+
+  depends_on = [aws_db_parameter_group.this]
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-492-red"
+  family = "mysql8.0"
+
+  parameter {
+    apply_method = "pending-reboot"
+    name  = "sql_mode"
+    value = "NO_BACKSLASH_ESCAPES"
+  }
+
+}
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/terraform.tfvars b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/variables.tf b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/iam.tf b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/provider.tf b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/provider.tf
new file mode 100644
index 000000000..6ad4fc63b
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-493-workspaces_images_not_older_than_90_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/terraform.tfvars b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/variables.tf b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/vpc.tf b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/vpc.tf
new file mode 100644
index 000000000..fc25274be
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/vpc.tf
@@ -0,0 +1,73 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/workspace.tf b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/workspace.tf
new file mode 100644
index 000000000..12c4b93af
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/green/workspace.tf
@@ -0,0 +1,52 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Admin"
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  tags = {
+    Name = "Workspace-c7n"
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
diff --git a/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/iam/493-policy.json b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/iam/493-policy.json
new file mode 100644
index 000000000..59723a577
--- /dev/null
+++ b/terraform/ecc-aws-493-workspaces_images_not_older_than_90_days/iam/493-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaceImages",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/iam.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/provider.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/provider.tf
new file mode 100644
index 000000000..62f6546e5
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-494-workspaces_web_access_disabled"
+      ComplianceStatus = "Green"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/terraform.tfvars b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/variables.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/vpc.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/vpc.tf
new file mode 100644
index 000000000..2ceaf7a86
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/vpc.tf
@@ -0,0 +1,57 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/green/workspace.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/workspace.tf
new file mode 100644
index 000000000..f1497a58b
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/green/workspace.tf
@@ -0,0 +1,25 @@
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-clj85qzj1" # Standard with Amazon Linux 2
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/iam/494-policy.json b/terraform/ecc-aws-494-workspaces_web_access_disabled/iam/494-policy.json
new file mode 100644
index 000000000..3ea44bed1
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/iam/494-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaceDirectories",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/iam.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/provider.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/provider.tf
new file mode 100644
index 000000000..760019339
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-494-workspaces_web_access_disabled"
+      ComplianceStatus = "Red"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/terraform.tfvars b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/variables.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/vpc.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/vpc.tf
new file mode 100644
index 000000000..2ceaf7a86
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/vpc.tf
@@ -0,0 +1,57 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-494-workspaces_web_access_disabled/red/workspace.tf b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/workspace.tf
new file mode 100644
index 000000000..8bd8a5246
--- /dev/null
+++ b/terraform/ecc-aws-494-workspaces_web_access_disabled/red/workspace.tf
@@ -0,0 +1,29 @@
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-clj85qzj1" # Standard with Amazon Linux 2
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  workspace_access_properties {
+    device_type_web = "ALLOW"
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/fsx.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/fsx.tf
new file mode 100644
index 000000000..665bfcc38
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/fsx.tf
@@ -0,0 +1,22 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt FSx"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/495-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this1.id]
+  kms_key_id                      = aws_kms_key.this.arn
+  automatic_backup_retention_days = 0
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+
+}
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..4ee4f2f20
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/vpc.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/iam/495-policy.json b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/iam/495-policy.json
new file mode 100644
index 000000000..a37b9f062
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/iam/495-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kms:ListKeys",
+                "fsx:DescribeFileSystems",
+                "kms:ListAliases",
+                "kms:DescribeKey",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/fsx.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/fsx.tf
new file mode 100644
index 000000000..376f4a51f
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/fsx.tf
@@ -0,0 +1,12 @@
+resource "aws_fsx_ontap_file_system" "this" {
+  storage_capacity                = 1024
+  subnet_ids                      = [aws_subnet.this1.id, aws_subnet.this2.id]
+  deployment_type                 = "MULTI_AZ_1"
+  throughput_capacity             = 512
+  preferred_subnet_id             = aws_subnet.this1.id
+  automatic_backup_retention_days = 0
+  
+  tags = {
+    Name = "495_fsx_ontap_file_system_red"
+  }
+}
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..52a4ed166
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/vpc.tf b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/iam.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/iam.tf
new file mode 100644
index 000000000..4913cb177
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/iam.tf
@@ -0,0 +1,39 @@
+resource "aws_iam_role" "firehose_role" {
+  name = "496_firehose_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "firehose.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role" "lambda_iam" {
+  name = "496_lambda_iam_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/kinesis.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/kinesis.tf
new file mode 100644
index 000000000..7561e291b
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/kinesis.tf
@@ -0,0 +1,12 @@
+resource "aws_kinesis_firehose_delivery_stream" "this" {
+  name        = "496_kinesis_firehose_green"
+  destination = "extended_s3"
+  server_side_encryption{
+    enabled = true
+  }
+  extended_s3_configuration{
+    role_arn   = aws_iam_role.firehose_role.arn
+    bucket_arn = aws_s3_bucket.this.arn
+  }
+}
+
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/provider.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/provider.tf
new file mode 100644
index 000000000..76e6e51fa
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/s3.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/s3.tf
new file mode 100644
index 000000000..7029ce193
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/s3.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "496-s3-bucket-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/terraform.tfvars b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/variables.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/iam.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/iam.tf
new file mode 100644
index 000000000..6557d4697
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/iam.tf
@@ -0,0 +1,81 @@
+resource "aws_iam_role" "this" {
+  name = "496_role_green1"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "firehose.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+
+
+resource "aws_iam_role_policy" "this" {
+  name = "787_policy_green1"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kinesis:*"
+            ],
+            "Resource": "${aws_kinesis_stream.this.arn}"
+        }
+    ]
+  }
+  EOF
+}
+
+resource "aws_iam_role" "firehose_role" {
+  name = "496_firehose_role_green1"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "firehose.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role" "lambda_iam" {
+  name = "lambda_iam"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/kinesis.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/kinesis.tf
new file mode 100644
index 000000000..143a5ce25
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/kinesis.tf
@@ -0,0 +1,19 @@
+resource "aws_kinesis_firehose_delivery_stream" "this" {
+  name        = "496_kinesis_firehose_green1"
+  destination = "extended_s3"
+
+  kinesis_source_configuration{
+    kinesis_stream_arn = aws_kinesis_stream.this.arn
+    role_arn = aws_iam_role.this.arn
+  }
+  extended_s3_configuration{
+    role_arn   = aws_iam_role.firehose_role.arn
+    bucket_arn = aws_s3_bucket.this.arn
+  }
+}
+
+resource "aws_kinesis_stream" "this" {
+  name             = "496_kinesis_stream_green1"
+  shard_count      = 1
+  encryption_type  = "NONE"
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/provider.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/provider.tf
new file mode 100644
index 000000000..76a5ab9b7
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/s3.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/s3.tf
new file mode 100644
index 000000000..7a5c0edb3
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/s3.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "496-s3-bucket-green1"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/terraform.tfvars b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/variables.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/iam/496-policy.json b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/iam/496-policy.json
new file mode 100644
index 000000000..2e2290c92
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/iam/496-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "firehose:DescribeDeliveryStream",
+                "firehose:ListDeliveryStreams",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/iam.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/iam.tf
new file mode 100644
index 000000000..8ced83dab
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/iam.tf
@@ -0,0 +1,39 @@
+resource "aws_iam_role" "firehose_role" {
+  name = "496_firehose_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "firehose.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role" "lambda_iam" {
+  name = "496_lambda_iam_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/kinesis.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/kinesis.tf
new file mode 100644
index 000000000..860be08bf
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/kinesis.tf
@@ -0,0 +1,9 @@
+resource "aws_kinesis_firehose_delivery_stream" "this" {
+  name        = "496_kinesis_firehose_red"
+  destination = "extended_s3"
+  extended_s3_configuration{
+    role_arn   = aws_iam_role.firehose_role.arn
+    bucket_arn = aws_s3_bucket.this.arn
+  }
+}
+
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/provider.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/provider.tf
new file mode 100644
index 000000000..9fbdac4f8
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/s3.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/s3.tf
new file mode 100644
index 000000000..d5e3a563d
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/s3.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "496-s3-bucket-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/terraform.tfvars b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/variables.tf b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.py b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.zip b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/lambda.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/lambda.tf
new file mode 100644
index 000000000..a7792e30f
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/lambda.tf
@@ -0,0 +1,60 @@
+resource "aws_iam_role" "this" {
+  name = "497_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "497_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface",
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords",
+                "xray:GetSamplingRules",
+                "xray:GetSamplingTargets",
+                "xray:GetSamplingStatisticSummaries"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "497_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+
+  tracing_config {
+    mode = "Active"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/provider.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/provider.tf
new file mode 100644
index 000000000..fd9d93d78
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-497-lambda_active_tracing_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/terraform.tfvars b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/variables.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/iam/497-policy.json b/terraform/ecc-aws-497-lambda_active_tracing_enabled/iam/497-policy.json
new file mode 100644
index 000000000..a9c17bd73
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/iam/497-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.py b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.zip b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/lambda.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/lambda.tf
new file mode 100644
index 000000000..ebebdae3d
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "497_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "497_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+                ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "497_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/provider.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/provider.tf
new file mode 100644
index 000000000..a65da771a
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-497-lambda_active_tracing_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/terraform.tfvars b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/variables.tf b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-497-lambda_active_tracing_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/provider.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/provider.tf
new file mode 100644
index 000000000..7b8cfc8cf
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-499-sagemaker_endpoint_configuration_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/sagemaker.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/sagemaker.tf
new file mode 100644
index 000000000..e29cafdb5
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/sagemaker.tf
@@ -0,0 +1,54 @@
+resource "aws_sagemaker_endpoint_configuration" "this" {
+  name         = "499-endpoint-configuration-green"
+  kms_key_arn  = aws_kms_key.this.arn
+
+  production_variants {
+    variant_name           = "499-variant-green"
+    model_name             = aws_sagemaker_model.this.name
+    initial_instance_count = 1
+    instance_type          = "ml.t2.medium"
+
+  }
+}
+
+
+resource "aws_sagemaker_model" "this" {
+  name                     = "sagemaker-model-499-green"
+  execution_role_arn       = aws_iam_role.this.arn
+  enable_network_isolation = true
+
+  primary_container {
+    image = data.aws_sagemaker_prebuilt_ecr_image.this.registry_path
+  }
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sagemaker.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_sagemaker_prebuilt_ecr_image" "this" {
+  repository_name = "kmeans"
+}
+
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Sagemaker"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/499-green"
+  target_key_id = aws_kms_key.this.key_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/terraform.tfvars b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/variables.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/iam/499-policy.json b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/iam/499-policy.json
new file mode 100644
index 000000000..04693f5ac
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/iam/499-policy.json
@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:ListEndpointConfigs",
+                "sagemaker:DescribeEndpointConfig",
+                "sagemaker:ListTags",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/provider.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/provider.tf
new file mode 100644
index 000000000..7086e881c
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-499-sagemaker_endpoint_configuration_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/sagemaker.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/sagemaker.tf
new file mode 100644
index 000000000..b9f06d737
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/sagemaker.tf
@@ -0,0 +1,39 @@
+resource "aws_sagemaker_endpoint_configuration" "this" {
+  name         = "499-endpoint-configuration-red"
+
+  production_variants {
+    variant_name           = "499-variant-red"
+    model_name             = aws_sagemaker_model.this.name
+    initial_instance_count = 1
+    instance_type          = "ml.t2.medium"
+  }
+}
+
+resource "aws_sagemaker_model" "this" {
+  name                     = "sagemaker-model-499-red"
+  execution_role_arn       = aws_iam_role.this.arn
+  enable_network_isolation = true
+
+  primary_container {
+    image = data.aws_sagemaker_prebuilt_ecr_image.this.registry_path
+  }
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sagemaker.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_sagemaker_prebuilt_ecr_image" "this" {
+  repository_name = "kmeans"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/terraform.tfvars b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/variables.tf b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/encryption.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/encryption.tf
new file mode 100644
index 000000000..1e8a2464f
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/encryption.tf
@@ -0,0 +1,31 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Lambda Variables"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/500-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.py b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.py
new file mode 100644
index 000000000..76eda3b9a
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.py
@@ -0,0 +1,8 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.zip b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/lambda.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/lambda.tf
new file mode 100644
index 000000000..478f6f895
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/lambda.tf
@@ -0,0 +1,58 @@
+resource "aws_iam_role" "this" {
+  name = "500_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "500_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "500_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+  kms_key_arn   = aws_kms_key.this.arn
+
+  environment {
+    variables = {
+      foo = "bar"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..9bfaf9c44
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-500-lambda_variables_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/iam/500-policy.json b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/iam/500-policy.json
new file mode 100644
index 000000000..84a666468
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/iam/500-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.py b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.zip b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/lambda.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/lambda.tf
new file mode 100644
index 000000000..432adc228
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/lambda.tf
@@ -0,0 +1,57 @@
+resource "aws_iam_role" "this" {
+  name = "500_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "500_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "500_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+
+  environment {
+    variables = {
+      foo = "bar"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..fa174d839
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-500-lambda_variables_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/provider.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/provider.tf
new file mode 100644
index 000000000..16dca7018
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-501-sagemaker_instance_root_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/sagemaker.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/sagemaker.tf
new file mode 100644
index 000000000..ec1aa5361
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/sagemaker.tf
@@ -0,0 +1,25 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "501-sagemaker-notebook-instance-green"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+  root_access            = "Disabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "501_role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/terraform.tfvars b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/variables.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/iam/501-policy.json b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/iam/501-policy.json
new file mode 100644
index 000000000..5ecf77bb8
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/iam/501-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/provider.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/provider.tf
new file mode 100644
index 000000000..72a113123
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-501-sagemaker_instance_root_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/sagemaker.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/sagemaker.tf
new file mode 100644
index 000000000..e8e0f07ae
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/sagemaker.tf
@@ -0,0 +1,25 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "501-sagemaker-notebook-instance-red"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+  root_access            = "Enabled"
+}
+
+resource "aws_iam_role" "this" {
+  name = "501_role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/terraform.tfvars b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/variables.tf b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-501-sagemaker_instance_root_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/mq.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/mq.tf
new file mode 100644
index 000000000..1ec4f8e7c
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/mq.tf
@@ -0,0 +1,18 @@
+resource "aws_mq_broker" "this" {
+  broker_name = "mq-broker-502-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+  auto_minor_version_upgrade = true
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/provider.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/provider.tf
new file mode 100644
index 000000000..c9eae9cbf
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-502-mq_brocker_auto_minor_version_upgrade_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/terraform.tfvars b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/variables.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json
new file mode 100644
index 000000000..e69de29bb
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/mq.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/mq.tf
new file mode 100644
index 000000000..43f6933cf
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/mq.tf
@@ -0,0 +1,18 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-502-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+  auto_minor_version_upgrade = false
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/provider.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/provider.tf
new file mode 100644
index 000000000..c39e9d13c
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-502-mq_brocker_auto_minor_version_upgrade_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/terraform.tfvars b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/variables.tf b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/green/mq.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/mq.tf
new file mode 100644
index 000000000..a4d04d313
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/mq.tf
@@ -0,0 +1,38 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-503-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+  
+ logs {
+    audit   = true
+    general = true
+  }
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name                = "mq-broker-rabbit-503-green"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.9.16"
+  host_instance_type         = "mq.t3.micro"
+  publicly_accessible        = true
+  
+  logs {
+    general = true
+  }
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+
+resource "random_password" "this" {
+  length           = 12
+}
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/green/provider.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..9678ffa34
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-503-mq_broker_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/green/variables.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/iam/503-policy.json b/terraform/ecc-aws-503-mq_broker_logging_enabled/iam/503-policy.json
new file mode 100644
index 000000000..763731c00
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/iam/503-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/red/mq.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/mq.tf
new file mode 100644
index 000000000..870533e47
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/mq.tf
@@ -0,0 +1,28 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-503-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name                = "mq-broker-rabbit-503-red"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.9.16"
+  host_instance_type         = "mq.t3.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+
+resource "random_password" "this" {
+  length           = 12
+}
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/red/provider.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..6396796f4
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-503-mq_broker_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-503-mq_broker_logging_enabled/red/variables.tf b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-503-mq_broker_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/provider.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/provider.tf
new file mode 100644
index 000000000..567aca9e5
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-504-sagemaker_network_isolation_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/sagemaker.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/sagemaker.tf
new file mode 100644
index 000000000..7155c9de7
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/sagemaker.tf
@@ -0,0 +1,28 @@
+resource "aws_sagemaker_model" "this" {
+  name                     = "sagemaker-model-504-green"
+  execution_role_arn       = aws_iam_role.this.arn
+  enable_network_isolation = true
+
+  primary_container {
+    image = data.aws_sagemaker_prebuilt_ecr_image.this.registry_path
+  }
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sagemaker.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_sagemaker_prebuilt_ecr_image" "this" {
+  repository_name = "kmeans"
+}
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/terraform.tfvars b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/variables.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/iam/504-policy.json b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/iam/504-policy.json
new file mode 100644
index 000000000..f8b586b96
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/iam/504-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:ListModels",
+                "sagemaker:DescribeModel",
+                "sagemaker:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/provider.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/provider.tf
new file mode 100644
index 000000000..c6c7e6a4d
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-504-sagemaker_network_isolation_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/sagemaker.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/sagemaker.tf
new file mode 100644
index 000000000..68e674e28
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/sagemaker.tf
@@ -0,0 +1,28 @@
+resource "aws_sagemaker_model" "this" {
+  name                     = "sagemaker-model-504-red"
+  execution_role_arn       = aws_iam_role.this.arn
+  enable_network_isolation = false
+
+  primary_container {
+    image = data.aws_sagemaker_prebuilt_ecr_image.this.registry_path
+  }
+}
+
+resource "aws_iam_role" "this" {
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sagemaker.amazonaws.com"]
+    }
+  }
+}
+
+data "aws_sagemaker_prebuilt_ecr_image" "this" {
+  repository_name = "kmeans"
+}
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/terraform.tfvars b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/variables.tf b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-504-sagemaker_network_isolation_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/provider.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/provider.tf
new file mode 100644
index 000000000..6009b1a1f
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-505-route53_domain_automatic_renewal_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/register-domain.json b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/register-domain.json
new file mode 100644
index 000000000..a030e025c
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "505-domain-green.click",
+    "DurationInYears": 1,
+    "AutoRenew": true,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/route53.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/route53.tf
new file mode 100644
index 000000000..ea03f65a9
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/route53.tf
@@ -0,0 +1,20 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "505-domain-green.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/terraform.tfvars b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/variables.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/iam/505-policy.json b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/iam/505-policy.json
new file mode 100644
index 000000000..280a3209e
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/iam/505-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53domains:ListDomains",
+                "route53domains:ListTagsForDomain"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/provider.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/provider.tf
new file mode 100644
index 000000000..69a7245a0
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-505-route53_domain_automatic_renewal_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/register-domain.json b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/register-domain.json
new file mode 100644
index 000000000..1fd2b3c2c
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "505-domain-red.click",
+    "DurationInYears": 1,
+    "AutoRenew": false,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/route53.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/route53.tf
new file mode 100644
index 000000000..e898e2873
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/route53.tf
@@ -0,0 +1,20 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "505-domain-red.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/terraform.tfvars b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/variables.tf b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-505-route53_domain_automatic_renewal_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/mq.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/mq.tf
new file mode 100644
index 000000000..47842bab1
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/mq.tf
@@ -0,0 +1,18 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-506-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+  publicly_accessible        = false
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/provider.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/provider.tf
new file mode 100644
index 000000000..58579f9a1
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-506-mq_broker_not_publicly_accessible"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/terraform.tfvars b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/variables.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/iam/506-policy.json b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/iam/506-policy.json
new file mode 100644
index 000000000..76c2595f7
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/iam/506-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/mq.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/mq.tf
new file mode 100644
index 000000000..54160e404
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/mq.tf
@@ -0,0 +1,16 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-506-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+  publicly_accessible        = true
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/provider.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/provider.tf
new file mode 100644
index 000000000..80204f84d
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-506-mq_broker_not_publicly_accessible"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/terraform.tfvars b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/variables.tf b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-506-mq_broker_not_publicly_accessible/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/provider.tf b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/provider.tf
new file mode 100644
index 000000000..4a2528e10
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-507-route53_domain_expires_in_30_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/register-domain.json b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/register-domain.json
new file mode 100644
index 000000000..22f9a5de6
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "507-domain-green.click",
+    "DurationInYears": 1,
+    "AutoRenew": false,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/route53.tf b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/route53.tf
new file mode 100644
index 000000000..13ebf5f3c
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/route53.tf
@@ -0,0 +1,20 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "507-domain-green.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/terraform.tfvars b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/variables.tf b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-507-route53_domain_expires_in_30_days/iam/507-policy.json b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/iam/507-policy.json
new file mode 100644
index 000000000..280a3209e
--- /dev/null
+++ b/terraform/ecc-aws-507-route53_domain_expires_in_30_days/iam/507-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53domains:ListDomains",
+                "route53domains:ListTagsForDomain"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/mq.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/mq.tf
new file mode 100644
index 000000000..36233eced
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/mq.tf
@@ -0,0 +1,20 @@
+resource "aws_mq_broker" "this" {
+  broker_name         = "mq-broker-508-green"
+  engine_type         = "ActiveMQ"
+  engine_version      = "5.15.9"
+  host_instance_type  = "mq.t2.micro"
+  publicly_accessible = true
+  deployment_mode     = "ACTIVE_STANDBY_MULTI_AZ"
+  security_groups     = [aws_security_group.this.id]
+  subnet_ids          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length = 12
+}
+
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/provider.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/provider.tf
new file mode 100644
index 000000000..541c86cf6
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-508-mq_broker_open_to_all_ports_protocols"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/terraform.tfvars b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/variables.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/vpc.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/vpc.tf
new file mode 100644
index 000000000..fb194085f
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/green/vpc.tf
@@ -0,0 +1,38 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "508_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 8162
+    to_port     = 8162
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  ingress {
+    from_port   = 61617
+    to_port     = 61617
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/iam/508-policy.json b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/iam/508-policy.json
new file mode 100644
index 000000000..76c2595f7
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/iam/508-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/mq.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/mq.tf
new file mode 100644
index 000000000..188ae1242
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/mq.tf
@@ -0,0 +1,20 @@
+resource "aws_mq_broker" "this" {
+  broker_name         = "mq-broker-508-red"
+  engine_type         = "ActiveMQ"
+  engine_version      = "5.15.9"
+  host_instance_type  = "mq.t2.micro"
+  publicly_accessible = true
+  deployment_mode     = "ACTIVE_STANDBY_MULTI_AZ"
+  security_groups     = [aws_security_group.this.id]
+  subnet_ids          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length = 12
+}
+
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/provider.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/provider.tf
new file mode 100644
index 000000000..3a355a893
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-508-mq_broker_open_to_all_ports_protocols"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/terraform.tfvars b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/variables.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/vpc.tf b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/vpc.tf
new file mode 100644
index 000000000..0fb01e6d1
--- /dev/null
+++ b/terraform/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red/vpc.tf
@@ -0,0 +1,32 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "508_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 0
+    to_port     = 65535
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/error.html b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/error.html
new file mode 100644
index 000000000..0dc6ed2a4
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/index.html b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/index.html
new file mode 100644
index 000000000..c9f26384a
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/provider.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/provider.tf
new file mode 100644
index 000000000..d20b96229
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-510-route53_hosted_zone_records_health_check_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/route53.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/route53.tf
new file mode 100644
index 000000000..4ba5848c5
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/route53.tf
@@ -0,0 +1,53 @@
+resource "aws_route53_zone" "this" {
+  name = "510-route53-zone-green.rule"
+}
+
+
+resource "aws_route53_record" "this1" {
+  zone_id = aws_route53_zone.this.zone_id
+  name    = aws_route53_zone.this.name
+  type    = "A"
+
+  alias {
+    name                   = aws_s3_bucket_website_configuration.this.website_domain
+    zone_id                = aws_s3_bucket.this.hosted_zone_id
+    evaluate_target_health = false
+  }
+}
+
+resource "aws_route53_record" "this2" {
+  zone_id         = aws_route53_zone.this.zone_id
+  name            = aws_route53_zone.this.name
+  type            = "AAAA"
+  set_identifier  = "510_record_green"
+  health_check_id = aws_route53_health_check.this.id
+  ttl             = 300
+  records         = ["1111::1111"]
+  weighted_routing_policy {
+    weight = 200
+  }
+}
+
+resource "aws_route53_record" "this3" {
+  zone_id         = aws_route53_zone.this.zone_id
+  name            = aws_route53_zone.this.name
+  type            = "MX"
+  set_identifier  = "510_record_green"
+  health_check_id = aws_route53_health_check.this.id
+  ttl             = 300
+  records         = ["10 mailhost1.example.com"]
+  geolocation_routing_policy {
+    country = "UA"
+  }
+}
+
+resource "aws_route53_health_check" "this" {
+  reference_name    = "510_health_check_green"
+  ip_address        = "1.1.1.1"
+  port              = 80
+  type              = "HTTP"
+  resource_path     = "/"
+  failure_threshold = "5"
+  request_interval  = "30"
+  disabled          = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/s3.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/s3.tf
new file mode 100644
index 000000000..e6bfc762e
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/s3.tf
@@ -0,0 +1,57 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "www.510-domain-green.click"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+resource "aws_s3_bucket_website_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "error.html"
+  }
+}
+
+resource "aws_s3_object" "index" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "index.html"
+  source       = "index.html"
+  etag         = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "error.html"
+  source       = "error.html"
+  etag         = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["*"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/terraform.tfvars b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/variables.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/iam/510-policy.json b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/iam/510-policy.json
new file mode 100644
index 000000000..b664c1941
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/iam/510-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53:ListHostedZones",
+                "route53:ListResourceRecordSets"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/provider.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/provider.tf
new file mode 100644
index 000000000..ac45cb477
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-510-route53_hosted_zone_records_health_check_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/route53.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/route53.tf
new file mode 100644
index 000000000..a8d7d0000
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/route53.tf
@@ -0,0 +1,15 @@
+resource "aws_route53_zone" "this" {
+  name = "510-route53-zone-red.rule"
+}
+
+resource "aws_route53_record" "this3" {
+  zone_id = aws_route53_zone.this.zone_id
+  name    = aws_route53_zone.this.name
+  type    = "MX"
+  set_identifier = "510_record_red"
+  ttl = 300
+  records = ["10 mailhost1.example.com"]
+  geolocation_routing_policy{
+    country  = "UA"
+  }
+}
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/terraform.tfvars b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/variables.tf b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/kms.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/kms.tf
new file mode 100644
index 000000000..82833b1ce
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/kms.tf
@@ -0,0 +1,31 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt MSK"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/511-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/msk.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/msk.tf
new file mode 100644
index 000000000..ef98f7979
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/msk.tf
@@ -0,0 +1,23 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "511-msk-cluster-green"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+  encryption_info {
+    encryption_at_rest_kms_key_arn = aws_kms_key.this.arn
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..3d490dae0
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-511-msk_data_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/vpc.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/green/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/iam/511-policy.json b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/iam/511-policy.json
new file mode 100644
index 000000000..e013a0c5f
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/iam/511-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kafka:ListClusters",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/msk.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/msk.tf
new file mode 100644
index 000000000..367fc8422
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/msk.tf
@@ -0,0 +1,20 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "511-msk-cluster-red"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..b7915324f
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-511-msk_data_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/vpc.tf b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/msk.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/msk.tf
new file mode 100644
index 000000000..3c94b7876
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/msk.tf
@@ -0,0 +1,26 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "512-msk-cluster-green"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  encryption_info {
+      encryption_in_transit {
+          client_broker = "TLS"
+          in_cluster = true
+      }
+  }
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/provider.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/provider.tf
new file mode 100644
index 000000000..11b014c83
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-512-msk_encryption_in_transit_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/terraform.tfvars b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/variables.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/vpc.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/green/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/iam/512-policy.json b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/iam/512-policy.json
new file mode 100644
index 000000000..4a6094d7c
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/iam/512-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kafka:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/msk.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/msk.tf
new file mode 100644
index 000000000..8e7bce014
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/msk.tf
@@ -0,0 +1,26 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "512-msk-cluster-red"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  encryption_info {
+      encryption_in_transit {
+          client_broker = "TLS_PLAINTEXT"
+          in_cluster = true
+      }
+  }
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/provider.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/provider.tf
new file mode 100644
index 000000000..6c3901f77
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-512-msk_encryption_in_transit_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/terraform.tfvars b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/variables.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/vpc.tf b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-512-msk_encryption_in_transit_enabled/red/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/green/provider.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..84e5e45d2
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-513-route53_query_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/green/route53.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/green/route53.tf
new file mode 100644
index 000000000..922e0802e
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/green/route53.tf
@@ -0,0 +1,36 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/route53/${aws_route53_zone.this.name}"
+  retention_in_days = 30
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = [
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+    ]
+
+    resources = ["arn:aws:logs:*:*:log-group:/aws/route53/*"]
+
+    principals {
+      identifiers = ["route53.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_cloudwatch_log_resource_policy" "this" {
+  policy_document = data.aws_iam_policy_document.this.json
+  policy_name     = "cloudwatch_log_resource_policy_green_513"
+}
+
+resource "aws_route53_zone" "this" {
+  name = "513route53green.com"
+}
+
+resource "aws_route53_query_log" "this" {
+  depends_on = [aws_cloudwatch_log_resource_policy.this]
+
+  cloudwatch_log_group_arn = aws_cloudwatch_log_group.this.arn
+  zone_id                  = aws_route53_zone.this.zone_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-513-route53_query_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/green/variables.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/iam/513-policy.json b/terraform/ecc-aws-513-route53_query_logging_enabled/iam/513-policy.json
new file mode 100644
index 000000000..bbe92e64c
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/iam/513-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "route53:ListHostedZones",
+                "route53:ListQueryLoggingConfigs",
+                "route53:ListTagsForResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/red/provider.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..c99ee8a0c
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-513-route53_query_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/red/route53.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/red/route53.tf
new file mode 100644
index 000000000..31e070f19
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/red/route53.tf
@@ -0,0 +1,3 @@
+resource "aws_route53_zone" "this" {
+  name = "513route53red.com"
+}
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-513-route53_query_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-513-route53_query_logging_enabled/red/variables.tf b/terraform/ecc-aws-513-route53_query_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-513-route53_query_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/green/msk.tf b/terraform/ecc-aws-514-msk_logging_enabled/green/msk.tf
new file mode 100644
index 000000000..e9201086a
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/green/msk.tf
@@ -0,0 +1,32 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "514-log-group-green"
+}
+
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "514-msk-cluster-green"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+  logging_info {
+    broker_logs {
+      cloudwatch_logs {
+        enabled   = true
+        log_group = aws_cloudwatch_log_group.this.name
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/green/provider.tf b/terraform/ecc-aws-514-msk_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..9ca989b21
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-514-msk_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-514-msk_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/green/variables.tf b/terraform/ecc-aws-514-msk_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/green/vpc.tf b/terraform/ecc-aws-514-msk_logging_enabled/green/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/green/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/iam/514-policy.json b/terraform/ecc-aws-514-msk_logging_enabled/iam/514-policy.json
new file mode 100644
index 000000000..4a6094d7c
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/iam/514-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kafka:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/red/msk.tf b/terraform/ecc-aws-514-msk_logging_enabled/red/msk.tf
new file mode 100644
index 000000000..b89fb3d5e
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/red/msk.tf
@@ -0,0 +1,20 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "514-msk-cluster-red"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/red/provider.tf b/terraform/ecc-aws-514-msk_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..b3aaa8c3a
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-514-msk_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-514-msk_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/red/variables.tf b/terraform/ecc-aws-514-msk_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-514-msk_logging_enabled/red/vpc.tf b/terraform/ecc-aws-514-msk_logging_enabled/red/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-514-msk_logging_enabled/red/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..ed0cff436
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-515-rds_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/rds.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/rds.tf
new file mode 100644
index 000000000..6b1f7aa73
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/rds.tf
@@ -0,0 +1,52 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt RDS"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/515-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database515green"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+  storage_encrypted     = true
+  kms_key_id            = aws_kms_key.this.arn
+}
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/iam/515-policy.json b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/iam/515-policy.json
new file mode 100644
index 000000000..42c4af4cb
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/iam/515-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBInstances",
+                "kms:listAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..cfd11dbfa
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-515-rds_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/rds.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/rds.tf
new file mode 100644
index 000000000..4308cc31a
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/rds.tf
@@ -0,0 +1,18 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database515red"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+  storage_encrypted     = true
+}
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-515-rds_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..d8b972c27
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-516-sns_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/sns.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/sns.tf
new file mode 100644
index 000000000..8b26b8a5f
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/sns.tf
@@ -0,0 +1,17 @@
+resource "aws_sns_topic" "this" {
+  name              = "rule-516-green"
+  kms_master_key_id = aws_kms_key.this.arn
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt sns"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-516"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/iam/368-policy.json b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/iam/368-policy.json
new file mode 100644
index 000000000..04e7bc31f
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/iam/368-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "sns:GetTopicAttributes",
+				"sns:ListTagsForResource",
+				"sns:ListTopics",
+                "kms:DescribeKey",
+                "kms:listAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..23694dd83
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-516-sns_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/sns.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/sns.tf
new file mode 100644
index 000000000..3f201b435
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/sns.tf
@@ -0,0 +1,4 @@
+resource "aws_sns_topic" "this" {
+  name              = "rule-516-red"
+  kms_master_key_id = "alias/aws/sns"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/provider.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/provider.tf
new file mode 100644
index 000000000..34287b8e9
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-516-sns_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/sns.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/sns.tf
new file mode 100644
index 000000000..5b24a7cb0
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "this" {
+  name              = "rule-516-red1"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/terraform.tfvars b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/variables.tf b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-516-sns_encrypted_with_kms_cmk/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/provider.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..fe4f447a2
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-517-redshift_user_activity_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/redshift.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/redshift.tf
new file mode 100644
index 000000000..44cc1642e
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/redshift.tf
@@ -0,0 +1,33 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "redshift-517-green"
+  database_name                = "redshift_517_green_db"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+  cluster_parameter_group_name = aws_redshift_parameter_group.this.name
+
+  logging {
+    enable               = true
+    log_destination_type = "cloudwatch"
+    log_exports          = ["useractivitylog"]
+  }
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-redshift-517-green"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "enable_user_activity_logging"
+    value = "true"
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/variables.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..60bfeab50
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/iam/517-policy.json b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/iam/517-policy.json
new file mode 100644
index 000000000..ce78f41d7
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/iam/517-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+                "redshift:DescribeLoggingStatus",
+                "redshift:DescribeClusterParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/provider.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..6220bafef
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-517-redshift_user_activity_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/redshift.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/redshift.tf
new file mode 100644
index 000000000..1786492bb
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-517-red"
+  database_name       = "redshift_517_red_db"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/variables.tf b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..60bfeab50
--- /dev/null
+++ b/terraform/ecc-aws-517-redshift_user_activity_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/green/provider.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/green/provider.tf
new file mode 100644
index 000000000..bf29e1dd3
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-519-redshift_not_using_default_port"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/green/redshift.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/green/redshift.tf
new file mode 100644
index 000000000..f4b4b1f66
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/green/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier    = "c7n-519-redshift-green"
+  database_name         = "c7nredshiftred"
+  master_username       = "root"
+  master_password       = random_password.this.result
+  node_type             = "dc2.large"
+  skip_final_snapshot   = true
+  port                  = 5555
+}
+
+resource "random_password" "this" {
+  length      = 10
+  special     = true
+  min_numeric = 1
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/green/terraform.tfvars b/terraform/ecc-aws-519-redshift_not_using_default_port/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/green/variables.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json b/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
new file mode 100644
index 000000000..0240d8128
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/red/provider.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/red/provider.tf
new file mode 100644
index 000000000..aaf9de1d2
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-519-redshift_not_using_default_port"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/red/redshift.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/red/redshift.tf
new file mode 100644
index 000000000..69f0a0a58
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/red/redshift.tf
@@ -0,0 +1,14 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier    = "c7n-519-redshift-red"
+  database_name         = "c7nredshiftred"
+  master_username       = "root"
+  master_password       = random_password.this.result
+  node_type             = "dc2.large"
+  skip_final_snapshot   = true
+}
+
+resource "random_password" "this" {
+  length      = 10
+  special     = true
+  min_numeric = 1
+}
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/red/terraform.tfvars b/terraform/ecc-aws-519-redshift_not_using_default_port/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/red/variables.tf b/terraform/ecc-aws-519-redshift_not_using_default_port/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..b4e79934e
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-520-redshift_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/redshift.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/redshift.tf
new file mode 100644
index 000000000..81189becd
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/redshift.tf
@@ -0,0 +1,50 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-520-green"
+  database_name       = "redshiftgreen"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+  encrypted           = true
+  kms_key_id          = aws_kms_key.this.arn
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Redshift"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/520-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/iam/520-policy.json b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/iam/520-policy.json
new file mode 100644
index 000000000..b78f9dd95
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/iam/520-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..edf6bc623
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-520-redshift_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/redshift.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/redshift.tf
new file mode 100644
index 000000000..46a1c378d
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/redshift.tf
@@ -0,0 +1,17 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "redshift-520-red"
+  database_name       = "redshiftred"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+  encrypted = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  lower            = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-520-redshift_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/provider.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/provider.tf
new file mode 100644
index 000000000..dc80c4835
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-521-redshift_parameter_group_require_ssl"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/redshift.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/redshift.tf
new file mode 100644
index 000000000..85ed80886
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/redshift.tf
@@ -0,0 +1,25 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier                  = "c7n-521-redshift-green"
+  database_name                       = "redshift521green"
+  master_username                     = "root"
+  master_password                     = random_password.this.result
+  node_type                           = "dc2.large"
+  skip_final_snapshot                 = true
+  cluster_parameter_group_name        = aws_redshift_parameter_group.this.name
+}
+
+resource "aws_redshift_parameter_group" "this" {
+  name   = "parameter-group-521-green"
+  family = "redshift-1.0"
+
+  parameter {
+    name  = "require_ssl"
+    value = "true"
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/terraform.tfvars b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/variables.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/iam/521-policy.json b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/iam/521-policy.json
new file mode 100644
index 000000000..1ed73f99b
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/iam/521-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters",
+                "redshift:DescribeClusterParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/provider.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/provider.tf
new file mode 100644
index 000000000..b568ca181
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-521-redshift_parameter_group_require_ssl"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/redshift.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/redshift.tf
new file mode 100644
index 000000000..83fae6bcb
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/redshift.tf
@@ -0,0 +1,14 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-521-redshift-red"
+  database_name       = "redshift521red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/terraform.tfvars b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/variables.tf b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-521-redshift_parameter_group_require_ssl/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/provider.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/provider.tf
new file mode 100644
index 000000000..f42778a98
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-522-route53_transfer_lock_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/register-domain.json b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/register-domain.json
new file mode 100644
index 000000000..89d92e712
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "522-domain-green.click",
+    "DurationInYears": 1,
+    "AutoRenew": false,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/route53.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/route53.tf
new file mode 100644
index 000000000..300012c9f
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/route53.tf
@@ -0,0 +1,21 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+# After domain name was successfully registered, enable 'Transfer lock' manually.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "522-domain-green.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/terraform.tfvars b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/variables.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/iam/522-policy.json b/terraform/ecc-aws-522-route53_transfer_lock_enabled/iam/522-policy.json
new file mode 100644
index 000000000..280a3209e
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/iam/522-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "route53domains:ListDomains",
+                "route53domains:ListTagsForDomain"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/provider.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/provider.tf
new file mode 100644
index 000000000..8d52574ba
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-522-route53_transfer_lock_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/register-domain.json b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/register-domain.json
new file mode 100644
index 000000000..b3b08bc7a
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/register-domain.json
@@ -0,0 +1,41 @@
+{
+    "DomainName": "522-domain-red.click",
+    "DurationInYears": 1,
+    "AutoRenew": false,
+    "AdminContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "RegistrantContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "TechContact": {
+        "FirstName": "Enter_Name",
+        "LastName": "Enter_LastName",
+        "ContactType": "PERSON",
+        "AddressLine1": "30 Predslavynska",
+        "City": "Kyiv",
+        "CountryCode": "UA",
+        "ZipCode": "02000",
+        "PhoneNumber": "+380.123456789",
+        "Email": "example@gmail.com"
+    },
+    "PrivacyProtectAdminContact": false,
+    "PrivacyProtectRegistrantContact": false,
+    "PrivacyProtectTechContact": false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/route53.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/route53.tf
new file mode 100644
index 000000000..85ecde99a
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/route53.tf
@@ -0,0 +1,20 @@
+# Before deploying resources (registering domain) edit 'register-domain.json' file, enter valid values
+# After deploying the domain name, you should verify your email address. After you've verified it, it takes about 16-20 minutes to register it, you'll be notified at email that registration succeeded.
+
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws route53domains register-domain --cli-input-json file://register-domain.json"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = "aws route53domains delete-domain --domain-name ${local.domain_name}; aws  route53 delete-hosted-zone --id ${local.domain_name}"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+locals {
+  domain_name = "522-domain-red.click"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/terraform.tfvars b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/variables.tf b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-522-route53_transfer_lock_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/api.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/api.tf
new file mode 100644
index 000000000..4f69377bb
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/api.tf
@@ -0,0 +1,56 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi524Green"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi524Green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "apiGatewayStage524Green"
+  cache_cluster_enabled = true
+  cache_cluster_size    = "0.5"
+
+  access_log_settings{
+    destination_arn = aws_cloudwatch_log_group.this.arn
+    format = "$context.identity.sourceIp,$context.identity.caller,$context.identity.user,$context.requestTime,$context.httpMethod,$context.resourcePath,$context.protocol,$context.status,$context.responseLength,$context.requestId"
+  }
+
+  depends_on = [aws_cloudwatch_log_group.this]
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "524_log_group_green"
+  retention_in_days = 7
+}
+
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/provider.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..973081f19
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-524-rest_api_gateway_access_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/variables.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/iam/524-policy.json b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/iam/524-policy.json
new file mode 100644
index 000000000..d9f23055a
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/iam/524-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/api.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/api.tf
new file mode 100644
index 000000000..444c17639
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/api.tf
@@ -0,0 +1,60 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi524Red"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi524Red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "apiGatewayStage524Red"
+  cache_cluster_enabled = true
+  cache_cluster_size    = "0.5"
+
+  depends_on = [aws_cloudwatch_log_group.this]
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    logging_level   = "ERROR"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "524_log_group_red"
+  retention_in_days = 7
+}
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/provider.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..deb051f8e
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-526-cloudtrail_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/variables.tf b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-524-rest_api_gateway_access_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs-exec-task-role-policy.json b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs-exec-task-role-policy.json
new file mode 100644
index 000000000..3a4c83060
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs-exec-task-role-policy.json
@@ -0,0 +1,52 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ssmmessages:CreateControlChannel",
+                "ssmmessages:CreateDataChannel",
+                "ssmmessages:OpenControlChannel",
+                "ssmmessages:OpenDataChannel"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:CreateLogStream",
+                "logs:DescribeLogStreams",
+                "logs:PutLogEvents"
+            ],
+            "Resource": "arn:aws:logs:us-east-1:${account_id}:log-group:/aws/ecs/525_log_group_green:*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject"
+            ],
+            "Resource": "${bucket_arn}/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "${bucket_arn}"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kms:Decrypt"
+            ],
+            "Resource": "${kms_key_arn}"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs.tf
new file mode 100644
index 000000000..f2891421d
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/ecs.tf
@@ -0,0 +1,69 @@
+resource "aws_ecs_cluster" "this" {
+  name = "525_ecs_cluster_green"
+
+  configuration {
+    execute_command_configuration {
+      kms_key_id = aws_kms_key.this.arn
+      logging = "OVERRIDE"
+
+      log_configuration {
+        cloud_watch_encryption_enabled = true
+        cloud_watch_log_group_name   = aws_cloudwatch_log_group.this.name
+        s3_bucket_name               = aws_s3_bucket.this.id
+        s3_bucket_encryption_enabled = true
+        s3_key_prefix                = "exec-output"
+      }
+    }
+  }
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "525-ecs-task-green"
+  network_mode             = "awsvpc"
+  execution_role_arn       = aws_iam_role.task-execution-role.arn
+  task_role_arn            = aws_iam_role.task-role.arn
+  requires_compatibilities = ["FARGATE"]
+
+  cpu    = 256
+  memory = 512
+
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+          "name": "nginx",
+            "image": "nginx",
+            "linuxParameters": {
+                "initProcessEnabled": true
+            },            
+            "logConfiguration": {
+                "logDriver": "awslogs",
+                    "options": {
+                       "awslogs-group": "/aws/ecs/525_log_group_green",
+                       "awslogs-region": "us-east-1",
+                       "awslogs-stream-prefix": "container-stdout"
+                    }
+            }
+  }
+]
+TASK_DEFINITION
+
+  depends_on = [aws_cloudwatch_log_group.this,aws_s3_bucket.this,aws_iam_role.task-execution-role,aws_iam_role.task-role,aws_security_group.this]
+}
+
+resource "aws_ecs_service" "this" {
+  name                    = "ecs-service"
+  cluster                 = aws_ecs_cluster.this.id
+  task_definition         = aws_ecs_task_definition.this.arn
+  enable_ecs_managed_tags = true
+  desired_count           = 1
+  enable_execute_command  = true
+  launch_type             = "FARGATE"
+  platform_version        = "1.4.0"
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [data.aws_subnets.this.ids[0]]
+    assign_public_ip = true
+  }
+ 
+  depends_on = [aws_ecs_task_definition.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/iam.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/iam.tf
new file mode 100644
index 000000000..7730a75b5
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/iam.tf
@@ -0,0 +1,54 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_iam_role" "task-execution-role" {
+  name = "525_ecs-exec-task-execution-role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "task-execution-role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+  role       = aws_iam_role.task-execution-role.name
+}
+
+resource "aws_iam_role" "task-role" {
+  name = "525_ecs-exec-task-role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "task-role" {
+  name        = "525_ecs-exec-task-policy_green"
+  policy = templatefile("ecs-exec-task-role-policy.json", {bucket_arn = aws_s3_bucket.this.arn, account_id = data.aws_caller_identity.this.account_id,kms_key_arn = aws_kms_key.this.arn})
+}
+
+resource "aws_iam_role_policy_attachment" "task-role" {
+  policy_arn = aws_iam_policy.task-role.arn
+  role       = aws_iam_role.task-role.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/kms-policy.json b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/kms-policy.json
new file mode 100644
index 000000000..449b6f9eb
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/kms-policy.json
@@ -0,0 +1,34 @@
+{
+    "Version": "2012-10-17",
+       "Id": "key-default-1",
+       "Statement": [
+           {
+               "Sid": "Enable IAM User Permissions",
+               "Effect": "Allow",
+               "Principal": {
+                   "AWS": "arn:aws:iam::${account_id}:root"
+               },
+               "Action": "kms:*",
+               "Resource": "*"
+           },
+           {
+               "Effect": "Allow",
+               "Principal": {
+                   "Service": "logs.us-east-1.amazonaws.com"
+               },
+               "Action": [
+                   "kms:Encrypt*",
+                   "kms:Decrypt*",
+                   "kms:ReEncrypt*",
+                   "kms:GenerateDataKey*",
+                   "kms:Describe*"
+               ],
+               "Resource": "*",
+               "Condition": {
+                   "ArnEquals": {
+                       "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:us-east-1:${account_id}:log-group:/aws/ecs/525_log_group_green"
+                   }
+               }
+           }    
+       ]
+   }
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/provider.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..d5988b741
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/s3.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/s3.tf
new file mode 100644
index 000000000..b1e12aa6a
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/s3.tf
@@ -0,0 +1,37 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/ecs/525_log_group_green"
+  retention_in_days = 7
+  kms_key_id = aws_kms_key.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-525-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
+    }
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  deletion_window_in_days = 7
+  policy                  = templatefile("kms-policy.json", {account_id = data.aws_caller_identity.this.account_id})
+  is_enabled              = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/key-525"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/variables.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/vpc.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/vpc.tf
new file mode 100644
index 000000000..7d2f10dbb
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/green/vpc.tf
@@ -0,0 +1,50 @@
+data "aws_vpc" "default" {
+  default = true
+} 
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "availability-zone"
+    values = ["us-east-1a"]
+  }
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+resource "aws_security_group" "this" {
+  name   = "525_security_group_green"
+  vpc_id = data.aws_vpc.default.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+    ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["46.119.180.191/32"]
+  }
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/iam/525-policy.json b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/iam/525-policy.json
new file mode 100644
index 000000000..f9a17b259
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/iam/525-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:DescribeClusters",
+                "ecs:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs-exec-task-role-policy.json b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs-exec-task-role-policy.json
new file mode 100644
index 000000000..cc56d5808
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs-exec-task-role-policy.json
@@ -0,0 +1,31 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ssmmessages:CreateControlChannel",
+                "ssmmessages:CreateDataChannel",
+                "ssmmessages:OpenControlChannel",
+                "ssmmessages:OpenDataChannel"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": "*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:CreateLogStream",
+                "logs:DescribeLogStreams",
+                "logs:PutLogEvents"
+            ],
+            "Resource": "arn:aws:logs:us-east-1:${account_id}:log-group:/aws/ecs/525_log_group_red:*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs.tf
new file mode 100644
index 000000000..f716466ad
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/ecs.tf
@@ -0,0 +1,64 @@
+resource "aws_ecs_cluster" "this" {
+  name = "525_ecs_cluster_red"
+
+  configuration {
+    execute_command_configuration {
+      logging = "OVERRIDE"
+
+      log_configuration {
+        cloud_watch_log_group_name   = aws_cloudwatch_log_group.this.name
+      }
+    }
+  }
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "525-ecs-task-red"
+  network_mode             = "awsvpc"
+  execution_role_arn       = aws_iam_role.task-execution-role.arn
+  task_role_arn            = aws_iam_role.task-role.arn
+  requires_compatibilities = ["FARGATE"]
+
+  cpu    = 256
+  memory = 512
+
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+          "name": "nginx",
+            "image": "nginx",
+            "linuxParameters": {
+                "initProcessEnabled": true
+            },            
+            "logConfiguration": {
+                "logDriver": "awslogs",
+                    "options": {
+                       "awslogs-group": "/aws/ecs/525_log_group_red",
+                       "awslogs-region": "us-east-1",
+                       "awslogs-stream-prefix": "container-stdout"
+                    }
+            }
+  }
+]
+TASK_DEFINITION
+
+  depends_on = [aws_cloudwatch_log_group.this,aws_iam_role.task-execution-role,aws_iam_role.task-role,aws_security_group.this]
+}
+
+resource "aws_ecs_service" "this" {
+  name                    = "ecs-service"
+  cluster                 = aws_ecs_cluster.this.id
+  task_definition         = aws_ecs_task_definition.this.arn
+  enable_ecs_managed_tags = true
+  desired_count           = 1
+  enable_execute_command  = true
+  launch_type             = "FARGATE"
+  platform_version        = "1.4.0"
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [data.aws_subnets.this.ids[0]]
+    assign_public_ip = true
+  }
+ 
+  depends_on = [aws_ecs_task_definition.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/iam.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/iam.tf
new file mode 100644
index 000000000..bb9e63d3a
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/iam.tf
@@ -0,0 +1,81 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_iam_role" "this" {
+  name               = "525_role_red"
+  path               = "/"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["ec2.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "ssm_policy" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_role" "task-execution-role" {
+  name = "525_ecs-exec-task-execution-role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "task-execution-role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+  role       = aws_iam_role.task-execution-role.name
+}
+
+resource "aws_iam_role" "task-role" {
+  name = "525_ecs-exec-task-role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "task-role" {
+  name        = "525_ecs-exec-task-policy_red"
+  policy = templatefile("ecs-exec-task-role-policy.json", {account_id = data.aws_caller_identity.this.account_id })
+}
+
+resource "aws_iam_role_policy_attachment" "task-role" {
+  policy_arn = aws_iam_policy.task-role.arn
+  role       = aws_iam_role.task-role.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/provider.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..700c305c1
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/s3.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/s3.tf
new file mode 100644
index 000000000..466fa1d4f
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/s3.tf
@@ -0,0 +1,25 @@
+
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "/aws/ecs/525_log_group_red"
+  retention_in_days = 7
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-525-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm     = "AES256"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/variables.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/vpc.tf b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/vpc.tf
new file mode 100644
index 000000000..262338a56
--- /dev/null
+++ b/terraform/ecc-aws-525-ecs_exec_logging_encryption_enabled/red/vpc.tf
@@ -0,0 +1,50 @@
+data "aws_vpc" "default" {
+  default = true
+} 
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "availability-zone"
+    values = ["us-east-1a"]
+  }
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+resource "aws_security_group" "this" {
+  name   = "525_security_group_red"
+  vpc_id = data.aws_vpc.default.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+    ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["46.119.180.191/32"]
+  }
+
+  ingress {
+    description = "HTTP from VPC"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/api.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/api.tf
new file mode 100644
index 000000000..76602347c
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/api.tf
@@ -0,0 +1,66 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi526Green"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi526Green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "apiGatewayStage526Green"
+  cache_cluster_enabled = true
+  cache_cluster_size    = "0.5"
+
+  access_log_settings{
+    destination_arn = aws_cloudwatch_log_group.this.arn
+    format = "$context.identity.sourceIp,$context.identity.caller,$context.identity.user,$context.requestTime,$context.httpMethod,$context.resourcePath,$context.protocol,$context.status,$context.responseLength,$context.requestId"
+  }
+
+  depends_on = [aws_cloudwatch_log_group.this]
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    logging_level   = "ERROR"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "526_log_group_green"
+  retention_in_days = 7
+}
+
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..938277ddc
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-526-cloudtrail_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/iam/526-policy.json b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/iam/526-policy.json
new file mode 100644
index 000000000..d9f23055a
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/iam/526-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/api.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/api.tf
new file mode 100644
index 000000000..505bb5031
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/api.tf
@@ -0,0 +1,60 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    info = {
+      title   = "apiGatewayRestApi526Red"
+      version = "1.0"
+    }
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  name = "apiGatewayRestApi526Red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id         = aws_api_gateway_deployment.this.id
+  rest_api_id           = aws_api_gateway_rest_api.this.id
+  stage_name            = "apiGatewayStage526Red"
+  cache_cluster_enabled = true
+  cache_cluster_size    = "0.5"
+
+  depends_on = [aws_cloudwatch_log_group.this]
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    logging_level   = "OFF"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "526_log_group_red"
+  retention_in_days = 7
+}
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..deb051f8e
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-526-cloudtrail_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-526-rest_api_gateway_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/code.py b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/iam.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/iam.tf
new file mode 100644
index 000000000..dd78e4d9b
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "527_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "527_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_527_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/mwaa.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/mwaa.tf
new file mode 100644
index 000000000..485863b02
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/mwaa.tf
@@ -0,0 +1,64 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_527_green"
+  max_workers = 1
+  kms_key = aws_kms_key.this.arn
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "527-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-527"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..f921e4dbb
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-527-mwaa_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/vpc.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/vpc.tf
new file mode 100644
index 000000000..d169b8e72
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "343_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "343_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/iam/527-policy.json b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/iam/527-policy.json
new file mode 100644
index 000000000..0efc98c1d
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/iam/527-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/code.py b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/iam.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/iam.tf
new file mode 100644
index 000000000..dc98feccc
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "527_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "527_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_527_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/mwaa.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/mwaa.tf
new file mode 100644
index 000000000..991f0a436
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_527_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "527-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..4d6d2f897
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-527-mwaa_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/vpc.tf b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/vpc.tf
new file mode 100644
index 000000000..dcb247b50
--- /dev/null
+++ b/terraform/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "343_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "343_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
new file mode 100644
index 000000000..cb31072f9
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
@@ -0,0 +1,18 @@
+resource "aws_kinesis_video_stream" "this" {
+  name                    = "528_kinesis_stream_green"
+  data_retention_in_hours = 1
+  media_type              = "video/h264"
+  kms_key_id              = aws_kms_key.this.id
+}
+
+resource "aws_kms_key" "this" {
+  description             = "528_kms_key_green"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-528"
+  target_key_id = aws_kms_key.this.key_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..abcbdf64c
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
new file mode 100644
index 000000000..07922c10f
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kinesisvideo:ListStreams",
+                "tag:GetResources",
+                "kms:DescribeKey",
+                "kms:ListAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
new file mode 100644
index 000000000..65e1edc46
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
@@ -0,0 +1,5 @@
+resource "aws_kinesis_video_stream" "this" {
+  name                    = "528_kinesis_stream_red"
+  data_retention_in_hours = 1
+  media_type              = "video/h264"
+}
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..f6db06787
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/green/asg.tf b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/green/asg.tf
new file mode 100644
index 000000000..cebd20b0d
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/green/asg.tf
@@ -0,0 +1,7 @@
+# There is a bug where 'associate_public_ip_address' has a 3 states when terraform can only provide 2 states.
+
+# Use following command to create green infrastructure.
+aws autoscaling create-launch-configuration --launch-configuration-name 531_launch_template_green --image-id ami-06eecef118bbf9259 --instance-type t2.micro --no-associate-public-ip-address
+
+# Use following command to delete infrastructure.
+aws autoscaling delete-launch-configuration --launch-configuration-name 531_launch_template_green
\ No newline at end of file
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/iam/531-policy.json b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/iam/531-policy.json
new file mode 100644
index 000000000..a392f1292
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/iam/531-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeLaunchConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/asg.tf b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/asg.tf
new file mode 100644
index 000000000..39506fee9
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/asg.tf
@@ -0,0 +1,16 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix                 = "531_launch_configuration_red"
+  image_id                    = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  associate_public_ip_address = true
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/provider.tf b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/provider.tf
new file mode 100644
index 000000000..92ff896b9
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-531-autoscaling_launch_config_public_ip_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/terraform.tfvars b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/variables.tf b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/glue.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/glue.tf
new file mode 100644
index 000000000..68d202abf
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/glue.tf
@@ -0,0 +1,18 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "SSE-KMS"
+      sse_aws_kms_key_id      = aws_kms_key.this.arn
+    }
+
+    connection_password_encryption {
+      return_connection_password_encrypted = true
+      aws_kms_key_id                       = aws_kms_key.this.arn
+    }
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "532_kms_key_green"
+  deletion_window_in_days = 7
+}
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/provider.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/provider.tf
new file mode 100644
index 000000000..fa2fb3a50
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-532-glue_connection_passwords_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/terraform.tfvars b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/variables.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/iam/532-policy.json b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/iam/532-policy.json
new file mode 100644
index 000000000..298b8252f
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/iam/532-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetDataCatalogEncryptionSettings",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/glue.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/glue.tf
new file mode 100644
index 000000000..2e398ecd2
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/glue.tf
@@ -0,0 +1,17 @@
+resource "aws_glue_data_catalog_encryption_settings" "this" {
+  data_catalog_encryption_settings {
+    encryption_at_rest {
+      catalog_encryption_mode = "SSE-KMS"
+      sse_aws_kms_key_id      = aws_kms_key.this.arn
+    }
+
+    connection_password_encryption {
+      return_connection_password_encrypted = false
+    }
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "532_kms_key_red"
+  deletion_window_in_days = 7
+}
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/provider.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/provider.tf
new file mode 100644
index 000000000..0927ba8f2
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-532-glue_connection_passwords_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/terraform.tfvars b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/variables.tf b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-532-glue_connection_passwords_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/fsx.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/fsx.tf
new file mode 100644
index 000000000..f5dd6a1b5
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/fsx.tf
@@ -0,0 +1,19 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity            = 6000
+  subnet_ids                  = [data.aws_subnets.this.ids[0]]
+  deployment_type             = "PERSISTENT_1"
+  storage_type                = "HDD"
+  drive_cache_type            = "NONE"
+  per_unit_storage_throughput = 12
+  log_configuration {
+    level       = "WARN_ERROR"
+    destination = aws_cloudwatch_log_group.this.arn
+  }
+  tags = {
+    Name = "537-fsx_lustre_file_system-green"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "/aws/fsx/537_lustre_green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/provider.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..2e0be0345
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/variables.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/vpc.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/green/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/iam/537-policy.json b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/iam/537-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/iam/537-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/fsx.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/fsx.tf
new file mode 100644
index 000000000..6841b8393
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/fsx.tf
@@ -0,0 +1,11 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity            = 6000
+  subnet_ids                  = [data.aws_subnets.this.ids[0]]
+  deployment_type             = "PERSISTENT_1"
+  storage_type                = "HDD"
+  drive_cache_type            = "NONE"
+  per_unit_storage_throughput = 12
+  tags = {
+    Name = "537-fsx_lustre_file_system-red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/provider.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..f8922f9c5
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/variables.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/vpc.tf b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-537-fsx_lustre_logging_enabled/red/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/directory_service.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/directory_service.tf
new file mode 100644
index 000000000..a61cdb265
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/directory_service.tf
@@ -0,0 +1,14 @@
+# In order to create Green infrastructure, after "terraform apply" was executed, go to EC2 service -> Security Groups. 
+# Use a filter to choose the SG only from the created by terraform VPC, then choose the SG that ends to '_controllers'.
+# Edit the Source for all inbound rules. Change all "0.0.0.0/32" sources to IP address "10.0.2.1/24".
+
+resource "aws_directory_service_directory" "this" {
+  name     = "DirectoryService.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/iam.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/provider.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/provider.tf
new file mode 100644
index 000000000..bea9874ea
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-538-ds_directory_not_open_to_large_scope"
+      ComplianceStatus = "Green"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/terraform.tfvars b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/variables.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/vpc.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/vpc.tf
new file mode 100644
index 000000000..dbc2dec83
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/green/vpc.tf
@@ -0,0 +1,42 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id    = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/iam/538-policy.json b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/iam/538-policy.json
new file mode 100644
index 000000000..45a189a96
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/iam/538-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ds:ListTagsForResource",
+                "ds:DescribeDirectories",
+                "ec2:DescribeSecurityGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/directory_service.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/directory_service.tf
new file mode 100644
index 000000000..a41f98e9b
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/directory_service.tf
@@ -0,0 +1,11 @@
+
+resource "aws_directory_service_directory" "this" {
+  name     = "DirectoryService.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/iam.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/provider.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/provider.tf
new file mode 100644
index 000000000..244123920
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-538-ds_directory_not_open_to_large_scope"
+      ComplianceStatus = "Red"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/terraform.tfvars b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/variables.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/vpc.tf b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/vpc.tf
new file mode 100644
index 000000000..dbc2dec83
--- /dev/null
+++ b/terraform/ecc-aws-538-ds_directory_not_open_to_large_scope/red/vpc.tf
@@ -0,0 +1,42 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id    = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/fsx.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/fsx.tf
new file mode 100644
index 000000000..db5293d77
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/fsx.tf
@@ -0,0 +1,10 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this1.id]
+  automatic_backup_retention_days = 7
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  copy_tags_to_backups            = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/provider.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/provider.tf
new file mode 100644
index 000000000..2e0be0345
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/terraform.tfvars b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/variables.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/vpc.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/iam/539-policy.json b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/iam/539-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/iam/539-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/fsx.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/fsx.tf
new file mode 100644
index 000000000..19c630eb9
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/fsx.tf
@@ -0,0 +1,10 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this1.id]
+  automatic_backup_retention_days = 5
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  copy_tags_to_backups            = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/provider.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/provider.tf
new file mode 100644
index 000000000..f8922f9c5
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/terraform.tfvars b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/variables.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/vpc.tf b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/iam.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/provider.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/provider.tf
new file mode 100644
index 000000000..a9588862d
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-542-workspaces_maintenance_mode_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/terraform.tfvars b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/variables.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/vpc.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/vpc.tf
new file mode 100644
index 000000000..2ceaf7a86
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/vpc.tf
@@ -0,0 +1,57 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/workspace.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/workspace.tf
new file mode 100644
index 000000000..e109f4bed
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/green/workspace.tf
@@ -0,0 +1,25 @@
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  workspace_creation_properties {
+    enable_maintenance_mode             = true
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/iam/542-policy.json b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/iam/542-policy.json
new file mode 100644
index 000000000..3ea44bed1
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/iam/542-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaceDirectories",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/iam.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/provider.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/provider.tf
new file mode 100644
index 000000000..521ed9fc4
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-542-workspaces_maintenance_mode_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/terraform.tfvars b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/variables.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/vpc.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/vpc.tf
new file mode 100644
index 000000000..2ceaf7a86
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/vpc.tf
@@ -0,0 +1,57 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id       = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/workspace.tf b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/workspace.tf
new file mode 100644
index 000000000..2fd001a45
--- /dev/null
+++ b/terraform/ecc-aws-542-workspaces_maintenance_mode_enabled/red/workspace.tf
@@ -0,0 +1,25 @@
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  workspace_creation_properties {
+    enable_maintenance_mode             = false
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/cloudtrail.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/cloudtrail.tf
new file mode 100644
index 000000000..29f9a4db7
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/cloudtrail.tf
@@ -0,0 +1,64 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "547_cloudtrail_green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = false
+
+  event_selector {
+    include_management_events = false
+    read_write_type           = "WriteOnly"
+    data_resource {
+      type   = "AWS::Lambda::Function"
+      values = ["arn:aws:lambda"]
+    }
+  }
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-547-bucket-green"]
+  }
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-547-bucket-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
+
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-547-bucket-green"
+  force_destroy = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/provider.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/provider.tf
new file mode 100644
index 000000000..0cf959683
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-547-cloudtrail_logs_data_events"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/terraform.tfvars b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/variables.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/iam/547-policy.json b/terraform/ecc-aws-547-cloudtrail_logs_data_events/iam/547-policy.json
new file mode 100644
index 000000000..99a5e2e07
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/iam/547-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudtrail:GetEventSelectors",
+                "cloudtrail:DescribeTrails",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/cloudtrail.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/cloudtrail.tf
new file mode 100644
index 000000000..6f52903c2
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/cloudtrail.tf
@@ -0,0 +1,60 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "547_cloudtrail_red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = false
+
+  event_selector {
+    include_management_events = true
+    read_write_type           = "WriteOnly"
+  }
+  depends_on = [
+    aws_s3_bucket.this,
+    aws_s3_bucket_policy.this,
+  ]
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::c7n-547-bucket-red"]
+  }
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::c7n-547-bucket-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
+
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "c7n-547-bucket-red"
+  force_destroy = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/provider.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/provider.tf
new file mode 100644
index 000000000..975a090a6
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-547-cloudtrail_logs_data_events"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/terraform.tfvars b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/variables.tf b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-547-cloudtrail_logs_data_events/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/iam.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/provider.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/provider.tf
new file mode 100644
index 000000000..2e75b88d1
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-548-workspaces_storage_encrypted_with_cmk"
+      ComplianceStatus = "Green"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/terraform.tfvars b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/variables.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/vpc.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/vpc.tf
new file mode 100644
index 000000000..8bb52aaf0
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/vpc.tf
@@ -0,0 +1,86 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id    = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this3" {
+  name   = "workstation_security_group3"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/workspace.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/workspace.tf
new file mode 100644
index 000000000..eaa4ea756
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/green/workspace.tf
@@ -0,0 +1,64 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Administrator"
+
+  root_volume_encryption_enabled = true
+  user_volume_encryption_enabled = true
+  volume_encryption_key = aws_kms_key.this.arn
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt WorkSpaces"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/WorkSpacesKey"
+  target_key_id = aws_kms_key.this.key_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/iam/548-policy.json b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/iam/548-policy.json
new file mode 100644
index 000000000..ac4897f49
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/iam/548-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "workspaces:DescribeWorkspaces",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/iam.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/iam.tf
new file mode 100644
index 000000000..f5728abe9
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/iam.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "workspaces-default" {
+  name               = "workspaces_DefaultRole"
+  assume_role_policy = "${data.aws_iam_policy_document.workspaces.json}"
+}
+
+data "aws_iam_policy_document" "workspaces" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["workspaces.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "workspaces-default-self-service-access" {
+  role       = "${aws_iam_role.workspaces-default.name}"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/provider.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/provider.tf
new file mode 100644
index 000000000..10b8b9551
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-548-workspaces_storage_encrypted_with_cmk"
+      ComplianceStatus = "Red"
+
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/terraform.tfvars b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/variables.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/vpc.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/vpc.tf
new file mode 100644
index 000000000..8bb52aaf0
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/vpc.tf
@@ -0,0 +1,86 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+  enable_dns_support = true
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone_id       = "use1-az2"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_subnet" "this2" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone_id    = "use1-az4"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "workstation_security_group"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this2" {
+  name   = "workstation_security_group2"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "this3" {
+  name   = "workstation_security_group3"
+  vpc_id = aws_vpc.this.id
+
+
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this1.id
+  route_table_id = aws_route_table.this.id
+}
+
+resource "aws_route_table_association" "this2" {
+  subnet_id      = aws_subnet.this2.id
+  route_table_id = aws_route_table.this.id
+}
+
diff --git a/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/workspace.tf b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/workspace.tf
new file mode 100644
index 000000000..fbdda91a3
--- /dev/null
+++ b/terraform/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red/workspace.tf
@@ -0,0 +1,51 @@
+########################
+###   WARNING !!!    ###
+# This is a very expensive resource. Each WorkSpace will cost $7.25/month + $0.17/hour.
+
+
+data "aws_workspaces_bundle" "this" {
+  bundle_id = "wsb-8pmj7b7pq" 
+}
+
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  size     = "Small"
+
+  vpc_settings {
+    vpc_id     = aws_vpc.this.id
+    subnet_ids = [aws_subnet.this1.id, aws_subnet.this2.id]
+  }
+}
+
+resource "aws_workspaces_directory" "this" {
+  directory_id = aws_directory_service_directory.this.id
+  subnet_ids   = [aws_subnet.this1.id, aws_subnet.this2.id]
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_iam_role_policy_attachment.workspaces-default-self-service-access
+  ]
+}
+
+resource "aws_workspaces_workspace" "this" {
+  directory_id = aws_workspaces_directory.this.id
+  bundle_id    = data.aws_workspaces_bundle.this.id
+  user_name    = "Administrator"
+
+  root_volume_encryption_enabled = false
+  user_volume_encryption_enabled = true
+
+  workspace_properties {
+    compute_type_name                         = "VALUE"
+    user_volume_size_gib                      = 10
+    root_volume_size_gib                      = 80
+    running_mode                              = "AUTO_STOP"
+    running_mode_auto_stop_timeout_in_minutes = 60
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.workspaces-default-service-access,
+    aws_workspaces_directory.this
+  ]
+}
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/green/ami.tf b/terraform/ecc-aws-550-ami_without_tag_information/green/ami.tf
new file mode 100644
index 000000000..04653b0d9
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/green/ami.tf
@@ -0,0 +1,19 @@
+resource "aws_ami" "this" {
+  name                = "550_ami_green"
+  root_device_name    = "/dev/xvda"
+  
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    snapshot_id = aws_ebs_snapshot.this.id
+    volume_size = 10
+  }
+}
+
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 10
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/green/provider.tf b/terraform/ecc-aws-550-ami_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..2b2ebccbe
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-550-ami_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-550-ami_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/green/variables.tf b/terraform/ecc-aws-550-ami_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/iam/550-policy.json b/terraform/ecc-aws-550-ami_without_tag_information/iam/550-policy.json
new file mode 100644
index 000000000..d020bdb8a
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/iam/550-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeImages"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/red/ami.tf b/terraform/ecc-aws-550-ami_without_tag_information/red/ami.tf
new file mode 100644
index 000000000..37fa165f7
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/red/ami.tf
@@ -0,0 +1,19 @@
+resource "aws_ami" "this" {
+  name                = "550_ami_red"
+  root_device_name    = "/dev/xvda"
+  
+  ebs_block_device {
+    device_name = "/dev/xvda"
+    snapshot_id = aws_ebs_snapshot.this.id
+    volume_size = 8
+  }
+}
+
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id = aws_ebs_volume.this.id
+}
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/red/provider.tf b/terraform/ecc-aws-550-ami_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-550-ami_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-550-ami_without_tag_information/red/variables.tf b/terraform/ecc-aws-550-ami_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-550-ami_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/green/ebs.tf b/terraform/ecc-aws-551-ebs_without_tag_information/green/ebs.tf
new file mode 100644
index 000000000..12e280a46
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/green/ebs.tf
@@ -0,0 +1,4 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/green/provider.tf b/terraform/ecc-aws-551-ebs_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..8fd25e82d
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-551-ebs_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-551-ebs_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/green/variables.tf b/terraform/ecc-aws-551-ebs_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json b/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json
new file mode 100644
index 000000000..e69de29bb
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/red/ebs.tf b/terraform/ecc-aws-551-ebs_without_tag_information/red/ebs.tf
new file mode 100644
index 000000000..12e280a46
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/red/ebs.tf
@@ -0,0 +1,4 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/red/provider.tf b/terraform/ecc-aws-551-ebs_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-551-ebs_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/red/variables.tf b/terraform/ecc-aws-551-ebs_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/ebs.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/ebs.tf
new file mode 100644
index 000000000..ecdc6130b
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/ebs.tf
@@ -0,0 +1,9 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id   = aws_ebs_volume.this.id
+  description = "ebs_snapshot_552"
+}
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/provider.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..fcc025cf7
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-552-ebs_snapshot_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/variables.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/iam/552-policy.json b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/iam/552-policy.json
new file mode 100644
index 000000000..aa65e83e9
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/iam/552-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSnapshots"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/ebs.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/ebs.tf
new file mode 100644
index 000000000..7723e1bb5
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/ebs.tf
@@ -0,0 +1,10 @@
+resource "aws_ebs_volume" "this" {
+  availability_zone = "us-east-1a"
+  size              = 8
+}
+
+resource "aws_ebs_snapshot" "this" {
+  volume_id   = aws_ebs_volume.this.id
+  description = "ebs_snapshot_552"
+}
+
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/provider.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/variables.tf b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-552-ebs_snapshot_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/green/eip.tf b/terraform/ecc-aws-553-eip_without_tag_information/green/eip.tf
new file mode 100644
index 000000000..68e51d35c
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/green/eip.tf
@@ -0,0 +1,7 @@
+resource "aws_eip" "this" {
+    vpc      = true 
+    tags = {
+      CustodianRule    = "ecc-aws-553-eip_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/green/provider.tf b/terraform/ecc-aws-553-eip_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..708b05d4e
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/green/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-553-eip_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/green/variables.tf b/terraform/ecc-aws-553-eip_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/iam/533-policy.json b/terraform/ecc-aws-553-eip_without_tag_information/iam/533-policy.json
new file mode 100644
index 000000000..190a4aa41
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/iam/533-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeAddresses"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/red/eip.tf b/terraform/ecc-aws-553-eip_without_tag_information/red/eip.tf
new file mode 100644
index 000000000..602b78c31
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/red/eip.tf
@@ -0,0 +1,3 @@
+resource "aws_eip" "this" {
+    vpc = true 
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/red/provider.tf b/terraform/ecc-aws-553-eip_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..708b05d4e
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-553-eip_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-553-eip_without_tag_information/red/variables.tf b/terraform/ecc-aws-553-eip_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-553-eip_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/green/eni.tf b/terraform/ecc-aws-555-eni_without_tag_information/green/eni.tf
new file mode 100644
index 000000000..f8f3403ad
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/green/eni.tf
@@ -0,0 +1,14 @@
+resource "aws_network_interface" "this" {
+  subnet_id       = aws_subnet.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/green/provider.tf b/terraform/ecc-aws-555-eni_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..3b329f02e
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-555-eni_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-555-eni_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/green/variables.tf b/terraform/ecc-aws-555-eni_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json b/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
new file mode 100644
index 000000000..79ba9df95
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "Tag:GetResources",
+                "ec2:DescribeNetworkInterfaces"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/red/eni.tf b/terraform/ecc-aws-555-eni_without_tag_information/red/eni.tf
new file mode 100644
index 000000000..f8f3403ad
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/red/eni.tf
@@ -0,0 +1,14 @@
+resource "aws_network_interface" "this" {
+  subnet_id       = aws_subnet.this.id
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/red/provider.tf b/terraform/ecc-aws-555-eni_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-555-eni_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/red/variables.tf b/terraform/ecc-aws-555-eni_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-555-eni_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/ig.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/ig.tf
new file mode 100644
index 000000000..07b1d6890
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/ig.tf
@@ -0,0 +1,6 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/provider.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..0c912302f
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-556-internet_gateway_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/variables.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/iam/556-policy.json b/terraform/ecc-aws-556-internet_gateway_without_tag_information/iam/556-policy.json
new file mode 100644
index 000000000..5f776db1e
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/iam/556-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInternetGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/ig.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/ig.tf
new file mode 100644
index 000000000..07b1d6890
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/ig.tf
@@ -0,0 +1,6 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/provider.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/variables.tf b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-556-internet_gateway_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/ng.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/ng.tf
new file mode 100644
index 000000000..2f82d4445
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/ng.tf
@@ -0,0 +1,17 @@
+resource "aws_nat_gateway" "this" {
+  connectivity_type = "private"
+  subnet_id         = aws_subnet.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "this" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/provider.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..ed7f5e451
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-557-nat_gateway_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/variables.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/iam/557-policy.json b/terraform/ecc-aws-557-nat_gateway_without_tag_information/iam/557-policy.json
new file mode 100644
index 000000000..18db33427
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/iam/557-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNatGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/ng.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/ng.tf
new file mode 100644
index 000000000..2f82d4445
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/ng.tf
@@ -0,0 +1,17 @@
+resource "aws_nat_gateway" "this" {
+  connectivity_type = "private"
+  subnet_id         = aws_subnet.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "this" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/provider.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/variables.tf b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-557-nat_gateway_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/green/acl.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/green/acl.tf
new file mode 100644
index 000000000..a9c592a54
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/green/acl.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_network_acl" "this" {
+  vpc_id             = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/green/provider.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..41b7a423a
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-558-network_acl_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-558-network_acl_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/green/variables.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/iam/558-policy.json b/terraform/ecc-aws-558-network_acl_without_tag_information/iam/558-policy.json
new file mode 100644
index 000000000..b801ded71
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/iam/558-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkAcls"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/red/acl.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/red/acl.tf
new file mode 100644
index 000000000..a9c592a54
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/red/acl.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_network_acl" "this" {
+  vpc_id             = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/red/provider.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-558-network_acl_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-558-network_acl_without_tag_information/red/variables.tf b/terraform/ecc-aws-558-network_acl_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-558-network_acl_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/green/provider.tf b/terraform/ecc-aws-559-route_table_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..cabeefb2e
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-559-route_table_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/green/rt.tf b/terraform/ecc-aws-559-route_table_without_tag_information/green/rt.tf
new file mode 100644
index 000000000..1f9e337f1
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/green/rt.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-559-route_table_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/green/variables.tf b/terraform/ecc-aws-559-route_table_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/iam/559-policy.json b/terraform/ecc-aws-559-route_table_without_tag_information/iam/559-policy.json
new file mode 100644
index 000000000..ff24e60ab
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/iam/559-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeRouteTables"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/red/provider.tf b/terraform/ecc-aws-559-route_table_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/red/rt.tf b/terraform/ecc-aws-559-route_table_without_tag_information/red/rt.tf
new file mode 100644
index 000000000..1f9e337f1
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/red/rt.tf
@@ -0,0 +1,7 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-559-route_table_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-559-route_table_without_tag_information/red/variables.tf b/terraform/ecc-aws-559-route_table_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-559-route_table_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/green/provider.tf b/terraform/ecc-aws-560-security_group_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..3d8ce1aad
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-560-security_group_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/green/sg.tf b/terraform/ecc-aws-560-security_group_without_tag_information/green/sg.tf
new file mode 100644
index 000000000..e0517c58b
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/green/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name   = "560_security_group_green"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-560-security_group_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/green/variables.tf b/terraform/ecc-aws-560-security_group_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/iam/560-policy.json b/terraform/ecc-aws-560-security_group_without_tag_information/iam/560-policy.json
new file mode 100644
index 000000000..a4ece0982
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/iam/560-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSecurityGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/red/provider.tf b/terraform/ecc-aws-560-security_group_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/red/sg.tf b/terraform/ecc-aws-560-security_group_without_tag_information/red/sg.tf
new file mode 100644
index 000000000..8d724813f
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/red/sg.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+resource "aws_security_group" "this" {
+  name = "560_security_group_red"
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-560-security_group_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-560-security_group_without_tag_information/red/variables.tf b/terraform/ecc-aws-560-security_group_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-560-security_group_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/green/provider.tf b/terraform/ecc-aws-561-subnet_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..0c7e9f11e
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-561-subnet_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/green/subnet.tf b/terraform/ecc-aws-561-subnet_without_tag_information/green/subnet.tf
new file mode 100644
index 000000000..a98276b45
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/green/subnet.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+ resource "aws_subnet" "this" {
+   vpc_id     =  aws_vpc.this.id
+   cidr_block = "10.0.0.0/24"
+ }
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-561-subnet_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/green/variables.tf b/terraform/ecc-aws-561-subnet_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/iam/561-policy.json b/terraform/ecc-aws-561-subnet_without_tag_information/iam/561-policy.json
new file mode 100644
index 000000000..2fe48ec74
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/iam/561-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeSubnets"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/red/provider.tf b/terraform/ecc-aws-561-subnet_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/red/subnet.tf b/terraform/ecc-aws-561-subnet_without_tag_information/red/subnet.tf
new file mode 100644
index 000000000..a98276b45
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/red/subnet.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+ resource "aws_subnet" "this" {
+   vpc_id     =  aws_vpc.this.id
+   cidr_block = "10.0.0.0/24"
+ }
\ No newline at end of file
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-561-subnet_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-561-subnet_without_tag_information/red/variables.tf b/terraform/ecc-aws-561-subnet_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-561-subnet_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/provider.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..09ef5532a
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-562-transit_gateway_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/tg.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/tg.tf
new file mode 100644
index 000000000..68820bdf2
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/tg.tf
@@ -0,0 +1 @@
+resource "aws_ec2_transit_gateway" "this" {}
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/variables.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/iam/562-policy.json b/terraform/ecc-aws-562-transit_gateway_without_tag_information/iam/562-policy.json
new file mode 100644
index 000000000..b811f993f
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/iam/562-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeTransitGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/provider.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/tg.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/tg.tf
new file mode 100644
index 000000000..68820bdf2
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/tg.tf
@@ -0,0 +1 @@
+resource "aws_ec2_transit_gateway" "this" {}
diff --git a/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/variables.tf b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-562-transit_gateway_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/provider.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..80508b196
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-563-transit_gateway_attachment_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/tg.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/tg.tf
new file mode 100644
index 000000000..185293e73
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/tg.tf
@@ -0,0 +1,15 @@
+resource "aws_ec2_transit_gateway" "this" {}
+
+resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
+  subnet_ids         = [aws_subnet.this.id]
+  transit_gateway_id = aws_ec2_transit_gateway.this.id
+  vpc_id             = aws_vpc.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+ resource "aws_subnet" "this" {
+   vpc_id     =  aws_vpc.this.id
+   cidr_block = "10.0.0.0/24"
+ }
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/variables.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/iam/563-policy.json b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/iam/563-policy.json
new file mode 100644
index 000000000..7f037a573
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/iam/563-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeTransitGateways",
+                "ec2:DescribeTransitGatewayAttachments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/provider.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/tg.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/tg.tf
new file mode 100644
index 000000000..185293e73
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/tg.tf
@@ -0,0 +1,15 @@
+resource "aws_ec2_transit_gateway" "this" {}
+
+resource "aws_ec2_transit_gateway_vpc_attachment" "this" {
+  subnet_ids         = [aws_subnet.this.id]
+  transit_gateway_id = aws_ec2_transit_gateway.this.id
+  vpc_id             = aws_vpc.this.id
+}
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
+
+ resource "aws_subnet" "this" {
+   vpc_id     =  aws_vpc.this.id
+   cidr_block = "10.0.0.0/24"
+ }
\ No newline at end of file
diff --git a/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/variables.tf b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-563-transit_gateway_attachment_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/green/pc.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/pc.tf
new file mode 100644
index 000000000..143464127
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/pc.tf
@@ -0,0 +1,16 @@
+resource "aws_vpc_peering_connection" "this" {
+  peer_owner_id = data.aws_caller_identity.this.account_id
+  peer_vpc_id   = aws_vpc.vpc1.id
+  vpc_id        = aws_vpc.vpc2.id
+  auto_accept   = true
+}
+
+data "aws_caller_identity" "this" {}
+
+resource "aws_vpc" "vpc1" {
+  cidr_block = "10.1.0.0/16"
+}
+
+resource "aws_vpc" "vpc2" {
+  cidr_block = "10.2.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/green/provider.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..89df54feb
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-564-peering_connection_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/green/variables.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/iam/564-policy.json b/terraform/ecc-aws-564-peering_connection_without_tag_information/iam/564-policy.json
new file mode 100644
index 000000000..4f11c6280
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/iam/564-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcPeeringConnections"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/red/pc.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/pc.tf
new file mode 100644
index 000000000..143464127
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/pc.tf
@@ -0,0 +1,16 @@
+resource "aws_vpc_peering_connection" "this" {
+  peer_owner_id = data.aws_caller_identity.this.account_id
+  peer_vpc_id   = aws_vpc.vpc1.id
+  vpc_id        = aws_vpc.vpc2.id
+  auto_accept   = true
+}
+
+data "aws_caller_identity" "this" {}
+
+resource "aws_vpc" "vpc1" {
+  cidr_block = "10.1.0.0/16"
+}
+
+resource "aws_vpc" "vpc2" {
+  cidr_block = "10.2.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/red/provider.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-564-peering_connection_without_tag_information/red/variables.tf b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-564-peering_connection_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/green/provider.tf b/terraform/ecc-aws-565-vpc_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..bbf68fbb3
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-565-vpc_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-565-vpc_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/green/variables.tf b/terraform/ecc-aws-565-vpc_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/green/vpc.tf b/terraform/ecc-aws-565-vpc_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..516f2b984
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/green/vpc.tf
@@ -0,0 +1,3 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/iam/565-policy.json b/terraform/ecc-aws-565-vpc_without_tag_information/iam/565-policy.json
new file mode 100644
index 000000000..a67690e89
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/iam/565-policy.json
@@ -0,0 +1,11 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": "ec2:DescribeVpcs",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/red/provider.tf b/terraform/ecc-aws-565-vpc_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..f8359dc13
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/red/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
+
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-565-vpc_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/red/variables.tf b/terraform/ecc-aws-565-vpc_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-565-vpc_without_tag_information/red/vpc.tf b/terraform/ecc-aws-565-vpc_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..82361d733
--- /dev/null
+++ b/terraform/ecc-aws-565-vpc_without_tag_information/red/vpc.tf
@@ -0,0 +1,3 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/endpoint.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/endpoint.tf
new file mode 100644
index 000000000..8acb6be9f
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/endpoint.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc_endpoint" "this" {
+  vpc_id       = aws_vpc.this.id
+  service_name = "com.amazonaws.us-east-1.s3"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/provider.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..d7330acbe
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-566-vpc_endpoint_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
+
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/variables.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/iam/566-policy.json b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/iam/566-policy.json
new file mode 100644
index 000000000..541d6506b
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/iam/566-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVpcEndpointServiceConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/endpoint.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/endpoint.tf
new file mode 100644
index 000000000..8acb6be9f
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/endpoint.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc_endpoint" "this" {
+  vpc_id       = aws_vpc.this.id
+  service_name = "com.amazonaws.us-east-1.s3"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/provider.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..f8359dc13
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
+
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/variables.tf b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-566-vpc_endpoint_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/green/acm.tf b/terraform/ecc-aws-567-acm_without_tag_information/green/acm.tf
new file mode 100644
index 000000000..be8feb16c
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/green/acm.tf
@@ -0,0 +1,8 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "examplegreen.com"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/green/provider.tf b/terraform/ecc-aws-567-acm_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..f0a7e19c0
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-567-acm_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-567-acm_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/green/variables.tf b/terraform/ecc-aws-567-acm_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/iam/567-policy.json b/terraform/ecc-aws-567-acm_without_tag_information/iam/567-policy.json
new file mode 100644
index 000000000..1232ae9cd
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/iam/567-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/red/acm.tf b/terraform/ecc-aws-567-acm_without_tag_information/red/acm.tf
new file mode 100644
index 000000000..e995ef365
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/red/acm.tf
@@ -0,0 +1,8 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "examplered.com"
+  validation_method = "DNS"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/red/provider.tf b/terraform/ecc-aws-567-acm_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-567-acm_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-567-acm_without_tag_information/red/variables.tf b/terraform/ecc-aws-567-acm_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-567-acm_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/568-bucket-file.csv b/terraform/ecc-aws-568-app_flow_without_tag_information/green/568-bucket-file.csv
new file mode 100644
index 000000000..c3d01b570
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/568-bucket-file.csv
@@ -0,0 +1,3 @@
+title1,title2
+string11,string12
+string21,string22
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/appflow.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/green/appflow.tf
new file mode 100644
index 000000000..cef6697bf
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/appflow.tf
@@ -0,0 +1,41 @@
+resource "aws_appflow_flow" "this" {
+  name = "568-appflow-green"
+
+  source_flow_config {
+    connector_type = "S3"
+    source_connector_properties {
+      s3 {
+        bucket_name   = aws_s3_bucket.this.bucket
+        bucket_prefix = "source"
+      }
+    }
+  }
+
+  destination_flow_config {
+    connector_type = "S3"
+    destination_connector_properties {
+      s3 {
+        bucket_name = aws_s3_bucket.this.bucket
+        bucket_prefix = "destination"
+
+        s3_output_format_config {
+          file_type = "JSON"
+        }
+      }
+    }
+  }
+
+  task {
+    source_fields     = ["title1"]
+    task_type         = "Map"
+    destination_field = "title1"
+    connector_operator {
+      s3 = "NO_OP"
+    }
+
+  }
+
+  trigger_config {
+    trigger_type = "OnDemand"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/provider.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..747a1b7b7
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-568-app_flow_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/s3.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/green/s3.tf
new file mode 100644
index 000000000..a8ebe9e30
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/s3.tf
@@ -0,0 +1,52 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "568-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "source/568-bucket-file.csv"
+  source = "568-bucket-file.csv"
+}
+
+resource "aws_s3_object" "this2" {
+  bucket = aws_s3_bucket.this.id
+  key    = "destination/"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = <<EOF
+{
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Sid": "AllowAppFlowSourceActions",
+            "Principal": {
+                "Service": "appflow.amazonaws.com"
+            },
+            "Action": [
+                "s3:ListBucket",
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:AbortMultipartUpload",
+                "s3:ListMultipartUploadParts",
+                "s3:ListBucketMultipartUploads",
+                "s3:GetBucketAcl",
+                "s3:PutObjectAcl"
+            ],
+            "Resource": [
+                "arn:aws:s3:::568-bucket-green",
+                "arn:aws:s3:::568-bucket-green/*"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-568-app_flow_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/green/variables.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/iam/568-policy.json b/terraform/ecc-aws-568-app_flow_without_tag_information/iam/568-policy.json
new file mode 100644
index 000000000..33d4cfb0e
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/iam/568-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "appflow:DescribeFlow",
+                "appflow:ListFlows"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/568-bucket-file.csv b/terraform/ecc-aws-568-app_flow_without_tag_information/red/568-bucket-file.csv
new file mode 100644
index 000000000..c3d01b570
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/568-bucket-file.csv
@@ -0,0 +1,3 @@
+title1,title2
+string11,string12
+string21,string22
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/appflow.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/red/appflow.tf
new file mode 100644
index 000000000..bc37301e0
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/appflow.tf
@@ -0,0 +1,41 @@
+resource "aws_appflow_flow" "this" {
+  name = "568-appflow-red"
+
+  source_flow_config {
+    connector_type = "S3"
+    source_connector_properties {
+      s3 {
+        bucket_name   = aws_s3_bucket.this.bucket
+        bucket_prefix = "source"
+      }
+    }
+  }
+
+  destination_flow_config {
+    connector_type = "S3"
+    destination_connector_properties {
+      s3 {
+        bucket_name = aws_s3_bucket.this.bucket
+        bucket_prefix = "destination"
+
+        s3_output_format_config {
+          file_type = "JSON"
+        }
+      }
+    }
+  }
+
+  task {
+    source_fields     = ["title1"]
+    task_type         = "Map"
+    destination_field = "title1"
+    connector_operator {
+      s3 = "NO_OP"
+    }
+
+  }
+
+  trigger_config {
+    trigger_type = "OnDemand"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/provider.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..e6f50b18b
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+}
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/s3.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/red/s3.tf
new file mode 100644
index 000000000..6df29510a
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/s3.tf
@@ -0,0 +1,52 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "568-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "source/568-bucket-file.csv"
+  source = "568-bucket-file.csv"
+}
+
+resource "aws_s3_object" "this2" {
+  bucket = aws_s3_bucket.this.id
+  key    = "destination/"
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = <<EOF
+{
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Sid": "AllowAppFlowSourceActions",
+            "Principal": {
+                "Service": "appflow.amazonaws.com"
+            },
+            "Action": [
+                "s3:ListBucket",
+                "s3:GetObject",
+                "s3:PutObject",
+                "s3:AbortMultipartUpload",
+                "s3:ListMultipartUploadParts",
+                "s3:ListBucketMultipartUploads",
+                "s3:GetBucketAcl",
+                "s3:PutObjectAcl"
+            ],
+            "Resource": [
+                "arn:aws:s3:::568-bucket-red",
+                "arn:aws:s3:::568-bucket-red/*"
+            ]
+        }
+    ],
+    "Version": "2012-10-17"
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-568-app_flow_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-568-app_flow_without_tag_information/red/variables.tf b/terraform/ecc-aws-568-app_flow_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-568-app_flow_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/asg.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/asg.tf
new file mode 100644
index 000000000..0c3648493
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/asg.tf
@@ -0,0 +1,41 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "569_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "569-autoscaling_group-green"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  
+  tag {
+    key                 = "CustodianRule"
+    value               = "ecc-aws-569-auto_scaling_group_without_tag_information"
+    propagate_at_launch = true
+  }
+	  
+  tag {
+    key                 = "ComplianceStatus"
+    value               = "Green"
+    propagate_at_launch = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/provider.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..84eefe0a5
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-569-auto_scaling_group_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/variables.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/iam/569-policy.json b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/iam/569-policy.json
new file mode 100644
index 000000000..cf44f39ef
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/iam/569-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeAutoScalingGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/asg.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/asg.tf
new file mode 100644
index 000000000..0e464da3f
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/asg.tf
@@ -0,0 +1,30 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "569_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "569-autoscaling_group-red"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/provider.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/variables.tf b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-569-auto_scaling_group_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/cloudformation.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/cloudformation.tf
new file mode 100644
index 000000000..e68660dfe
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/cloudformation.tf
@@ -0,0 +1,30 @@
+resource "aws_cloudformation_stack" "this" {
+  name = "stack-574-green"
+
+  parameters = {
+    VPCCidr = "10.0.0.0/16"
+  }
+
+  template_body = <<STACK
+{
+  "Parameters" : {
+    "VPCCidr" : {
+      "Type" : "String",
+      "Default" : "10.0.0.0/16",
+      "Description" : "Enter the CIDR block for the VPC. Default is 10.0.0.0/16."
+    }
+  },
+  "Resources" : {
+    "myVpc": {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : { "Ref" : "VPCCidr" },
+        "Tags" : [
+          {"Key": "Name", "Value": "Primary_CF_VPC"}
+        ]
+      }
+    }
+  }
+}
+STACK
+}
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/provider.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..aa99afdb4
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-574-cloudformation_stacks_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/variables.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/iam/574-policy.json b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/iam/574-policy.json
new file mode 100644
index 000000000..ccb710c37
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/iam/574-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudformation:DescribeStacks"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/cloudformation.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/cloudformation.tf
new file mode 100644
index 000000000..73f8e531f
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/cloudformation.tf
@@ -0,0 +1,30 @@
+resource "aws_cloudformation_stack" "this" {
+  name = "stack-574-red"
+
+  parameters = {
+    VPCCidr = "10.0.0.0/16"
+  }
+
+  template_body = <<STACK
+{
+  "Parameters" : {
+    "VPCCidr" : {
+      "Type" : "String",
+      "Default" : "10.0.0.0/16",
+      "Description" : "Enter the CIDR block for the VPC. Default is 10.0.0.0/16."
+    }
+  },
+  "Resources" : {
+    "myVpc": {
+      "Type" : "AWS::EC2::VPC",
+      "Properties" : {
+        "CidrBlock" : { "Ref" : "VPCCidr" },
+        "Tags" : [
+          {"Key": "Name", "Value": "Primary_CF_VPC"}
+        ]
+      }
+    }
+  }
+}
+STACK
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/provider.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/variables.tf b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-574-cloudformation_stacks_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/cloudfront.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/cloudfront.tf
new file mode 100644
index 000000000..0a1ba5c3c
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-575-green"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myGreenS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled       = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/provider.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..3bf5cc424
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-575-cloudfront_distributions_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/variables.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/iam/575-policy.json b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/iam/575-policy.json
new file mode 100644
index 000000000..df3771a83
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/iam/575-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudfront:ListDistributions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/cloudfront.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/cloudfront.tf
new file mode 100644
index 000000000..da1eb3d69
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-575-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+  
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+ 
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/provider.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/variables.tf b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-575-cloudfront_distributions_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/cloudtrail.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/cloudtrail.tf
new file mode 100644
index 000000000..8c68f3e34
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/cloudtrail.tf
@@ -0,0 +1,51 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-578-green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = true
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-578-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-578-green"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-578-green/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/provider.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..7c00e551f
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-578-cloudtrail_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/variables.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json b/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
new file mode 100644
index 000000000..8b6e074a3
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "Tag:GetResources",
+                "cloudtrail:DescribeTrails"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/cloudtrail.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/cloudtrail.tf
new file mode 100644
index 000000000..971f89241
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/cloudtrail.tf
@@ -0,0 +1,53 @@
+data "aws_caller_identity" "this" {}
+
+resource "aws_cloudtrail" "this" {
+  name                          = "cloudtrail-578-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  include_global_service_events = true
+  is_multi_region_trail         = false
+  enable_logging                = true
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-578-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:GetBucketAcl"]
+    resources = ["arn:aws:s3:::bucket-578-red"]
+  }
+
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-578-red/AWSLogs/${data.aws_caller_identity.this.account_id}/*"]
+    condition {
+      test     = "StringEquals"
+      variable = "s3:x-amz-acl"
+      
+      values = [
+        "bucket-owner-full-control"
+      ]
+    }
+  }
+}
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/provider.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..0ba78dd11
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/variables.tf b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/green/codebuild.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/green/codebuild.tf
new file mode 100644
index 000000000..dce1c8894
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/green/codebuild.tf
@@ -0,0 +1,68 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "580-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "580_codebuilt_green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "580_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/green/provider.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..b676d220d
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-580-codebuild_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-580-codebuild_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/green/variables.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/iam/580-policy.json b/terraform/ecc-aws-580-codebuild_without_tag_information/iam/580-policy.json
new file mode 100644
index 000000000..a8327220a
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/iam/580-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codebuild:ListProjects",
+                "codebuild:BatchGetProjects",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/red/codebuild.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/red/codebuild.tf
new file mode 100644
index 000000000..5a02555c4
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/red/codebuild.tf
@@ -0,0 +1,68 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "580-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "580_codebuilt_red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "580_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/red/provider.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-580-codebuild_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-580-codebuild_without_tag_information/red/variables.tf b/terraform/ecc-aws-580-codebuild_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-580-codebuild_without_tag_information/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/dynamodb.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/dynamodb.tf
new file mode 100644
index 000000000..77ec9e2e5
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/dynamodb.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "this" {
+  name = "role_for_dax_582_green"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name       = "cluster-582-green"
+  iam_role_arn       = aws_iam_role.this.arn
+  node_type          = "dax.r4.large"
+  replication_factor = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/provider.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..336837de8
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-582-dax_clusters_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/variables.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/iam/582-policy.json b/terraform/ecc-aws-582-dax_clusters_without_tag_information/iam/582-policy.json
new file mode 100644
index 000000000..9db4e8d36
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/iam/582-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dax:DescribeClusters",
+                "dax:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/dax.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/dax.tf
new file mode 100644
index 000000000..70e07cb26
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/dax.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "this" {
+  name = "role_for_dax_582_red"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name       = "cluster-582-red"
+  iam_role_arn       = aws_iam_role.this.arn
+  node_type          = "dax.r4.large"
+  replication_factor = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/provider.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/variables.tf b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-582-dax_clusters_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/green/dlm.tf b/terraform/ecc-aws-583-dlm_without_tag_information/green/dlm.tf
new file mode 100644
index 000000000..53399253d
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/green/dlm.tf
@@ -0,0 +1,79 @@
+resource "aws_iam_role" "this" {
+  name = "iam-role-583-green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "dlm.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "iam-role-policy-583-green"
+  role = aws_iam_role.this.id
+
+  policy = <<EOF
+{
+   "Version": "2012-10-17",
+   "Statement": [
+      {
+         "Effect": "Allow",
+         "Action": [
+            "ec2:CreateSnapshot",
+            "ec2:CreateSnapshots",
+            "ec2:DeleteSnapshot",
+            "ec2:DescribeInstances",
+            "ec2:DescribeVolumes",
+            "ec2:DescribeSnapshots"
+         ],
+         "Resource": "*"
+      },
+      {
+         "Effect": "Allow",
+         "Action": [
+            "ec2:CreateTags"
+         ],
+         "Resource": "arn:aws:ec2:*::snapshot/*"
+      }
+   ]
+}
+EOF
+}
+
+resource "aws_dlm_lifecycle_policy" "this" {
+  description        = "dlm lifecycly policy 583 green"
+  execution_role_arn = aws_iam_role.this.arn
+  state              = "ENABLED"
+
+  policy_details {
+    resource_types = ["VOLUME"]
+
+    schedule {
+      name = "2 weeks of daily snapshots"
+
+      create_rule {
+        interval      = 24
+        interval_unit = "HOURS"
+        times         = ["23:45"]
+      }
+
+      retain_rule {
+        count = 14
+      }
+    }
+    target_tags = {
+      CustodianRule    = "ecc-aws-583-dlm_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/green/provider.tf b/terraform/ecc-aws-583-dlm_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..7b4faa935
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-583-dlm_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-583-dlm_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/green/variables.tf b/terraform/ecc-aws-583-dlm_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/iam/583-policy.json b/terraform/ecc-aws-583-dlm_without_tag_information/iam/583-policy.json
new file mode 100644
index 000000000..fbdd9ccc7
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/iam/583-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dlm:GetLifecyclePolicies",
+                "dlm:GetLifecyclePolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/red/dlm.tf b/terraform/ecc-aws-583-dlm_without_tag_information/red/dlm.tf
new file mode 100644
index 000000000..6ea4ce54d
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/red/dlm.tf
@@ -0,0 +1,82 @@
+resource "aws_iam_role" "this" {
+  name = "iam-role-583-red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "dlm.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "iam-role-policy-583-red"
+  role = aws_iam_role.this.id
+
+  policy = <<EOF
+{
+   "Version": "2012-10-17",
+   "Statement": [
+      {
+         "Effect": "Allow",
+         "Action": [
+            "ec2:CreateSnapshot",
+            "ec2:CreateSnapshots",
+            "ec2:DeleteSnapshot",
+            "ec2:DescribeInstances",
+            "ec2:DescribeVolumes",
+            "ec2:DescribeSnapshots"
+         ],
+         "Resource": "*"
+      },
+      {
+         "Effect": "Allow",
+         "Action": [
+            "ec2:CreateTags"
+         ],
+         "Resource": "arn:aws:ec2:*::snapshot/*"
+      }
+   ]
+}
+EOF
+}
+
+resource "aws_dlm_lifecycle_policy" "this" {
+  description        = "dlm lifecycle policy 583 red"
+  execution_role_arn = aws_iam_role.this.arn
+  state              = "ENABLED"
+
+  policy_details {
+    resource_types = ["VOLUME"]
+
+    schedule {
+      name = "2 weeks of daily snapshots"
+
+      create_rule {
+        interval      = 24
+        interval_unit = "HOURS"
+        times         = ["23:45"]
+      }
+
+      retain_rule {
+        count = 14
+      }
+
+      copy_tags = false
+    }
+
+    target_tags = {
+      CustodianRule    = "ecc-aws-583-dlm_without_tag_information"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/red/provider.tf b/terraform/ecc-aws-583-dlm_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..770bbd3d1
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-583-dlm_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-583-dlm_without_tag_information/red/variables.tf b/terraform/ecc-aws-583-dlm_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-583-dlm_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/green/dms.tf b/terraform/ecc-aws-584-dms_without_tag_information/green/dms.tf
new file mode 100644
index 000000000..65a560b91
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/green/dms.tf
@@ -0,0 +1,12 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage            = 5
+  apply_immediately            = true
+  publicly_accessible          = false
+  replication_instance_class   = "dms.t2.micro"
+  replication_instance_id      = "dms-replication-instance-584-green"
+  engine_version               = "3.4.6"
+  
+  depends_on = [
+    null_resource.this
+  ]
+}
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/green/iam.tf b/terraform/ecc-aws-584-dms_without_tag_information/green/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/green/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/green/provider.tf b/terraform/ecc-aws-584-dms_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..d17e72c0f
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-584-dms_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-584-dms_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/green/variables.tf b/terraform/ecc-aws-584-dms_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/iam/584-policy.json b/terraform/ecc-aws-584-dms_without_tag_information/iam/584-policy.json
new file mode 100644
index 000000000..088b6134e
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/iam/584-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dms:ListTagsForResource",
+                "dms:DescribeReplicationInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/red/dms.tf b/terraform/ecc-aws-584-dms_without_tag_information/red/dms.tf
new file mode 100644
index 000000000..fd0b288b9
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/red/dms.tf
@@ -0,0 +1,14 @@
+resource "aws_dms_replication_instance" "this" {
+  allocated_storage          = 5
+  apply_immediately          = true
+  availability_zone          = "us-east-1c"
+  publicly_accessible        = false
+  engine_version             = "3.4.6"
+  replication_instance_class = "dms.t2.micro"
+  replication_instance_id    = "dms-replication-instance-584-red"
+
+  depends_on = [
+    null_resource.this
+  ]
+
+}
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/red/iam.tf b/terraform/ecc-aws-584-dms_without_tag_information/red/iam.tf
new file mode 100644
index 000000000..72b1e1cc1
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/red/iam.tf
@@ -0,0 +1,53 @@
+data "aws_iam_policy_document" "dms_assume_role" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      identifiers = ["dms.amazonaws.com"]
+      type        = "Service"
+    }
+  }
+}
+
+resource "aws_iam_role" "dms-access-for-endpoint" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-access-for-endpoint"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-access-for-endpoint-AmazonDMSRedshiftS3Role" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"
+  role       = "${aws_iam_role.dms-access-for-endpoint.name}"
+}
+
+resource "aws_iam_role" "dms-cloudwatch-logs-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-cloudwatch-logs-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"
+  role       = "${aws_iam_role.dms-cloudwatch-logs-role.name}"
+}
+
+resource "aws_iam_role" "dms-vpc-role" {
+  assume_role_policy = "${data.aws_iam_policy_document.dms_assume_role.json}"
+  name               = "dms-vpc-role"
+}
+
+resource "aws_iam_role_policy_attachment" "dms-vpc-role-AmazonDMSVPCManagementRole" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"
+  role       = "${aws_iam_role.dms-vpc-role.name}"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "sleep 10"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [
+    aws_iam_role_policy_attachment.dms-access-for-endpoint-AmazonDMSRedshiftS3Role,
+    aws_iam_role_policy_attachment.dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole,
+    aws_iam_role_policy_attachment.dms-vpc-role-AmazonDMSVPCManagementRole,
+  ]  
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/red/provider.tf b/terraform/ecc-aws-584-dms_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-584-dms_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-584-dms_without_tag_information/red/variables.tf b/terraform/ecc-aws-584-dms_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-584-dms_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/green/ecs.tf b/terraform/ecc-aws-585-ecs_without_tag_information/green/ecs.tf
new file mode 100644
index 000000000..36a4c6a54
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/green/ecs.tf
@@ -0,0 +1,3 @@
+resource "aws_ecs_cluster" "this" {
+  name = "585_ecs_cluster_green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/green/provider.tf b/terraform/ecc-aws-585-ecs_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..29340a522
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-585-ecs_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-585-ecs_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/green/variables.tf b/terraform/ecc-aws-585-ecs_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/iam/585-policy.json b/terraform/ecc-aws-585-ecs_without_tag_information/iam/585-policy.json
new file mode 100644
index 000000000..06674a533
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/iam/585-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ecs:DescribeClusters",
+                "ecs:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/red/ecs.tf b/terraform/ecc-aws-585-ecs_without_tag_information/red/ecs.tf
new file mode 100644
index 000000000..b2c1b1937
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/red/ecs.tf
@@ -0,0 +1,3 @@
+resource "aws_ecs_cluster" "this" {
+  name = "585_ecs_cluster_red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/red/provider.tf b/terraform/ecc-aws-585-ecs_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-585-ecs_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-585-ecs_without_tag_information/red/variables.tf b/terraform/ecc-aws-585-ecs_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-585-ecs_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/green/eks.tf b/terraform/ecc-aws-586-eks_without_tag_information/green/eks.tf
new file mode 100644
index 000000000..f8ced9bd1
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/green/eks.tf
@@ -0,0 +1,58 @@
+resource "aws_eks_cluster" "this" {
+  name     = "586_eks_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-586-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/green/provider.tf b/terraform/ecc-aws-586-eks_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..aa5543160
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-586-eks_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-586-eks_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/green/variables.tf b/terraform/ecc-aws-586-eks_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/iam/586-policy.json b/terraform/ecc-aws-586-eks_without_tag_information/iam/586-policy.json
new file mode 100644
index 000000000..720934ee2
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/iam/586-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "eks:DescribeCluster",
+                "eks:ListClusters",
+                "ec2:DescribeVpcs"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/red/eks.tf b/terraform/ecc-aws-586-eks_without_tag_information/red/eks.tf
new file mode 100644
index 000000000..19424e13c
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/red/eks.tf
@@ -0,0 +1,59 @@
+resource "aws_eks_cluster" "this" {
+  name     = "586_eks_cluster_red"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-cluster-586-red"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/red/provider.tf b/terraform/ecc-aws-586-eks_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..0ba78dd11
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-586-eks_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-586-eks_without_tag_information/red/variables.tf b/terraform/ecc-aws-586-eks_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-586-eks_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/green/efs.tf b/terraform/ecc-aws-587-efs_without_tag_information/green/efs.tf
new file mode 100644
index 000000000..247111a3f
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/green/efs.tf
@@ -0,0 +1,3 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "587_efs_green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/green/provider.tf b/terraform/ecc-aws-587-efs_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..543f19cb7
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-587-efs_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-587-efs_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/green/variables.tf b/terraform/ecc-aws-587-efs_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/iam/587-policy.json b/terraform/ecc-aws-587-efs_without_tag_information/iam/587-policy.json
new file mode 100644
index 000000000..22d89a46b
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/iam/587-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "elasticfilesystem:DescribeFileSystems",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/red/efs.tf b/terraform/ecc-aws-587-efs_without_tag_information/red/efs.tf
new file mode 100644
index 000000000..f2964a2eb
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/red/efs.tf
@@ -0,0 +1,3 @@
+resource "aws_efs_file_system" "this" {
+  creation_token = "587_efs_red"
+}
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/red/provider.tf b/terraform/ecc-aws-587-efs_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-587-efs_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-587-efs_without_tag_information/red/variables.tf b/terraform/ecc-aws-587-efs_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-587-efs_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/elasticache.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/elasticache.tf
new file mode 100644
index 000000000..204a88ca7
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/elasticache.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "c7n-588-elasticache-cluster-green"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-588-elasticache-group-green"
+  description                   = "588_elasticache_group_green"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+  port                          = 6379
+}
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/provider.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..c0bcf3fb5
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-588-elasticache_clusters_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/variables.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/iam/588-policy.json b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/iam/588-policy.json
new file mode 100644
index 000000000..51960c3c7
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/iam/588-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/elasticache.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/elasticache.tf
new file mode 100644
index 000000000..793affd24
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/elasticache.tf
@@ -0,0 +1,12 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id           = "c7n-588-elasticache-cluster-red"
+  replication_group_id = aws_elasticache_replication_group.this.id
+}
+
+resource "aws_elasticache_replication_group" "this" {
+  engine                        = "redis"
+  replication_group_id          = "c7n-588-elasticache-group-red"
+  description                   = "588_elasticache_group_red"
+  node_type                     = "cache.t2.micro"
+  num_cache_clusters            = 1
+}
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/provider.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/variables.tf b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-588-elasticache_clusters_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/green/elastic_beanstalk.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/elastic_beanstalk.tf
new file mode 100644
index 000000000..4f6cb08d4
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/elastic_beanstalk.tf
@@ -0,0 +1,21 @@
+resource "aws_elastic_beanstalk_application" "this" {
+  name        = "590_application_green"
+  description = "590_application_green"
+}
+
+resource "aws_elastic_beanstalk_environment" "this" {
+  name                = "environment-590-green"
+  application         = aws_elastic_beanstalk_application.this.name
+  solution_stack_name = "64bit Amazon Linux 2 v3.3.7 running Python 3.8"
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:healthreporting:system"
+    name      = "SystemType"
+    value     = "basic"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/green/provider.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..1e7141515
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-590-beanstalk_application_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/green/variables.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/iam/590-policy.json b/terraform/ecc-aws-590-beanstalk_without_tag_information/iam/590-policy.json
new file mode 100644
index 000000000..a01c5b538
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/iam/590-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticbeanstalk:DescribeEnvironments",
+                "elasticbeanstalk:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/red/elastic_beanstalk.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/elastic_beanstalk.tf
new file mode 100644
index 000000000..b2202d6d1
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/elastic_beanstalk.tf
@@ -0,0 +1,21 @@
+resource "aws_elastic_beanstalk_application" "this" {
+  name        = "590_application_red"
+  description = "590_application_red"
+}
+
+resource "aws_elastic_beanstalk_environment" "this" {
+  name                = "environment-590-red"
+  application         = aws_elastic_beanstalk_application.this.name
+  solution_stack_name = "64bit Amazon Linux 2 v3.3.7 running Python 3.8"
+
+  setting {
+    namespace = "aws:autoscaling:launchconfiguration"
+    name      = "IamInstanceProfile"
+    value     = "aws-elasticbeanstalk-ec2-role"
+  }
+  setting {
+    namespace = "aws:elasticbeanstalk:healthreporting:system"
+    name      = "SystemType"
+    value     = "basic"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/red/provider.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-590-beanstalk_without_tag_information/red/variables.tf b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-590-beanstalk_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/green/elb.tf b/terraform/ecc-aws-591-elb_without_tag_information/green/elb.tf
new file mode 100644
index 000000000..066d429e4
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/green/elb.tf
@@ -0,0 +1,40 @@
+resource "aws_elb" "this" {
+  name            = "elb-591-green"
+  security_groups = [aws_security_group.group.id]
+  subnets         = [aws_subnet.subnet.id]
+  internal        = true
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_security_group" "group" {
+  name   = "591_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/green/provider.tf b/terraform/ecc-aws-591-elb_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..5979b3bf3
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-591-elb_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-591-elb_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/green/variables.tf b/terraform/ecc-aws-591-elb_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/iam/591-policy.json b/terraform/ecc-aws-591-elb_without_tag_information/iam/591-policy.json
new file mode 100644
index 000000000..ecbc5e1c8
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/iam/591-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/red/elb.tf b/terraform/ecc-aws-591-elb_without_tag_information/red/elb.tf
new file mode 100644
index 000000000..7da21f746
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/red/elb.tf
@@ -0,0 +1,40 @@
+resource "aws_elb" "this" {
+  name            = "elb-591-red"
+  security_groups = [aws_security_group.group.id]
+  subnets         = [aws_subnet.subnet.id]
+  internal        = true
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_security_group" "group" {
+  name   = "591_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/red/provider.tf b/terraform/ecc-aws-591-elb_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-591-elb_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-591-elb_without_tag_information/red/variables.tf b/terraform/ecc-aws-591-elb_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-591-elb_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/emr.tf b/terraform/ecc-aws-592-emr_without_tag_information/green/emr.tf
new file mode 100644
index 000000000..daaf18ecb
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/emr.tf
@@ -0,0 +1,36 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "592_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "592_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "592_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/iam.tf b/terraform/ecc-aws-592-emr_without_tag_information/green/iam.tf
new file mode 100644
index 000000000..764325f5d
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "592_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "592_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "592_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/provider.tf b/terraform/ecc-aws-592-emr_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..50f061731
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-592-emr_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-592-emr_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/variables.tf b/terraform/ecc-aws-592-emr_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/green/vpc.tf b/terraform/ecc-aws-592-emr_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..90641b678
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/green/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "592_vpc_green"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "592_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/iam/592-policy.json b/terraform/ecc-aws-592-emr_without_tag_information/iam/592-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/iam/592-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/emr.tf b/terraform/ecc-aws-592-emr_without_tag_information/red/emr.tf
new file mode 100644
index 000000000..f7a918db4
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/emr.tf
@@ -0,0 +1,36 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "592_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "592_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "592_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/iam.tf b/terraform/ecc-aws-592-emr_without_tag_information/red/iam.tf
new file mode 100644
index 000000000..58615ceb4
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "592_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "592_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "592_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/provider.tf b/terraform/ecc-aws-592-emr_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-592-emr_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/variables.tf b/terraform/ecc-aws-592-emr_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-592-emr_without_tag_information/red/vpc.tf b/terraform/ecc-aws-592-emr_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..892d6447f
--- /dev/null
+++ b/terraform/ecc-aws-592-emr_without_tag_information/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "592_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "592_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/elasticsearch.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/elasticsearch.tf
new file mode 100644
index 000000000..190efa981
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/elasticsearch.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-593-green"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/provider.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..e0d3bd19d
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-593-elasticsearch_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/variables.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/iam/593-policy.json b/terraform/ecc-aws-593-elasticsearch_without_tag_information/iam/593-policy.json
new file mode 100644
index 000000000..e7e730411
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/iam/593-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "es:ListDomainNames",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/elasticsearch.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/elasticsearch.tf
new file mode 100644
index 000000000..dd32f4e80
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/elasticsearch.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "elasticsearch-593-red"
+
+  ebs_options {
+    ebs_enabled = true
+    volume_size = "10"
+  }
+}
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/provider.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/variables.tf b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-593-elasticsearch_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/green/fsx.tf b/terraform/ecc-aws-596-fsx_without_tag_information/green/fsx.tf
new file mode 100644
index 000000000..7a2dac662
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/green/fsx.tf
@@ -0,0 +1,10 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this.id]
+  automatic_backup_retention_days = 0
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+
+}
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/green/provider.tf b/terraform/ecc-aws-596-fsx_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..61f4d61b6
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-596-fsx_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-596-fsx_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/green/variables.tf b/terraform/ecc-aws-596-fsx_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/green/vpc.tf b/terraform/ecc-aws-596-fsx_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..ecf2343ca
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/green/vpc.tf
@@ -0,0 +1,13 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/iam/596-policy.json b/terraform/ecc-aws-596-fsx_without_tag_information/iam/596-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/iam/596-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/red/fsx.tf b/terraform/ecc-aws-596-fsx_without_tag_information/red/fsx.tf
new file mode 100644
index 000000000..257ba1c59
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/red/fsx.tf
@@ -0,0 +1,9 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this.id]
+  automatic_backup_retention_days = 0
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+}
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/red/provider.tf b/terraform/ecc-aws-596-fsx_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-596-fsx_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/red/variables.tf b/terraform/ecc-aws-596-fsx_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-596-fsx_without_tag_information/red/vpc.tf b/terraform/ecc-aws-596-fsx_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..ecf2343ca
--- /dev/null
+++ b/terraform/ecc-aws-596-fsx_without_tag_information/red/vpc.tf
@@ -0,0 +1,13 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/fsx.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/fsx.tf
new file mode 100644
index 000000000..600cefcb3
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/fsx.tf
@@ -0,0 +1,14 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this1.id]
+  automatic_backup_retention_days = 5
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  copy_tags_to_backups            = true
+}
+
+resource "aws_fsx_backup" "this" {
+  file_system_id = aws_fsx_lustre_file_system.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/provider.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..e59eff09e
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-597-fsx_backup_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/variables.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/vpc.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/iam/597-policy.json b/terraform/ecc-aws-597-fsx_backup_without_tag_information/iam/597-policy.json
new file mode 100644
index 000000000..f16e24016
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/iam/597-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeBackups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/fsx.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/fsx.tf
new file mode 100644
index 000000000..600cefcb3
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/fsx.tf
@@ -0,0 +1,14 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [aws_subnet.this1.id]
+  automatic_backup_retention_days = 5
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  copy_tags_to_backups            = true
+}
+
+resource "aws_fsx_backup" "this" {
+  file_system_id = aws_fsx_lustre_file_system.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/provider.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/variables.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/vpc.tf b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..01631e173
--- /dev/null
+++ b/terraform/ecc-aws-597-fsx_backup_without_tag_information/red/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.166.0.0/16"
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "this1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.0.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "this2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "192.166.1.0/24"
+  availability_zone = "us-east-1b"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/green/glacier_vault.tf b/terraform/ecc-aws-599-glacier_without_tag_information/green/glacier_vault.tf
new file mode 100644
index 000000000..e79e2576b
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/green/glacier_vault.tf
@@ -0,0 +1,20 @@
+resource "aws_glacier_vault" "this" {
+  name = "599_glacier_vault_green"
+
+  access_policy = <<EOF
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Sid": "599_glacier_vault_green",
+          "Principal": "*",
+          "Effect": "Allow",
+          "Action": [
+             "glacier:ListVaults"
+          ],
+          "Resource": "arn:aws:glacier:us-east-1:111111111111:vaults/599_glacier_vault_green"
+       }
+    ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/green/provider.tf b/terraform/ecc-aws-599-glacier_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..02ca93863
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-599-glacier_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-599-glacier_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/green/variables.tf b/terraform/ecc-aws-599-glacier_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/iam/599-policy.json b/terraform/ecc-aws-599-glacier_without_tag_information/iam/599-policy.json
new file mode 100644
index 000000000..306e8198d
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/iam/599-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "glacier:ListVaults",
+                "glacier:ListTagsForVault"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/red/glacier_vault.tf b/terraform/ecc-aws-599-glacier_without_tag_information/red/glacier_vault.tf
new file mode 100644
index 000000000..668f5f8bb
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/red/glacier_vault.tf
@@ -0,0 +1,20 @@
+resource "aws_glacier_vault" "this" {
+  name = "599_glacier_vault_red"
+
+  access_policy = <<EOF
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Sid": "599_glacier_vault_red",
+          "Principal": "*",
+          "Effect": "Allow",
+          "Action": [
+             "glacier:ListVaults"
+          ],
+          "Resource": "arn:aws:glacier:us-east-1:111111111111:vaults/599_glacier_vault_red"
+       }
+    ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/red/provider.tf b/terraform/ecc-aws-599-glacier_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-599-glacier_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-599-glacier_without_tag_information/red/variables.tf b/terraform/ecc-aws-599-glacier_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-599-glacier_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/glue.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/green/glue.tf
new file mode 100644
index 000000000..24ed6e291
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/glue.tf
@@ -0,0 +1,8 @@
+resource "aws_glue_job" "this" {
+  name     = "600_glue_job_green"
+  role_arn = aws_iam_role.this.arn
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/iam.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/green/iam.tf
new file mode 100644
index 000000000..4474d9a65
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "600_role_green"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "600_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-600-green/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/provider.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..2c897d583
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-600-glue_job_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/s3.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/green/s3.tf
new file mode 100644
index 000000000..93d050c1f
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-600-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/script.py b/terraform/ecc-aws-600-glue_job_without_tag_information/green/script.py
new file mode 100644
index 000000000..79cc4941b
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-600-green/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-600-green",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-600-glue_job_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/green/variables.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/iam/600-policy.json b/terraform/ecc-aws-600-glue_job_without_tag_information/iam/600-policy.json
new file mode 100644
index 000000000..317892da6
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/iam/600-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetJobs",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/glue.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/red/glue.tf
new file mode 100644
index 000000000..a3be7a767
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/glue.tf
@@ -0,0 +1,8 @@
+resource "aws_glue_job" "this" {
+  name     = "600_glue_job_red"
+  role_arn = aws_iam_role.this.arn
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/iam.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/red/iam.tf
new file mode 100644
index 000000000..100ef2d70
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "600_role_red"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "600_policy_red"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-600-red/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/provider.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..e6f50b18b
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+}
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/s3.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/red/s3.tf
new file mode 100644
index 000000000..08ed4a917
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-600-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/script.py b/terraform/ecc-aws-600-glue_job_without_tag_information/red/script.py
new file mode 100644
index 000000000..d12d24adb
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-600-red/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-600-red",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-600-glue_job_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-600-glue_job_without_tag_information/red/variables.tf b/terraform/ecc-aws-600-glue_job_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-600-glue_job_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/green/provider.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..2e2e23234
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-608-iam_user_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-608-iam_user_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/green/user.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/green/user.tf
new file mode 100644
index 000000000..082881b31
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/green/user.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_user" "this" {
+  name = "608_user_green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/green/variables.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/iam/608-policy.json b/terraform/ecc-aws-608-iam_user_without_tag_information/iam/608-policy.json
new file mode 100644
index 000000000..56429dcad
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/iam/608-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListUsers",
+                "iam:GetUser"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/red/provider.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-608-iam_user_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/red/user.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/red/user.tf
new file mode 100644
index 000000000..72b7dd0a1
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/red/user.tf
@@ -0,0 +1,3 @@
+resource "aws_iam_user" "this" {
+  name = "608_user_red"
+}
diff --git a/terraform/ecc-aws-608-iam_user_without_tag_information/red/variables.tf b/terraform/ecc-aws-608-iam_user_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-608-iam_user_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/green/provider.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..772af3db0
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-609-iam_role_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/green/role.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/green/role.tf
new file mode 100644
index 000000000..4babd6070
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/green/role.tf
@@ -0,0 +1,17 @@
+resource "aws_iam_role" "this" {
+  name = "609_role_green"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-609-iam_role_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/green/variables.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/iam/609-policy.json b/terraform/ecc-aws-609-iam_role_without_tag_information/iam/609-policy.json
new file mode 100644
index 000000000..e27086412
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/iam/609-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListRoles",
+                "iam:GetRole"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/red/provider.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/red/role.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/red/role.tf
new file mode 100644
index 000000000..d0780206d
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/red/role.tf
@@ -0,0 +1,17 @@
+resource "aws_iam_role" "this" {
+  name = "609_role_red"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-609-iam_role_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-609-iam_role_without_tag_information/red/variables.tf b/terraform/ecc-aws-609-iam_role_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-609-iam_role_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/msk.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/msk.tf
new file mode 100644
index 000000000..50870b4d5
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/msk.tf
@@ -0,0 +1,20 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "611-msk-cluster-green"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+  broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/provider.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..beb773596
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-611-msk_clusters_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/variables.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/vpc.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/green/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/iam/611-policy.json b/terraform/ecc-aws-611-msk_clusters_without_tag_information/iam/611-policy.json
new file mode 100644
index 000000000..4a6094d7c
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/iam/611-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kafka:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/msk.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/msk.tf
new file mode 100644
index 000000000..c9322feef
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/msk.tf
@@ -0,0 +1,20 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = "611-msk-cluster-red"
+  kafka_version          = "2.6.2"
+  number_of_broker_nodes = 3
+
+    broker_node_group_info {
+    instance_type = "kafka.t3.small"
+    client_subnets = [
+      aws_subnet.subnet_1.id,
+      aws_subnet.subnet_2.id,
+      aws_subnet.subnet_3.id,
+    ]
+    storage_info {
+      ebs_storage_info {
+        volume_size = 5
+      }
+    }
+    security_groups = [aws_security_group.this.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/provider.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..770bbd3d1
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/variables.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/vpc.tf b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..dcbe69d50
--- /dev/null
+++ b/terraform/ecc-aws-611-msk_clusters_without_tag_information/red/vpc.tf
@@ -0,0 +1,29 @@
+resource "aws_vpc" "this" {
+  cidr_block = "192.168.0.0/22"
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+resource "aws_subnet" "subnet_1" {
+  availability_zone = data.aws_availability_zones.this.names[0]
+  cidr_block        = "192.168.0.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_2" {
+  availability_zone = data.aws_availability_zones.this.names[1]
+  cidr_block        = "192.168.1.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_subnet" "subnet_3" {
+  availability_zone = data.aws_availability_zones.this.names[2]
+  cidr_block        = "192.168.2.0/24"
+  vpc_id            = aws_vpc.this.id
+}
+
+resource "aws_security_group" "this" {
+  vpc_id = aws_vpc.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/kinesis.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/kinesis.tf
new file mode 100644
index 000000000..c2cef9f88
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/kinesis.tf
@@ -0,0 +1,4 @@
+resource "aws_kinesis_stream" "this" {
+  name        = "613_kinesis1_stream_green"
+  shard_count = 1
+}
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/provider.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..01a196536
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-613-kinesis_data_stream_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/variables.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/iam/613-policy.json b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/iam/613-policy.json
new file mode 100644
index 000000000..8f11ee204
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/iam/613-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "kinesis:ListStreams",
+                "kinesis:DescribeStream",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/kinesis.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/kinesis.tf
new file mode 100644
index 000000000..99e38eb66
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/kinesis.tf
@@ -0,0 +1,4 @@
+resource "aws_kinesis_stream" "this" {
+  name        = "613_kinesis1_stream_red"
+  shard_count = 1
+}
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/provider.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/variables.tf b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-613-kinesis_data_stream_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/green/kms.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/green/kms.tf
new file mode 100644
index 000000000..468da95af
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/green/kms.tf
@@ -0,0 +1,33 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-615-green"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/green/provider.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..6b4a75bd3
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-615-kms_key_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-615-kms_key_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/green/variables.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/iam/615-policy.json b/terraform/ecc-aws-615-kms_key_without_tag_information/iam/615-policy.json
new file mode 100644
index 000000000..6120bfb28
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/iam/615-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "kms:ListKeys",
+                "tagging:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/red/kms.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/red/kms.tf
new file mode 100644
index 000000000..c263cdd65
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/red/kms.tf
@@ -0,0 +1,32 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-615-red"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/red/provider.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..708b05d4e
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-615-kms_key_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-615-kms_key_without_tag_information/red/variables.tf b/terraform/ecc-aws-615-kms_key_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-615-kms_key_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.py b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.py
new file mode 100644
index 000000000..76eda3b9a
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.py
@@ -0,0 +1,8 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.zip b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/lambda.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/lambda.tf
new file mode 100644
index 000000000..08d191060
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "616_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "616_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "616_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+}
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/provider.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..785288290
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-616-lambda_functions_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/variables.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/iam/616-policy.json b/terraform/ecc-aws-616-lambda_functions_without_tag_information/iam/616-policy.json
new file mode 100644
index 000000000..e94413fe2
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/iam/616-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "lambda:ListFunctions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.py b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.zip b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/lambda.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/lambda.tf
new file mode 100644
index 000000000..d7336f634
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "616_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "616_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "616_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+}
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/provider.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/variables.tf b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-616-lambda_functions_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/lightsail.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/lightsail.tf
new file mode 100644
index 000000000..4051c9b21
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/lightsail.tf
@@ -0,0 +1,17 @@
+resource "aws_lightsail_instance" "this" {
+  name              = "lightsail-instance-617-green"
+  availability_zone = "us-east-1b"
+  blueprint_id      = "amazon_linux_2"
+  bundle_id         = "nano_2_0"
+  key_pair_name     = aws_lightsail_key_pair.this.name
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_lightsail_key_pair" "this" {
+  name       = "key-pair-617-green"
+  public_key = tls_private_key.this.public_key_openssh
+}
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/provider.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..d35a7fac2
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-617-lightsail_instance_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }  
+}
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/variables.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/iam/617-policy.json b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/iam/617-policy.json
new file mode 100644
index 000000000..5dd4c959c
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/iam/617-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "lightsail:GetInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/lightsail.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/lightsail.tf
new file mode 100644
index 000000000..48c46741d
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/lightsail.tf
@@ -0,0 +1,17 @@
+resource "aws_lightsail_instance" "this" {
+  name              = "lightsail-instance-617-red"
+  availability_zone = "us-east-1b"
+  blueprint_id      = "amazon_linux_2"
+  bundle_id         = "nano_2_0"
+  key_pair_name     = aws_lightsail_key_pair.this.name
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_lightsail_key_pair" "this" {
+  name       = "key-pair-617-red"
+  public_key = tls_private_key.this.public_key_openssh
+}
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/provider.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..0ba78dd11
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/variables.tf b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-617-lightsail_instance_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/log_group.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/log_group.tf
new file mode 100644
index 000000000..af4feaade
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/log_group.tf
@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name       = "cloudwatch_618_log_group_green"
+}
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/provider.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..2156838e7
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-618-cloudwatch_log_groups_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/variables.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/iam/618-policy.json b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/iam/618-policy.json
new file mode 100644
index 000000000..d340fdbf0
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/iam/618-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/log_group.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/log_group.tf
new file mode 100644
index 000000000..26adf27a4
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/log_group.tf
@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "cloudwatch_618_log_group_red"
+}
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/provider.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..8b0392e06
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/provider.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+}
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/variables.tf b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/mq.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/mq.tf
new file mode 100644
index 000000000..8fbad9212
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/mq.tf
@@ -0,0 +1,17 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-619-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/provider.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..55d3307dd
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-619-mq_brokers_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/variables.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/iam/619-policy.json b/terraform/ecc-aws-619-mq_brokers_without_tag_information/iam/619-policy.json
new file mode 100644
index 000000000..76c2595f7
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/iam/619-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/mq.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/mq.tf
new file mode 100644
index 000000000..acb7f315c
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/mq.tf
@@ -0,0 +1,15 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-619-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+}
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/provider.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/variables.tf b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-619-mq_brokers_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/code.py b/terraform/ecc-aws-620-mwaa_without_tag_information/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/iam.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/green/iam.tf
new file mode 100644
index 000000000..d7cec2382
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "620_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "620_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_620_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/mwaa.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/green/mwaa.tf
new file mode 100644
index 000000000..6a8000190
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/mwaa.tf
@@ -0,0 +1,50 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_620_green"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "620-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/provider.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..b7489e23c
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-620-mwaa_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-620-mwaa_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/variables.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/green/vpc.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/green/vpc.tf
new file mode 100644
index 000000000..bda4d19db
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "620_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "787_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/iam/620-policy.json b/terraform/ecc-aws-620-mwaa_without_tag_information/iam/620-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/iam/620-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/code.py b/terraform/ecc-aws-620-mwaa_without_tag_information/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/iam.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/red/iam.tf
new file mode 100644
index 000000000..312d18980
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "620_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "620_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_620_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/mwaa.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/red/mwaa.tf
new file mode 100644
index 000000000..7fc0e3618
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_620_red"
+  max_workers        = 1
+  airflow_version    = "2.0.2"
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "620-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/provider.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-620-mwaa_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/variables.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-620-mwaa_without_tag_information/red/vpc.tf b/terraform/ecc-aws-620-mwaa_without_tag_information/red/vpc.tf
new file mode 100644
index 000000000..d8554d56b
--- /dev/null
+++ b/terraform/ecc-aws-620-mwaa_without_tag_information/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "620_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "620_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/provider.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..375a5f664
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-624-qldb_ledgers_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/qldb.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/qldb.tf
new file mode 100644
index 000000000..79b43c067
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/qldb.tf
@@ -0,0 +1,5 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-624-green"
+  permissions_mode    = "STANDARD"
+  deletion_protection = false
+}
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/variables.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/iam/624-policy.json b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/iam/624-policy.json
new file mode 100644
index 000000000..92c47a878
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/iam/624-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "qldb:DescribeLedger",
+                "qldb:ListLedgers",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/provider.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..0ba78dd11
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/qldb.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/qldb.tf
new file mode 100644
index 000000000..90f394280
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/qldb.tf
@@ -0,0 +1,5 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-624-red"
+  permissions_mode    = "STANDARD"
+  deletion_protection = false
+}
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/variables.tf b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-624-qldb_ledgers_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/cluster.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/cluster.tf
new file mode 100644
index 000000000..32ae82ca8
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-625-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.11.0"
+  database_name       = "cluster625green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/provider.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..1e700892d
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-625-rds_cluster_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/variables.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/iam/625-policy.json b/terraform/ecc-aws-625-rds_cluster_without_tag_information/iam/625-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/iam/625-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/cluster.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/cluster.tf
new file mode 100644
index 000000000..21c554c26
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-625-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.11.0"
+  database_name       = "cluster625red"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/provider.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/variables.tf b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-625-rds_cluster_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/provider.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..ae4302ffd
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-626-rds_snapshot_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/rds.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/rds.tf
new file mode 100644
index 000000000..15a64651c
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/rds.tf
@@ -0,0 +1,25 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+resource "aws_db_instance" "this" {
+  engine              = "mysql"
+  engine_version      = "5.7"
+  instance_class      = "db.t2.micro"
+  allocated_storage   = 10
+  storage_type        = "gp2"
+  db_name             = "database626green"
+  username            = "root"
+  password            = random_password.this.result
+  skip_final_snapshot = true
+  tags = {
+    Name = "626_db_instance_green"
+  }
+}
+
+resource "aws_db_snapshot" "this" {
+  db_instance_identifier = aws_db_instance.this.id
+  db_snapshot_identifier = "db626snapshopgreen"
+}
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/variables.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/iam/626-policy.json b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/iam/626-policy.json
new file mode 100644
index 000000000..0eb846af2
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/iam/626-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBSnapshots",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/provider.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/rds.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/rds.tf
new file mode 100644
index 000000000..f4da2086d
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/rds.tf
@@ -0,0 +1,25 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+resource "aws_db_instance" "this" {
+  engine              = "mysql"
+  engine_version      = "5.7"
+  instance_class      = "db.t2.micro"
+  allocated_storage   = 10
+  storage_type        = "gp2"
+  db_name             = "database626red"
+  username            = "root"
+  password            = random_password.this.result
+  skip_final_snapshot = true
+  tags = {
+    Name = "626_db_instance_red"
+  }
+}
+
+resource "aws_db_snapshot" "this" {
+  db_instance_identifier = aws_db_instance.this.id
+  db_snapshot_identifier = "db626snapshopred"
+}
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/variables.tf b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-626-rds_snapshot_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/provider.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..5b35495e1
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-627-redshift_clusters_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/redshift.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/redshift.tf
new file mode 100644
index 000000000..f73cbdf85
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "c7n-627-redshift-green"
+  database_name                = "c7nredshiftgreen"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  min_numeric      = 1
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/variables.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/iam/627-policy.json b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/iam/627-policy.json
new file mode 100644
index 000000000..4823a109a
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/iam/627-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/provider.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/redshift.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/redshift.tf
new file mode 100644
index 000000000..6c7f15e04
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/redshift.tf
@@ -0,0 +1,16 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier           = "c7n-627-redshift-red"
+  database_name                = "redshiftred"
+  master_username              = "root"
+  master_password              = random_password.this.result
+  node_type                    = "dc2.large"
+  skip_final_snapshot          = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  min_numeric      = 1
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/variables.tf b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-627-redshift_clusters_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/provider.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..f167aa3f5
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-630-sagemaker_instances_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/sagemaker.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/sagemaker.tf
new file mode 100644
index 000000000..89a2ee360
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/sagemaker.tf
@@ -0,0 +1,24 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "630-sagemaker-notebook-instance-green"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+}
+
+resource "aws_iam_role" "this" {
+  name = "630_role_green"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/variables.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/iam/630-policy.json b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/iam/630-policy.json
new file mode 100644
index 000000000..5ecf77bb8
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/iam/630-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/provider.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/sagemaker.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/sagemaker.tf
new file mode 100644
index 000000000..3811c72ca
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/sagemaker.tf
@@ -0,0 +1,24 @@
+resource "aws_sagemaker_notebook_instance" "this" {
+  name                   = "630-sagemaker-notebook-instance-red"
+  role_arn               = aws_iam_role.this.arn
+  instance_type          = "ml.t2.medium"
+}
+
+resource "aws_iam_role" "this" {
+  name = "630_role_red"
+
+  assume_role_policy = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "sagemaker.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/variables.tf b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-630-sagemaker_instances_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/green/provider.tf b/terraform/ecc-aws-632-sns_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..b3b332e4f
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-632-sns_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/green/sns.tf b/terraform/ecc-aws-632-sns_without_tag_information/green/sns.tf
new file mode 100644
index 000000000..3b62a0179
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/green/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "this" {
+  name = "sns-632-green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-632-sns_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/green/variables.tf b/terraform/ecc-aws-632-sns_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json b/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
new file mode 100644
index 000000000..9a057e9c9
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "SNS:ListTagsForResource",
+                "sns:ListTopics",
+                "SNS:GetTopicAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/red/provider.tf b/terraform/ecc-aws-632-sns_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/red/sns.tf b/terraform/ecc-aws-632-sns_without_tag_information/red/sns.tf
new file mode 100644
index 000000000..0511863d5
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/red/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "this" {
+  name = "sns-632-red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-632-sns_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/red/variables.tf b/terraform/ecc-aws-632-sns_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-632-sns_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/green/provider.tf b/terraform/ecc-aws-633-sqs_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..a66c96091
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-633-sqs_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/green/sqs.tf b/terraform/ecc-aws-633-sqs_without_tag_information/green/sqs.tf
new file mode 100644
index 000000000..1a05160a4
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/green/sqs.tf
@@ -0,0 +1,7 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "633_sqs_green"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-633-sqs_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/green/variables.tf b/terraform/ecc-aws-633-sqs_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/iam/633-policy.json b/terraform/ecc-aws-633-sqs_without_tag_information/iam/633-policy.json
new file mode 100644
index 000000000..00944359b
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/iam/633-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sqs:ListQueues",
+                "tag:GetResources",
+                "sqs:GetQueueAttributes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/red/provider.tf b/terraform/ecc-aws-633-sqs_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..aa5e66db4
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/red/sqs.tf b/terraform/ecc-aws-633-sqs_without_tag_information/red/sqs.tf
new file mode 100644
index 000000000..46dd0c322
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/red/sqs.tf
@@ -0,0 +1,7 @@
+resource "aws_sqs_queue" "this" {
+  name                      = "633_sqs_red"
+  delay_seconds             = 90
+  max_message_size          = 2048
+  message_retention_seconds = 86400
+  receive_wait_time_seconds = 10
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-633-sqs_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-633-sqs_without_tag_information/red/variables.tf b/terraform/ecc-aws-633-sqs_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-633-sqs_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/mq.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/mq.tf
new file mode 100644
index 000000000..9d34412b8
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/mq.tf
@@ -0,0 +1,31 @@
+resource "aws_mq_broker" "this" {
+  broker_name = "mq-broker-active-638-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.16.4"
+  host_instance_type         = "mq.t2.micro"
+  deployment_mode            = "ACTIVE_STANDBY_MULTI_AZ"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name = "mq-broker-rabbit-638-green"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.9.16"
+  host_instance_type         = "mq.m5.large"
+  deployment_mode            = "CLUSTER_MULTI_AZ"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_+[]{}?"
+}
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/provider.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/provider.tf
new file mode 100644
index 000000000..0cd1c20c8
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-638-mq_broker_active_deployment_mode"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/terraform.tfvars b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/variables.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/iam/638-policy.json b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/iam/638-policy.json
new file mode 100644
index 000000000..ec2a1e750
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/iam/638-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/mq.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/mq.tf
new file mode 100644
index 000000000..061691fff
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/mq.tf
@@ -0,0 +1,29 @@
+resource "aws_mq_broker" "this" {
+  broker_name = "mq-broker-active-638-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.16.4"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name = "mq-broker-rabbit-638-red"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.9.16"
+  host_instance_type         = "mq.t3.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_+[]{}?"
+}
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/provider.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/provider.tf
new file mode 100644
index 000000000..3c9923a3d
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-638-mq_broker_active_deployment_mode"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/terraform.tfvars b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/variables.tf b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-638-mq_broker_active_deployment_mode/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/green/mq.tf b/terraform/ecc-aws-639-mq_broker_latest_version/green/mq.tf
new file mode 100644
index 000000000..9e0b7b0d6
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/green/mq.tf
@@ -0,0 +1,29 @@
+resource "aws_mq_broker" "this" {
+  broker_name = "mq-broker-active-639-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.17.1"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name = "mq-broker-rabbit-639-green"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.10.10"
+  host_instance_type         = "mq.t3.micro"
+  publicly_accessible        = true
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_+[]{}?"
+}
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/green/provider.tf b/terraform/ecc-aws-639-mq_broker_latest_version/green/provider.tf
new file mode 100644
index 000000000..3c76284df
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-639-mq_brocker_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/green/terraform.tfvars b/terraform/ecc-aws-639-mq_broker_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/green/variables.tf b/terraform/ecc-aws-639-mq_broker_latest_version/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/iam/639-policy.json b/terraform/ecc-aws-639-mq_broker_latest_version/iam/639-policy.json
new file mode 100644
index 000000000..ec2a1e750
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/iam/639-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/red/mq.tf b/terraform/ecc-aws-639-mq_broker_latest_version/red/mq.tf
new file mode 100644
index 000000000..6caed18ce
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/red/mq.tf
@@ -0,0 +1,29 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-active-639-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_mq_broker" "this1" {
+  broker_name                = "mq-broker-rabbit-639-red"
+  engine_type                = "RabbitMQ"
+  engine_version             = "3.8.30"
+  host_instance_type         = "mq.t3.micro"
+  publicly_accessible        = true
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_+[]{}?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/red/provider.tf b/terraform/ecc-aws-639-mq_broker_latest_version/red/provider.tf
new file mode 100644
index 000000000..3fbfff3d2
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-639-mq_brocker_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/red/terraform.tfvars b/terraform/ecc-aws-639-mq_broker_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-639-mq_broker_latest_version/red/variables.tf b/terraform/ecc-aws-639-mq_broker_latest_version/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-639-mq_broker_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/mq.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/mq.tf
new file mode 100644
index 000000000..048ee7fd9
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/mq.tf
@@ -0,0 +1,56 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-640-green"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+ 
+  encryption_options {
+    kms_key_id        = aws_kms_key.this.arn
+    use_aws_owned_key = false
+  }
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt MQ"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/640-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..146b98f3d
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-640-mq_broker_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/iam/640-policy.json b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/iam/640-policy.json
new file mode 100644
index 000000000..207edce63
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/iam/640-policy.json
@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/mq.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/mq.tf
new file mode 100644
index 000000000..4ad7599fb
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/mq.tf
@@ -0,0 +1,22 @@
+resource "aws_mq_broker" "this" {
+  broker_name                = "mq-broker-640-red"
+  engine_type                = "ActiveMQ"
+  engine_version             = "5.15.9"
+  host_instance_type         = "mq.t2.micro"
+ 
+  encryption_options {
+    use_aws_owned_key = false
+  }
+
+  user {
+    username = "root"
+    password = random_password.this.result
+  }
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  number           = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..ce5f7921e
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-640-mq_broker_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/kinesis.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/kinesis.tf
new file mode 100644
index 000000000..b30398a58
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/kinesis.tf
@@ -0,0 +1,7 @@
+resource "aws_kinesis_stream" "this" {
+  name                = "641_kinesis_stream_green"
+  shard_count         = 1
+  shard_level_metrics = [
+    "ALL",
+  ]
+}
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/provider.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/provider.tf
new file mode 100644
index 000000000..e073038fe
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/terraform.tfvars b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/variables.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/iam/641-policy.json b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/iam/641-policy.json
new file mode 100644
index 000000000..8f11ee204
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/iam/641-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "kinesis:ListStreams",
+                "kinesis:DescribeStream",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/kinesis.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/kinesis.tf
new file mode 100644
index 000000000..d3ec41a10
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/kinesis.tf
@@ -0,0 +1,4 @@
+resource "aws_kinesis_stream" "this" {
+  name                = "641_kinesis_stream_red"
+  shard_count         = 1
+}
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/provider.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/provider.tf
new file mode 100644
index 000000000..94780486f
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/terraform.tfvars b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/variables.tf b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/provider.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/provider.tf
new file mode 100644
index 000000000..4c38d432b
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-643-qldb_permission_mode_is_standard"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/qldb.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/qldb.tf
new file mode 100644
index 000000000..623688c2d
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/qldb.tf
@@ -0,0 +1,4 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-643-green"
+  permissions_mode    = "STANDARD"
+}
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/terraform.tfvars b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/variables.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/iam/643-policy.json b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/iam/643-policy.json
new file mode 100644
index 000000000..92c47a878
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/iam/643-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "qldb:DescribeLedger",
+                "qldb:ListLedgers",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/provider.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/provider.tf
new file mode 100644
index 000000000..df38f2440
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-643-qldb_permission_mode_is_standard"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/qldb.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/qldb.tf
new file mode 100644
index 000000000..eceeea8fe
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/qldb.tf
@@ -0,0 +1,4 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-643-red"
+  permissions_mode    = "ALLOW_ALL"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/terraform.tfvars b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/variables.tf b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-643-qldb_permission_mode_is_standard/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/provider.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/provider.tf
new file mode 100644
index 000000000..091ccc4fa
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-644-qldb_deletion_protection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/qldb.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/qldb.tf
new file mode 100644
index 000000000..33f4e2edf
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/qldb.tf
@@ -0,0 +1,5 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-644-green"
+  permissions_mode    = "STANDARD"
+  deletion_protection = true
+}
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/terraform.tfvars b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/variables.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/iam/644-policy.json b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/iam/644-policy.json
new file mode 100644
index 000000000..92c47a878
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/iam/644-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "qldb:DescribeLedger",
+                "qldb:ListLedgers",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/provider.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/provider.tf
new file mode 100644
index 000000000..132500e6a
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/provider.tf
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-644-qldb_deletion_protection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+
+}
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/qldb.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/qldb.tf
new file mode 100644
index 000000000..2aee80ef4
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/qldb.tf
@@ -0,0 +1,5 @@
+resource "aws_qldb_ledger" "this" {
+  name                = "qldb-644-red"
+  permissions_mode    = "STANDARD"
+  deletion_protection = false
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/terraform.tfvars b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/variables.tf b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-644-qldb_deletion_protection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/code.py b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/iam.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/iam.tf
new file mode 100644
index 000000000..08e86d4f7
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "652_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "652_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_652_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/mwaa.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/mwaa.tf
new file mode 100644
index 000000000..4c1d4ce60
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/mwaa.tf
@@ -0,0 +1,57 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_652_green"
+  max_workers = 1
+
+  logging_configuration {
+    dag_processing_logs {
+      enabled   = true
+      log_level = "DEBUG"
+    }
+  }
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "652-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..ee206165b
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-652-mwaa_dag_processing_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/vpc.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/vpc.tf
new file mode 100644
index 000000000..f95a6251f
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "652_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "652_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/iam/652-policy.json b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/iam/652-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/iam/652-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/code.py b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/iam.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/iam.tf
new file mode 100644
index 000000000..22fc4af9b
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "652_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "652_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_652_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/mwaa.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/mwaa.tf
new file mode 100644
index 000000000..30f9a7910
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_652_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "652-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..46c5f8d39
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-652-mwaa_dag_processing_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/vpc.tf b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/vpc.tf
new file mode 100644
index 000000000..2b3d00e83
--- /dev/null
+++ b/terraform/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "652_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "652_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/code.py b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/iam.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/iam.tf
new file mode 100644
index 000000000..53791d882
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "653_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "653_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_653_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/mwaa.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/mwaa.tf
new file mode 100644
index 000000000..aa8c74b50
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/mwaa.tf
@@ -0,0 +1,57 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_653_green"
+  max_workers = 1
+
+  logging_configuration {
+    scheduler_logs {
+      enabled   = true
+      log_level = "DEBUG"
+    }
+  }
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "653-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..14ea8db8c
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-653-mwaa_scheduler_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/vpc.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/vpc.tf
new file mode 100644
index 000000000..e8b7a974e
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "653_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "653_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/iam/653-policy.json b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/iam/653-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/iam/653-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/code.py b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/iam.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/iam.tf
new file mode 100644
index 000000000..e1c14806c
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "653_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "653_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_653_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/mwaa.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/mwaa.tf
new file mode 100644
index 000000000..58947d684
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_653_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "653-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..1a5698c75
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-653-mwaa_scheduler_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/vpc.tf b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/vpc.tf
new file mode 100644
index 000000000..103d0feee
--- /dev/null
+++ b/terraform/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "653_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "653_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/code.py b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/iam.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/iam.tf
new file mode 100644
index 000000000..e6d09d06e
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "654_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "654_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_654_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/mwaa.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/mwaa.tf
new file mode 100644
index 000000000..86c87e1ae
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/mwaa.tf
@@ -0,0 +1,57 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_654_green"
+  max_workers = 1
+
+  logging_configuration {
+    task_logs {
+      enabled   = true
+      log_level = "DEBUG"
+    }
+  }
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "654-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..8e5ec9c38
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-654-mwaa_task_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/vpc.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/vpc.tf
new file mode 100644
index 000000000..eb582d064
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "654_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "654_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/iam/654-policy.json b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/iam/654-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/iam/654-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/code.py b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/iam.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/iam.tf
new file mode 100644
index 000000000..174508ec1
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "654_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "654_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_654_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/mwaa.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/mwaa.tf
new file mode 100644
index 000000000..4961a299a
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_654_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "654-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..6e1a71e87
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-654-mwaa_task_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/vpc.tf b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/vpc.tf
new file mode 100644
index 000000000..d1e373101
--- /dev/null
+++ b/terraform/ecc-aws-654-mwaa_task_logs_set_correctly/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "654_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "654_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/code.py b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/iam.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/iam.tf
new file mode 100644
index 000000000..ec026c347
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "655_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "655_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_655_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/mwaa.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/mwaa.tf
new file mode 100644
index 000000000..bcf699513
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/mwaa.tf
@@ -0,0 +1,57 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_655_green"
+  max_workers = 1
+
+  logging_configuration {
+    webserver_logs {
+      enabled   = true
+      log_level = "DEBUG"
+    }
+  }
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "655-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..b66cc98d0
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-655-mwaa_webserver_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/vpc.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/vpc.tf
new file mode 100644
index 000000000..e27b430a1
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "655_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "655_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/iam/655-policy.json b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/iam/655-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/iam/655-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/code.py b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/iam.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/iam.tf
new file mode 100644
index 000000000..cd6728afc
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "655_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "655_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_655_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/mwaa.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/mwaa.tf
new file mode 100644
index 000000000..b33a1787f
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_655_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "655-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..0012f91fa
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-655-mwaa_webserver_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/vpc.tf b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/vpc.tf
new file mode 100644
index 000000000..f2fd64d2d
--- /dev/null
+++ b/terraform/ecc-aws-655-mwaa_webserver_logs_set_correctly/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "655_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "655_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/code.py b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/iam.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/iam.tf
new file mode 100644
index 000000000..889dbf248
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "656_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "656_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_656_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/mwaa.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/mwaa.tf
new file mode 100644
index 000000000..032be3038
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/mwaa.tf
@@ -0,0 +1,57 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_656_green"
+  max_workers = 1
+
+  logging_configuration {
+     worker_logs {
+      enabled   = true
+      log_level = "DEBUG"
+    }
+  }
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "656-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/provider.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/provider.tf
new file mode 100644
index 000000000..ef97e1382
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-656-mwaa_worker_logs_set_correctly"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/terraform.tfvars b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/variables.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/vpc.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/vpc.tf
new file mode 100644
index 000000000..3988a04b2
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "656_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "656_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/iam/656-policy.json b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/iam/656-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/iam/656-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/code.py b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/iam.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/iam.tf
new file mode 100644
index 000000000..00ddaaade
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "656_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "656_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_656_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/mwaa.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/mwaa.tf
new file mode 100644
index 000000000..f63fc3c1a
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_656_red"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "656-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/provider.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/provider.tf
new file mode 100644
index 000000000..44b11f732
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-656-mwaa_worker_logs_set_correctly"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/terraform.tfvars b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/variables.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/vpc.tf b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/vpc.tf
new file mode 100644
index 000000000..3a2db386b
--- /dev/null
+++ b/terraform/ecc-aws-656-mwaa_worker_logs_set_correctly/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "656_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "656_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/provider.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/provider.tf
new file mode 100644
index 000000000..dcf2e98cb
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/redshift.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/redshift.tf
new file mode 100644
index 000000000..546abf94b
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/redshift.tf
@@ -0,0 +1,17 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier                   = "c7n-657-redshift-green"
+  database_name                        = "c7nredshiftgreen"
+  master_username                      = "root"
+  master_password                      = random_password.this.result
+  node_type                            = "ra3.xlplus"
+  skip_final_snapshot                  = true
+  availability_zone_relocation_enabled = true
+  publicly_accessible                  = false
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/terraform.tfvars b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/variables.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/iam/657-policy.json b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/iam/657-policy.json
new file mode 100644
index 000000000..e0617d26e
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/iam/657-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/provider.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/provider.tf
new file mode 100644
index 000000000..2ae8645c5
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/redshift.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/redshift.tf
new file mode 100644
index 000000000..4bd84b484
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier                   = "c7n-657-redshift-red"
+  database_name                        = "c7nredshiftred"
+  master_username                      = "root"
+  master_password                      = random_password.this.result
+  node_type                            = "dc2.large"
+  skip_final_snapshot                  = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/terraform.tfvars b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/variables.tf b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-657-redshift_availability_zone_relocation_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/elasticache.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/elasticache.tf
new file mode 100644
index 000000000..6ca79108a
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/elasticache.tf
@@ -0,0 +1,23 @@
+resource "aws_elasticache_cluster" "test" {
+  cluster_id        = "c7n-664-elasticache-cluster-green"
+  engine            = "redis"
+  node_type         = "cache.t2.micro"
+  num_cache_nodes   = 1
+  port              = 6379
+  apply_immediately = true
+  log_delivery_configuration {
+    destination      = aws_cloudwatch_log_group.this.name
+    destination_type = "cloudwatch-logs"
+    log_format       = "text"
+    log_type         = "slow-log"
+  }
+  log_delivery_configuration {
+    destination      = aws_cloudwatch_log_group.this.name
+    destination_type = "cloudwatch-logs"
+    log_format       = "text"
+    log_type         = "engine-log"
+  }
+}
+resource "aws_cloudwatch_log_group" "this" {
+  name = "664-log-group-green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/provider.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/provider.tf
new file mode 100644
index 000000000..7aed338b3
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-664-elasticache_redis_logs_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/terraform.tfvars b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/variables.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/iam/664-policy.json b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/iam/664-policy.json
new file mode 100644
index 000000000..997a14e44
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/iam/664-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/elasticache.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/elasticache.tf
new file mode 100644
index 000000000..69dbfd6df
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/elasticache.tf
@@ -0,0 +1,7 @@
+resource "aws_elasticache_cluster" "this" {
+  engine                        = "redis"
+  cluster_id                    = "c7n-664-elasticache-cluster-red"
+  node_type                     = "cache.t2.micro"
+  num_cache_nodes               = 1
+  port                          = 6379
+}
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/provider.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/provider.tf
new file mode 100644
index 000000000..1eb864c48
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-664-elasticache_redis_logs_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/terraform.tfvars b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/variables.tf b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-664-elasticache_redis_logs_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/green/elasticache.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/elasticache.tf
new file mode 100644
index 000000000..12b53f4c9
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/elasticache.tf
@@ -0,0 +1,13 @@
+resource "aws_elasticache_cluster" "memcached" {
+  cluster_id               = "c7n-665-elasticache-memcached-cluster-green"
+  engine                   = "memcached"
+  engine_version           = "1.5.16"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 11211
+  notification_topic_arn   = aws_sns_topic.this.arn
+}
+
+resource "aws_sns_topic" "this" {
+  name = "sns-topic-665-green"
+}
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/green/provider.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/provider.tf
new file mode 100644
index 000000000..c9ee8781c
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-665-elasticache_notifications_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/green/terraform.tfvars b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/green/variables.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/iam/665-policy.json b/terraform/ecc-aws-665-elasticache_notifications_enabled/iam/665-policy.json
new file mode 100644
index 000000000..51960c3c7
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/iam/665-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticache:DescribeCacheClusters",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/red/elasticache.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/elasticache.tf
new file mode 100644
index 000000000..18007cf33
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/elasticache.tf
@@ -0,0 +1,8 @@
+resource "aws_elasticache_cluster" "this" {
+  cluster_id               = "c7n-665-elasticache-memcached-cluster-red"
+  engine                   = "memcached"
+  engine_version           = "1.5.16"
+  node_type                = "cache.t2.micro"
+  num_cache_nodes          = 1
+  port                     = 11211
+}
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/red/provider.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/provider.tf
new file mode 100644
index 000000000..de7f8266e
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-665-elasticache_notifications_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/red/terraform.tfvars b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-665-elasticache_notifications_enabled/red/variables.tf b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-665-elasticache_notifications_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/emr.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/emr.tf
new file mode 100644
index 000000000..406aa9227
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/emr.tf
@@ -0,0 +1,37 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "669_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = true
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "669_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "669_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/iam.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/iam.tf
new file mode 100644
index 000000000..c3b56975c
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "669_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "669_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "669_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/provider.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/provider.tf
new file mode 100644
index 000000000..c01338476
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-669-emr_termination_protection_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/terraform.tfvars b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/variables.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/green/vpc.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/vpc.tf
new file mode 100644
index 000000000..bef8664bc
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/green/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "669_vpc_green"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "669_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/iam/669-policy.json b/terraform/ecc-aws-669-emr_termination_protection_enabled/iam/669-policy.json
new file mode 100644
index 000000000..1eacaf9f7
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/iam/669-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/emr.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/emr.tf
new file mode 100644
index 000000000..bf8edd41b
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/emr.tf
@@ -0,0 +1,37 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "669_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "669_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "669_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/iam.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/iam.tf
new file mode 100644
index 000000000..cc9bb4a7c
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "669_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "669_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "669_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/provider.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/provider.tf
new file mode 100644
index 000000000..7c603554f
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-669-emr_termination_protection_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/terraform.tfvars b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/variables.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-669-emr_termination_protection_enabled/red/vpc.tf b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/vpc.tf
new file mode 100644
index 000000000..a985af90b
--- /dev/null
+++ b/terraform/ecc-aws-669-emr_termination_protection_enabled/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "669_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "669_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/glue.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/glue.tf
new file mode 100644
index 000000000..8e11a0961
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/glue.tf
@@ -0,0 +1,10 @@
+resource "aws_glue_job" "this" {
+  name         = "672_glue_job_green"
+  role_arn     = aws_iam_role.this.arn
+  default_arguments = {
+    "--enable-spark-ui" = "true"
+  }
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/iam.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/iam.tf
new file mode 100644
index 000000000..6e32ec8b7
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "672_role_green"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "672_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-672-green/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/provider.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/provider.tf
new file mode 100644
index 000000000..bfb488c7a
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-672-glue_spark_ui_monitoring_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/s3.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/s3.tf
new file mode 100644
index 000000000..ea63f3c58
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-672-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/script.py b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/script.py
new file mode 100644
index 000000000..f181590df
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-672-green/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-672-green",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/terraform.tfvars b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/variables.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/iam/672-policy.json b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/iam/672-policy.json
new file mode 100644
index 000000000..317892da6
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/iam/672-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetJobs",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/glue.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/glue.tf
new file mode 100644
index 000000000..bc5fc6bda
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/glue.tf
@@ -0,0 +1,8 @@
+resource "aws_glue_job" "this" {
+  name         = "672_glue_job_red"
+  role_arn     = aws_iam_role.this.arn
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/iam.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/iam.tf
new file mode 100644
index 000000000..ab968cc16
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "672_role_red"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "672_policy_red"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-672-red/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/provider.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/provider.tf
new file mode 100644
index 000000000..7f87bcb99
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-672-glue_spark_ui_monitoring_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/s3.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/s3.tf
new file mode 100644
index 000000000..9aabce06a
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-672-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/script.py b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/script.py
new file mode 100644
index 000000000..4fb9f4555
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-672-red/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-672-red",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/terraform.tfvars b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/variables.tf b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-672-glue_spark_ui_monitoring_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function.zip b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function.zip
new file mode 100644
index 0000000000000000000000000000000000000000..b2dd8d7d6f98c42ec96e83388da2cffb7a835b42
GIT binary patch
literal 274
zcmWIWW@Zs#-~d7f2E{HQ0S7`rR!(AWQc7ZcT4`Q#NoIbYUO}bH*^Q@|3<X#o*!dgQ
zPqntF<2${@Ol)8ClRLH{liqB+*`c&=_l#pN+Y*1Qs}wf9vr6Q7NBEK%;$6$Vb*4nH
z?<?NOnXY+^U%Hu@AvHVd!>gy#@w!o~s};X7?yj6ycUkGnmxbK_uY3w)uYWLwWwqC_
zjm7nKZ`!y2W?^9X|3AQ+or6ti+QJ&3%O(JEfHxzP2s6U<$Z{ap!@!nC5DU{U0p6@^
PAQ?s=bO6$OKpX}DTBlaZ

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function/lambda_function.py b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function/lambda_function.py
new file mode 100644
index 000000000..8689d41b7
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/function/lambda_function.py
@@ -0,0 +1,7 @@
+import json
+
+def lambda_handler(event, context):
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/iam.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/iam.tf
new file mode 100644
index 000000000..b013e2bc6
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/iam.tf
@@ -0,0 +1,47 @@
+resource "aws_iam_role" "this" {
+  name = "677_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "677_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "tag:GetResources",
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this1" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchLambdaInsightsExecutionRolePolicy"
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/lambda.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/lambda.tf
new file mode 100644
index 000000000..1af81cfd1
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/lambda.tf
@@ -0,0 +1,17 @@
+data "archive_file" "this" {
+  type        = "zip"
+  source_dir  = "function/"
+  output_path = "function.zip"
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "function.zip"
+  function_name = "677_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "lambda_function.lambda_handler"
+  runtime       = "python3.9"
+  layers        = ["arn:aws:lambda:${var.default-region}:580247275435:layer:LambdaInsightsExtension:21"]
+  depends_on    = [data.archive_file.this]
+}
+
+data "aws_caller_identity" "current" {}
\ No newline at end of file
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/provider.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/provider.tf
new file mode 100644
index 000000000..83ebfb78b
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-677-lambda_functions_enhanced_monitoring_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/terraform.tfvars b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/variables.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/iam/677-policy.json b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/iam/677-policy.json
new file mode 100644
index 000000000..56ff18aec
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/iam/677-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function.zip b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function.zip
new file mode 100644
index 0000000000000000000000000000000000000000..b2dd8d7d6f98c42ec96e83388da2cffb7a835b42
GIT binary patch
literal 274
zcmWIWW@Zs#-~d7f2E{HQ0S7`rR!(AWQc7ZcT4`Q#NoIbYUO}bH*^Q@|3<X#o*!dgQ
zPqntF<2${@Ol)8ClRLH{liqB+*`c&=_l#pN+Y*1Qs}wf9vr6Q7NBEK%;$6$Vb*4nH
z?<?NOnXY+^U%Hu@AvHVd!>gy#@w!o~s};X7?yj6ycUkGnmxbK_uY3w)uYWLwWwqC_
zjm7nKZ`!y2W?^9X|3AQ+or6ti+QJ&3%O(JEfHxzP2s6U<$Z{ap!@!nC5DU{U0p6@^
PAQ?s=bO6$OKpX}DTBlaZ

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function/lambda_function.py b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function/lambda_function.py
new file mode 100644
index 000000000..8689d41b7
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/function/lambda_function.py
@@ -0,0 +1,7 @@
+import json
+
+def lambda_handler(event, context):
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/iam.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/iam.tf
new file mode 100644
index 000000000..6e597bdc8
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/iam.tf
@@ -0,0 +1,37 @@
+resource "aws_iam_role" "this" {
+  name = "677_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "677_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "tag:GetResources",
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/lambda.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/lambda.tf
new file mode 100644
index 000000000..c18648558
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/lambda.tf
@@ -0,0 +1,14 @@
+data "archive_file" "this" {
+  type        = "zip"
+  source_dir  = "function/"
+  output_path = "function.zip"
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "function.zip"
+  function_name                  = "677_lambda_red"
+  role                           = aws_iam_role.this.arn
+  handler                        = "lambda_function.lambda_handler"
+  runtime                        = "python3.9"
+  depends_on = [data.archive_file.this]
+}
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/provider.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/provider.tf
new file mode 100644
index 000000000..e2d063cba
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-677-lambda_functions_enhanced_monitoring_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/terraform.tfvars b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/variables.tf b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/function/lambda_function.py b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/function/lambda_function.py
new file mode 100644
index 000000000..2560da8cd
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/function/lambda_function.py
@@ -0,0 +1,20 @@
+import json
+import boto3
+import os
+
+from base64 import b64decode
+
+ENCRYPTED = os.environ['foo']
+# Decrypt code should run once and variables stored outside of the function
+# handler so that these are decrypted once per container
+DECRYPTED = boto3.client('kms').decrypt(
+    CiphertextBlob=b64decode(ENCRYPTED),
+    EncryptionContext={'LambdaFunctionName': os.environ['AWS_LAMBDA_FUNCTION_NAME']}
+)['Plaintext'].decode('utf-8')
+
+
+def lambda_handler(event, context):
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Decrypted env. var.: '+DECRYPTED)
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/iam.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/iam.tf
new file mode 100644
index 000000000..a2fbfef49
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/iam.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "679_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "679_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "tag:GetResources",
+            "Resource": "*"
+        },
+        {
+          "Effect": "Allow",
+          "Action": "kms:Decrypt",
+          "Resource": "${aws_kms_key.this.arn}",
+          "Condition": {
+            "StringEquals": {
+              "kms:EncryptionContext:LambdaFunctionName": "679_lambda_green"
+            }
+          }
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/kms.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/kms.tf
new file mode 100644
index 000000000..3ab31ae77
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/kms.tf
@@ -0,0 +1,13 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Lambda Variables"
+  key_usage               = "ENCRYPT_DECRYPT"
+#   policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/679-green"
+  target_key_id = aws_kms_key.this.key_id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/lambda.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/lambda.tf
new file mode 100644
index 000000000..1709a43f3
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/lambda.tf
@@ -0,0 +1,34 @@
+# Currently, there is no way to encrypt environment variables using CLI or terraform.
+# 1. To create green infrastructure, first, you have to deploy resources with terraform.
+# 2. Navigate to a created lambda function, go to 'Configuration' -> 'Environment variables' -> 'Edit'.
+# 3. Tick the checkbox 'Enable helpers for encryption in transit', then click on 'Encrypt', and select KMS Key created with terraform, click 'Save'.
+
+data "archive_file" "this" {
+  type        = "zip"
+  source_dir  = "function/"
+  output_path = "function.zip"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    when    = destroy
+    command = "rm function.zip"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "function.zip"
+  function_name                  = "679_lambda_green"
+  role                           = aws_iam_role.this.arn
+  handler                        = "lambda_function.lambda_handler"
+  runtime                        = "python3.9"
+  source_code_hash               = data.archive_file.this.output_base64sha256
+  environment {
+    variables = {
+      foo = "bar"
+    }
+  }
+
+  depends_on = [data.archive_file.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/provider.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/provider.tf
new file mode 100644
index 000000000..9f4102b96
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-679-lambda_environment_variables_encrypted_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/terraform.tfvars b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/variables.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/iam/679-policy.json b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/iam/679-policy.json
new file mode 100644
index 000000000..56ff18aec
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/iam/679-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/function/lambda_function.py b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/function/lambda_function.py
new file mode 100644
index 000000000..2560da8cd
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/function/lambda_function.py
@@ -0,0 +1,20 @@
+import json
+import boto3
+import os
+
+from base64 import b64decode
+
+ENCRYPTED = os.environ['foo']
+# Decrypt code should run once and variables stored outside of the function
+# handler so that these are decrypted once per container
+DECRYPTED = boto3.client('kms').decrypt(
+    CiphertextBlob=b64decode(ENCRYPTED),
+    EncryptionContext={'LambdaFunctionName': os.environ['AWS_LAMBDA_FUNCTION_NAME']}
+)['Plaintext'].decode('utf-8')
+
+
+def lambda_handler(event, context):
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Decrypted env. var.: '+DECRYPTED)
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/iam.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/iam.tf
new file mode 100644
index 000000000..415e927e8
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/iam.tf
@@ -0,0 +1,41 @@
+resource "aws_iam_role" "this" {
+  name = "679_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "679_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "tag:GetResources",
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/lambda.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/lambda.tf
new file mode 100644
index 000000000..6ad692c5f
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/lambda.tf
@@ -0,0 +1,29 @@
+data "archive_file" "this" {
+  type        = "zip"
+  source_dir  = "function/"
+  output_path = "function.zip"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    when    = destroy
+    command = "rm function.zip"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "function.zip"
+  function_name                  = "679_lambda_red"
+  role                           = aws_iam_role.this.arn
+  handler                        = "lambda_function.lambda_handler"
+  runtime                        = "python3.9"
+  source_code_hash               = data.archive_file.this.output_base64sha256
+  environment {
+    variables = {
+      foo = "bar"
+    }
+  }
+
+  depends_on = [data.archive_file.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/provider.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/provider.tf
new file mode 100644
index 000000000..05305f208
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-679-lambda_environment_variables_encrypted_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/terraform.tfvars b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/variables.tf b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/func.zip b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/lambda.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/lambda.tf
new file mode 100644
index 000000000..a17821c74
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "680_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "680_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+                ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "680_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.9"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/provider.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/provider.tf
new file mode 100644
index 000000000..2c80c36a0
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-680-lambda_latest_runtime_environment_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/terraform.tfvars b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/variables.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/iam/680-policy.json b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/iam/680-policy.json
new file mode 100644
index 000000000..a9c17bd73
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/iam/680-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/func.zip b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/lambda.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/lambda.tf
new file mode 100644
index 000000000..e0df0d1f0
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "680_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "680_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+                ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "680_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "lambda.py"
+  runtime       = "python3.8"
+}
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/provider.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/provider.tf
new file mode 100644
index 000000000..dc828cb18
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-680-lambda_latest_runtime_environment_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/terraform.tfvars b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/variables.tf b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-680-lambda_latest_runtime_environment_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.py b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.py
new file mode 100644
index 000000000..76eda3b9a
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.py
@@ -0,0 +1,8 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.zip b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/lambda.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/lambda.tf
new file mode 100644
index 000000000..3059e7b24
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/lambda.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "this" {
+  name = "681_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "681_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "func.zip"
+  function_name                  = "681_lambda_green"
+  role                           = aws_iam_role.this.arn
+  handler                        = "func.py"
+  runtime                        = "python3.8"
+  reserved_concurrent_executions = 1 
+}
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/provider.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/provider.tf
new file mode 100644
index 000000000..ac8b5dc27
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-681-lambda_concurrency_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/terraform.tfvars b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/green/variables.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/iam/681-policy.json b/terraform/ecc-aws-681-lambda_concurrency_enabled/iam/681-policy.json
new file mode 100644
index 000000000..29a2c4d3c
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/iam/681-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions",
+                "lambda:GetFunctionConcurrency",
+                "lambda:GetFunction"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.py b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.py
new file mode 100644
index 000000000..0be9c88a8
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.py
@@ -0,0 +1,9 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
+
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.zip b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/lambda.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/lambda.tf
new file mode 100644
index 000000000..4c9d56424
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/lambda.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "this" {
+  name = "681_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "681_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "func.zip"
+  function_name                  = "681_lambda_red"
+  role                           = aws_iam_role.this.arn
+  handler                        = "func.py"
+  runtime                        = "python3.8"
+  reserved_concurrent_executions = -1
+}
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/provider.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/provider.tf
new file mode 100644
index 000000000..2b001c096
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-681-lambda_concurrency_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/terraform.tfvars b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-681-lambda_concurrency_enabled/red/variables.tf b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-681-lambda_concurrency_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/ecs.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/ecs.tf
new file mode 100644
index 000000000..f0a01fa47
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/ecs.tf
@@ -0,0 +1,14 @@
+resource "aws_ecs_cluster" "this" {
+  name = "690_ecs_cluster_green"
+
+  configuration {
+    execute_command_configuration {
+      logging = "OVERRIDE"
+
+      log_configuration {
+        s3_bucket_name               = aws_s3_bucket.this.id
+        s3_key_prefix                = "exec-output"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/provider.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..3d30261b7
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-690-ecs_exec_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/s3.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/s3.tf
new file mode 100644
index 000000000..b015dec44
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/s3.tf
@@ -0,0 +1,9 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-690-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/variables.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/iam/690-policy.json b/terraform/ecc-aws-690-ecs_exec_logging_enabled/iam/690-policy.json
new file mode 100644
index 000000000..ba1ef5746
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/iam/690-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:DescribeClusters",
+                "ecs:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/ecs.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/ecs.tf
new file mode 100644
index 000000000..870a2b629
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/ecs.tf
@@ -0,0 +1,3 @@
+resource "aws_ecs_cluster" "this" {
+  name = "690_ecs_cluster_red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/provider.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..4e8005016
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-690-ecs_exec_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/variables.tf b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-690-ecs_exec_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/fsx.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/fsx.tf
new file mode 100644
index 000000000..a6e2b6641
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/fsx.tf
@@ -0,0 +1,26 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  automatic_backup_retention_days = 10
+  data_compression_type           = "LZ4"
+
+  tags = {
+    Name = "691_fsx_lustre_file_system_green"
+  }
+}
+
+resource "aws_fsx_openzfs_file_system" "this" {
+  storage_capacity                = 64
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  deployment_type                 = "SINGLE_AZ_1"
+  throughput_capacity             = 64
+  automatic_backup_retention_days = 10
+
+  tags = {
+    Name = "691_fsx_openzfs_file_system_green"
+  }
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/provider.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/provider.tf
new file mode 100644
index 000000000..6d6e22930
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/terraform.tfvars b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/variables.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/vpc.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/fsx.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/fsx.tf
new file mode 100644
index 000000000..66da3cbbb
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/fsx.tf
@@ -0,0 +1,45 @@
+# resource creation may take about 30 minutes
+resource "aws_fsx_ontap_file_system" "this" {
+  storage_capacity                = 1024
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  deployment_type                 = "SINGLE_AZ_1"
+  storage_type                    = "HDD"
+  automatic_backup_retention_days = 10
+  throughput_capacity             = 128
+  preferred_subnet_id             = data.aws_subnets.this.ids[0]
+
+  tags = {
+    Name = "691_fsx_ontap_file_system_green1"
+  }
+}
+
+# resource creation may take about 30 minutes
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = data.aws_vpc.default.id
+    subnet_ids = [data.aws_subnets.this.ids[0], data.aws_subnets.this.ids[1]]
+  }
+}
+
+# resource creation may take about 30 minutes
+resource "aws_fsx_windows_file_system" "this" {
+  active_directory_id             = aws_directory_service_directory.this.id
+  storage_type                    = "HDD"
+  storage_capacity                = 2000
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  throughput_capacity             = 8
+  automatic_backup_retention_days = 10
+  skip_final_backup               = true
+  deployment_type                 = "SINGLE_AZ_2"
+
+  depends_on = [aws_directory_service_directory.this]
+
+  tags = {
+    Name = "691_fsx_windows_file_system_green1"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/provider.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/provider.tf
new file mode 100644
index 000000000..f61c62b44
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/terraform.tfvars b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/variables.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/vpc.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/green1/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/iam/691-policy.json b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/iam/691-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/iam/691-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/fsx.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/fsx.tf
new file mode 100644
index 000000000..fdc1860ba
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/fsx.tf
@@ -0,0 +1,13 @@
+resource "aws_fsx_lustre_file_system" "this" {
+  storage_capacity                = 6000
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  deployment_type                 = "PERSISTENT_1"
+  storage_type                    = "HDD"
+  drive_cache_type                = "NONE"
+  per_unit_storage_throughput     = 12
+  automatic_backup_retention_days = 0
+
+  tags = {
+    Name = "691-fsx_lustre_file_system-red"
+  }
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/provider.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/provider.tf
new file mode 100644
index 000000000..e12771431
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/terraform.tfvars b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/variables.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/vpc.tf b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-691-fsx_daily_automatic_backup_enabled/red/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/fsx.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/fsx.tf
new file mode 100644
index 000000000..7b79a45e3
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/fsx.tf
@@ -0,0 +1,14 @@
+# resource creation may take about 30 minutes
+resource "aws_fsx_ontap_file_system" "this" {
+  storage_capacity                = 1024
+  subnet_ids                      = [data.aws_subnets.this.ids[0],data.aws_subnets.this.ids[1]]
+  deployment_type                 = "MULTI_AZ_1"
+  storage_type                    = "HDD"
+  automatic_backup_retention_days = 10
+  throughput_capacity             = 128
+  preferred_subnet_id             = data.aws_subnets.this.ids[0]
+
+  tags = {
+    Name = "692_fsx_ontap_file_system_green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/provider.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/provider.tf
new file mode 100644
index 000000000..d8bc3fb45
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-692-fsx_netapp_ontap_multi_az_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/terraform.tfvars b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/variables.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/vpc.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/green/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/iam/692-policy.json b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/iam/692-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/iam/692-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/fsx.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/fsx.tf
new file mode 100644
index 000000000..98b315a44
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/fsx.tf
@@ -0,0 +1,13 @@
+# resource creation may take about 30 minutes
+resource "aws_fsx_ontap_file_system" "this" {
+  storage_capacity                = 1024
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  deployment_type                 = "SINGLE_AZ_1"
+  storage_type                    = "HDD"
+  throughput_capacity             = 128
+  preferred_subnet_id             = data.aws_subnets.this.ids[0]
+
+  tags = {
+    Name = "692_fsx_ontap_file_system_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/provider.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/provider.tf
new file mode 100644
index 000000000..d756ae4a4
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-692-fsx_netapp_ontap_multi_az_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/terraform.tfvars b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/variables.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/vpc.tf b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/fsx.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/fsx.tf
new file mode 100644
index 000000000..4a9fc2bb6
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/fsx.tf
@@ -0,0 +1,30 @@
+# resource creation may take about 30 minutes
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = data.aws_vpc.default.id
+    subnet_ids = [data.aws_subnets.this.ids[0], data.aws_subnets.this.ids[1]]
+  }
+}
+
+# resource creation may take about 30 minutes
+resource "aws_fsx_windows_file_system" "this" {
+  active_directory_id             = aws_directory_service_directory.this.id
+  storage_type                    = "HDD"
+  storage_capacity                = 2000
+  subnet_ids                      = [data.aws_subnets.this.ids[0],data.aws_subnets.this.ids[1]]
+  throughput_capacity             = 8
+  skip_final_backup               = true
+  deployment_type                 = "MULTI_AZ_1"
+  preferred_subnet_id             = data.aws_subnets.this.ids[0]
+
+  depends_on = [aws_directory_service_directory.this]
+
+  tags = {
+    Name = "693_fsx_windows_file_system_green"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/provider.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/provider.tf
new file mode 100644
index 000000000..7fe4180d1
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-693-fsx_windows_file_server_multi_az_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/terraform.tfvars b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/variables.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/vpc.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/green/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/iam/693-policy.json b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/iam/693-policy.json
new file mode 100644
index 000000000..74edf0f72
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/iam/693-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "fsx:DescribeFileSystems"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/fsx.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/fsx.tf
new file mode 100644
index 000000000..ae0525c0f
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/fsx.tf
@@ -0,0 +1,29 @@
+# resource creation may take about 30 minutes
+resource "aws_directory_service_directory" "this" {
+  name     = "workspaces.example.com"
+  password = "#S1ncerely"
+  edition  = "Standard"
+  type     = "MicrosoftAD"
+
+  vpc_settings {
+    vpc_id     = data.aws_vpc.default.id
+    subnet_ids = [data.aws_subnets.this.ids[0], data.aws_subnets.this.ids[1]]
+  }
+}
+
+# resource creation may take about 30 minutes
+resource "aws_fsx_windows_file_system" "this" {
+  active_directory_id             = aws_directory_service_directory.this.id
+  storage_type                    = "HDD"
+  storage_capacity                = 2000
+  subnet_ids                      = [data.aws_subnets.this.ids[0]]
+  throughput_capacity             = 8
+  skip_final_backup               = true
+  deployment_type                 = "SINGLE_AZ_2"
+
+  depends_on = [aws_directory_service_directory.this]
+
+  tags = {
+    Name = "693_fsx_windows_file_system_red"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/provider.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/provider.tf
new file mode 100644
index 000000000..21899b2d5
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-693-fsx_windows_file_server_multi_az_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/terraform.tfvars b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/variables.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/vpc.tf b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/vpc.tf
new file mode 100644
index 000000000..e49b665cd
--- /dev/null
+++ b/terraform/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red/vpc.tf
@@ -0,0 +1,10 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/green/alb.tf b/terraform/ecc-aws-696-alb_desync_mode_check/green/alb.tf
new file mode 100644
index 000000000..6cc4711b8
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/green/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_lb" "this" {
+  name                   = "alb-696-green"
+  load_balancer_type     = "application"
+  security_groups        = [aws_security_group.group1.id]
+  subnets                = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal               = false
+  desync_mitigation_mode = "defensive"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "group1" {
+  name   = "696_security_group1_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 8140
+    to_port     = 8140
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/green/provider.tf b/terraform/ecc-aws-696-alb_desync_mode_check/green/provider.tf
new file mode 100644
index 000000000..8b65e2a43
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-696-alb_desync_mode_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/green/terraform.tfvars b/terraform/ecc-aws-696-alb_desync_mode_check/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/green/variables.tf b/terraform/ecc-aws-696-alb_desync_mode_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/iam/696-policy.json b/terraform/ecc-aws-696-alb_desync_mode_check/iam/696-policy.json
new file mode 100644
index 000000000..e88b468d0
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/iam/696-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/red/alb.tf b/terraform/ecc-aws-696-alb_desync_mode_check/red/alb.tf
new file mode 100644
index 000000000..15e776cd8
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/red/alb.tf
@@ -0,0 +1,41 @@
+resource "aws_lb" "this" {
+  name                   = "alb-696-red"
+  load_balancer_type     = "application"
+  security_groups        = [aws_security_group.group1.id]
+  subnets                = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal               = false
+  desync_mitigation_mode = "monitor"
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "group1" {
+  name   = "696_security_group1_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 8140
+    to_port     = 8140
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/red/provider.tf b/terraform/ecc-aws-696-alb_desync_mode_check/red/provider.tf
new file mode 100644
index 000000000..263cedd8f
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-696-alb_desync_mode_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/red/terraform.tfvars b/terraform/ecc-aws-696-alb_desync_mode_check/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-696-alb_desync_mode_check/red/variables.tf b/terraform/ecc-aws-696-alb_desync_mode_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-696-alb_desync_mode_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/api.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/api.tf
new file mode 100644
index 000000000..0dc524f17
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/api.tf
@@ -0,0 +1,52 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  endpoint_configuration {
+    types = ["EDGE"]
+  }
+  name = "697_api_green"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    greeneployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "697_stage_green"
+  cache_cluster_enabled = true
+  cache_cluster_size = 0.5
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    caching_enabled = true
+  }
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/provider.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/provider.tf
new file mode 100644
index 000000000..af0696e6e
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-697-api_gw_endpoint_type_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/terraform.tfvars b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/variables.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/iam/697-policy.json b/terraform/ecc-aws-697-api_gw_endpoint_type_check/iam/697-policy.json
new file mode 100644
index 000000000..3bc2c3fa4
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/iam/697-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "apigateway:GET"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/api.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/api.tf
new file mode 100644
index 000000000..8f8a1d350
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/api.tf
@@ -0,0 +1,52 @@
+resource "aws_api_gateway_rest_api" "this" {
+  body = jsonencode({
+    openapi = "3.0.1"
+    paths = {
+      "/path1" = {
+        get = {
+          x-amazon-apigateway-integration = {
+            httpMethod           = "GET"
+            payloadFormatVersion = "1.0"
+            type                 = "HTTP_PROXY"
+            uri                  = "https://ip-ranges.amazonaws.com/ip-ranges.json"
+          }
+        }
+      }
+    }
+  })
+
+  endpoint_configuration {
+    types = ["REGIONAL"]
+  }
+  name = "697_api_red"
+}
+
+resource "aws_api_gateway_deployment" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+
+  triggers = {
+    redeployment = sha1(jsonencode(aws_api_gateway_rest_api.this.body))
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_api_gateway_stage" "this" {
+  deployment_id = aws_api_gateway_deployment.this.id
+  rest_api_id   = aws_api_gateway_rest_api.this.id
+  stage_name    = "697_stage_red"
+  cache_cluster_enabled = true
+  cache_cluster_size = 0.5
+}
+
+resource "aws_api_gateway_method_settings" "this" {
+  rest_api_id = aws_api_gateway_rest_api.this.id
+  stage_name  = aws_api_gateway_stage.this.stage_name
+  method_path = "*/*"
+
+  settings {
+    caching_enabled = true
+  }
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/provider.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/provider.tf
new file mode 100644
index 000000000..d35b5e0fe
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-697-api_gw_endpoint_type_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/terraform.tfvars b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/terraform.tfvars
new file mode 100644
index 000000000..2d8e730f0
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/terraform.tfvars
@@ -0,0 +1,3 @@
+profile        = "c7n"
+default-region = "us-east-1"
+
diff --git a/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/variables.tf b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-697-api_gw_endpoint_type_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/asg.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/asg.tf
new file mode 100644
index 000000000..ca92d3109
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/asg.tf
@@ -0,0 +1,40 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "702_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name                = "702-autoscaling_group-green"
+  capacity_rebalance  = true
+  desired_capacity    = 1
+  max_size            = 1
+  min_size            = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  tag {
+    key                 = "CustodianRule"
+    value               = "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled"
+    propagate_at_launch = true
+  }
+
+  tag {
+    key                 = "ComplianceStatus"
+    value               = "Green"
+    propagate_at_launch = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/provider.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/provider.tf
new file mode 100644
index 000000000..457bf64d9
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/terraform.tfvars b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/variables.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/iam/702-policy.json b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/iam/702-policy.json
new file mode 100644
index 000000000..de2970768
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/iam/702-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "autoscaling:DescribeAutoScalingGroups",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/asg.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/asg.tf
new file mode 100644
index 000000000..1d235bebb
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/asg.tf
@@ -0,0 +1,41 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "702_launch_template_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	  values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "702-autoscaling_group-red"
+  availability_zones = ["us-east-1a"]
+  desired_capacity   = 1
+  max_size           = 1
+  min_size           = 1
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+
+  tag {
+        key                 = "CustodianRule"
+        value               = "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled"
+        propagate_at_launch = true
+  }
+	  
+  tag {
+        key                 = "ComplianceStatus"
+        value               = "Red"
+        propagate_at_launch = true
+  }  
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/provider.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/provider.tf
new file mode 100644
index 000000000..6a705e292
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/terraform.tfvars b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/variables.tf b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/asg.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/asg.tf
new file mode 100644
index 000000000..693d42bc0
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/asg.tf
@@ -0,0 +1,20 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix                 = "703_launch_configuration_green"
+  image_id                    = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = "2"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/provider.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/provider.tf
new file mode 100644
index 000000000..abc2802de
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-703-autoscaling_launchconfig_requires_imdsv2"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/terraform.tfvars b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/variables.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/iam/703-policy.json b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/iam/703-policy.json
new file mode 100644
index 000000000..a392f1292
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/iam/703-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeLaunchConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/asg.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/asg.tf
new file mode 100644
index 000000000..e732f774b
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/asg.tf
@@ -0,0 +1,15 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix                 = "703_launch_configuration_red"
+  image_id                    = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/provider.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/provider.tf
new file mode 100644
index 000000000..2f6ce0d87
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-703-autoscaling_launchconfig_requires_imdsv2"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/terraform.tfvars b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/variables.tf b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/green/elb.tf b/terraform/ecc-aws-707-clb_desync_mode_check/green/elb.tf
new file mode 100644
index 000000000..434219399
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/green/elb.tf
@@ -0,0 +1,13 @@
+resource "aws_elb" "this" {
+  name               = "elb-707-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+  desync_mitigation_mode      = "defensive"
+  idle_timeout                = 400
+}
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/green/provider.tf b/terraform/ecc-aws-707-clb_desync_mode_check/green/provider.tf
new file mode 100644
index 000000000..3bdefcac0
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-707-clb_desync_mode_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/green/terraform.tfvars b/terraform/ecc-aws-707-clb_desync_mode_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/green/variables.tf b/terraform/ecc-aws-707-clb_desync_mode_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/iam/707-policy.json b/terraform/ecc-aws-707-clb_desync_mode_check/iam/707-policy.json
new file mode 100644
index 000000000..836c39df0
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/iam/707-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeTags",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/red/elb.tf b/terraform/ecc-aws-707-clb_desync_mode_check/red/elb.tf
new file mode 100644
index 000000000..8e1a57592
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/red/elb.tf
@@ -0,0 +1,13 @@
+resource "aws_elb" "this" {
+  name               = "elb-707-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+  desync_mitigation_mode = "monitor"
+  idle_timeout           = 400
+}
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/red/provider.tf b/terraform/ecc-aws-707-clb_desync_mode_check/red/provider.tf
new file mode 100644
index 000000000..3973cd9c0
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-707-clb_desync_mode_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/red/terraform.tfvars b/terraform/ecc-aws-707-clb_desync_mode_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-707-clb_desync_mode_check/red/variables.tf b/terraform/ecc-aws-707-clb_desync_mode_check/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-707-clb_desync_mode_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/green/elb.tf b/terraform/ecc-aws-708-clb-multiple_az/green/elb.tf
new file mode 100644
index 000000000..039daa049
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/green/elb.tf
@@ -0,0 +1,11 @@
+resource "aws_elb" "this" {
+  name               = "elb-708-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/green/provider.tf b/terraform/ecc-aws-708-clb-multiple_az/green/provider.tf
new file mode 100644
index 000000000..d3c40cf38
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-708-clb-multiple_az"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/green/terraform.tfvars b/terraform/ecc-aws-708-clb-multiple_az/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-708-clb-multiple_az/green/variables.tf b/terraform/ecc-aws-708-clb-multiple_az/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/iam/708-policy.json b/terraform/ecc-aws-708-clb-multiple_az/iam/708-policy.json
new file mode 100644
index 000000000..c29352b0e
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/iam/708-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeTags",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-708-clb-multiple_az/red/elb.tf b/terraform/ecc-aws-708-clb-multiple_az/red/elb.tf
new file mode 100644
index 000000000..696f6e211
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/red/elb.tf
@@ -0,0 +1,11 @@
+resource "aws_elb" "this" {
+  name               = "elb-708-red"
+  availability_zones = ["us-east-1a"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/red/provider.tf b/terraform/ecc-aws-708-clb-multiple_az/red/provider.tf
new file mode 100644
index 000000000..10168b8ed
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-708-clb-multiple_az"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-708-clb-multiple_az/red/terraform.tfvars b/terraform/ecc-aws-708-clb-multiple_az/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-708-clb-multiple_az/red/variables.tf b/terraform/ecc-aws-708-clb-multiple_az/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-708-clb-multiple_az/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/elb.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/elb.tf
new file mode 100644
index 000000000..4a79b8c22
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/elb.tf
@@ -0,0 +1,14 @@
+resource "aws_elb" "this" {
+  name               = "elb-709-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  cross_zone_load_balancing   = true
+  idle_timeout                = 400
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/provider.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/provider.tf
new file mode 100644
index 000000000..2edf5237f
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-709-clb_cross_zone_load_balancing_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/terraform.tfvars b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/variables.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/iam/709-policy.json b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/iam/709-policy.json
new file mode 100644
index 000000000..21f2d85dc
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/iam/709-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeTags",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/elb.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/elb.tf
new file mode 100644
index 000000000..0bd6a410e
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/elb.tf
@@ -0,0 +1,13 @@
+resource "aws_elb" "this" {
+  name               = "elb-709-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+
+  cross_zone_load_balancing = false
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/provider.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/provider.tf
new file mode 100644
index 000000000..0d97b78f1
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-709-clb_cross_zone_load_balancing_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/terraform.tfvars b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/variables.tf b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/cloudformation.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/cloudformation.tf
new file mode 100644
index 000000000..30d76bb1d
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/cloudformation.tf
@@ -0,0 +1,34 @@
+resource "aws_cloudformation_stack" "this" {
+  name          = "stack-710-green"
+  template_body = <<STACK
+{
+  "Resources" : {
+    "SecurotyGroup710Green": {
+      "Type" : "AWS::EC2::SecurityGroup",
+      "Properties" : {
+        "GroupDescription" : "Enable HTTP access via port 80 locked down to the load balancer + SSH access",
+      "SecurityGroupIngress" : [
+        {"IpProtocol" : "tcp", "FromPort" : 80, "ToPort" : 80, "CidrIp" : "10.0.0.0/32"}
+      ]
+      }
+    }
+  }
+}
+STACK
+
+}
+
+resource "time_sleep" "this" {
+  depends_on = [aws_cloudformation_stack.this]
+
+  create_duration = "60s"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "aws cloudformation detect-stack-drift --stack-name stack-710-green"
+    interpreter = ["bash", "-c"]
+  }
+
+  depends_on = [time_sleep.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/provider.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/provider.tf
new file mode 100644
index 000000000..a267023b6
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-710-cloudformation_stack_drift_detection_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/terraform.tfvars b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/variables.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/iam/710-policy.json b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/iam/710-policy.json
new file mode 100644
index 000000000..ccb710c37
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/iam/710-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudformation:DescribeStacks"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/cloudformation.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/cloudformation.tf
new file mode 100644
index 000000000..12af6b24a
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/cloudformation.tf
@@ -0,0 +1,29 @@
+resource "aws_cloudformation_stack" "this" {
+  name          = "stack-710-red"
+  template_body = <<STACK
+{
+    "Resources": {
+        "S3BucketRed" : {
+          "Properties": {
+          "BucketName" : "s3-bucket-710-red"},
+          "Type" : "AWS::S3::Bucket"
+      }
+    }
+}
+STACK
+}
+
+resource "time_sleep" "this" {
+  depends_on = [aws_cloudformation_stack.this]
+
+  create_duration = "60s"
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "aws s3api delete-bucket-tagging --bucket s3-bucket-710-red  && aws cloudformation detect-stack-drift --stack-name stack-710-red"
+    interpreter = ["bash", "-c"]
+  }
+
+  depends_on = [time_sleep.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/provider.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/provider.tf
new file mode 100644
index 000000000..08ce027b1
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-710-cloudformation_stack_drift_detection_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/terraform.tfvars b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/variables.tf b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-710-cloudformation_stack_drift_detection_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green/cloudfront.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/cloudfront.tf
new file mode 100644
index 000000000..ef1172217
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/cloudfront.tf
@@ -0,0 +1,77 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-712-green"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "examplegreen.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+locals {
+  s3_origin_id = "myS3Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = aws_acm_certificate.this.arn
+    ssl_support_method             = "sni-only"
+    minimum_protocol_version       = "TLSv1"
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green/provider.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/provider.tf
new file mode 100644
index 000000000..5aa5a6666
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-712-cloudfront_sni_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green/terraform.tfvars b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green/variables.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/cloudfront.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/cloudfront.tf
new file mode 100644
index 000000000..f3e53b089
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/cloudfront.tf
@@ -0,0 +1,74 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-712-green1"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "examplegreen1.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+locals {
+  s3_origin_id = "myS3Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/provider.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/provider.tf
new file mode 100644
index 000000000..657162996
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-712-cloudfront_sni_enabled"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/terraform.tfvars b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/variables.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/iam/712-policy.json b/terraform/ecc-aws-712-cloudfront_sni_enabled/iam/712-policy.json
new file mode 100644
index 000000000..64afa00ea
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/iam/712-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudfront:ListDistributions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/red/cloudfront.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/cloudfront.tf
new file mode 100644
index 000000000..265385b54
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/cloudfront.tf
@@ -0,0 +1,77 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-712-red"
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "examplered.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
+
+locals {
+  s3_origin_id = "myS3Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = false
+    acm_certificate_arn            = aws_acm_certificate.this.arn
+    ssl_support_method             = "vip"
+    minimum_protocol_version       = "TLSv1"
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/red/provider.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/provider.tf
new file mode 100644
index 000000000..d575dbaac
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-712-cloudfront_sni_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/red/terraform.tfvars b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-712-cloudfront_sni_enabled/red/variables.tf b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-712-cloudfront_sni_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/log_group.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/log_group.tf
new file mode 100644
index 000000000..4d0c0e2a0
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/log_group.tf
@@ -0,0 +1,36 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name       = "cloudwatch_715_log_group_green"
+  kms_key_id = aws_kms_key.this.arn
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt Cloudwatch Log Group"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/715-green"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "*",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..55ea77aea
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-715-cloudwatch_log_group_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/iam/715-policy.json b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/iam/715-policy.json
new file mode 100644
index 000000000..77697516a
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/iam/715-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups",
+                "kms:ListKeys",
+                "kms:DescribeKey",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/log_group.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/log_group.tf
new file mode 100644
index 000000000..68e3a968a
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/log_group.tf
@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "cloudwatch_715_log_group_red"
+}
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..447d07401
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-715-cloudwatch_log_group_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/codebuild.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/codebuild.tf
new file mode 100644
index 000000000..bde0f3188
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/codebuild.tf
@@ -0,0 +1,71 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "717-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "717_codebuilt_green"
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    location            = aws_s3_bucket.this.bucket
+    type                = "S3"
+    path                = "/"
+    packaging           = "ZIP"
+    encryption_disabled = false
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "717_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/provider.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/provider.tf
new file mode 100644
index 000000000..ab23564a9
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-717-codebuild_project_artifact_encryption"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/terraform.tfvars b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/variables.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/iam/717-policy.json b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/iam/717-policy.json
new file mode 100644
index 000000000..a8327220a
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/iam/717-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codebuild:ListProjects",
+                "codebuild:BatchGetProjects",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/codebuild.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/codebuild.tf
new file mode 100644
index 000000000..74929d860
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/codebuild.tf
@@ -0,0 +1,71 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "717-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "717_codebuilt_red"
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    location            = aws_s3_bucket.this.bucket
+    type                = "S3"
+    path                = "/"
+    packaging           = "ZIP"
+    encryption_disabled = true
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "717_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/provider.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/provider.tf
new file mode 100644
index 000000000..de8fd2a3f
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-717-codebuild_project_artifact_encryption"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/terraform.tfvars b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/variables.tf b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-717-codebuild_project_artifact_encryption/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/codebuild.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/codebuild.tf
new file mode 100644
index 000000000..568d55a8f
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/codebuild.tf
@@ -0,0 +1,69 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "718-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "718_codebuilt_green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type    = "BUILD_GENERAL1_SMALL"
+    image           = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type            = "LINUX_CONTAINER"
+    privileged_mode = false
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "718_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/provider.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/provider.tf
new file mode 100644
index 000000000..954aa2701
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-718-codebuild_project_environment_privileged_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/terraform.tfvars b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/variables.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/iam/718-policy.json b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/iam/718-policy.json
new file mode 100644
index 000000000..a8327220a
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/iam/718-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codebuild:ListProjects",
+                "codebuild:BatchGetProjects",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/codebuild.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/codebuild.tf
new file mode 100644
index 000000000..a59eedcda
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/codebuild.tf
@@ -0,0 +1,69 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "718-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "718_codebuilt_red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type    = "BUILD_GENERAL1_SMALL"
+    image           = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type            = "LINUX_CONTAINER"
+    privileged_mode = true
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "718_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/provider.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/provider.tf
new file mode 100644
index 000000000..8a3281295
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-718-codebuild_project_environment_privileged_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/terraform.tfvars b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/variables.tf b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-718-codebuild_project_environment_privileged_check/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/codebuild.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/codebuild.tf
new file mode 100644
index 000000000..ca982c1d9
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/codebuild.tf
@@ -0,0 +1,74 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "719-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "719_codebuilt_green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status      = "ENABLED"
+      group_name  = "log-group-719-green"
+      stream_name = "log-stream-719-green"
+    }
+
+    s3_logs {
+      status   = "ENABLED"
+      location = "${aws_s3_bucket.this.id}/build-log"
+    }
+  }
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "719_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/provider.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..5f0f7ccc4
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-719-codebuild_project_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/variables.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/iam/719-policy.yml b/terraform/ecc-aws-719-codebuild_project_logging_enabled/iam/719-policy.yml
new file mode 100644
index 000000000..a8327220a
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/iam/719-policy.yml
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codebuild:ListProjects",
+                "codebuild:BatchGetProjects",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/codebuild.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/codebuild.tf
new file mode 100644
index 000000000..8740af16a
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/codebuild.tf
@@ -0,0 +1,68 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "719-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "719_codebuilt_red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status = "DISABLED"
+    }
+  }
+
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "719_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/provider.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..2d67fc297
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-719-codebuild_project_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/variables.tf b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-719-codebuild_project_logging_enabled/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/codebuild.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/codebuild.tf
new file mode 100644
index 000000000..ed3a71d8f
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/codebuild.tf
@@ -0,0 +1,75 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "720-bucket-green"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "720_codebuilt_green"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status      = "ENABLED"
+      group_name  = "log-group-720-green"
+      stream_name = "log-stream-720-green"
+    }
+
+    s3_logs {
+      status   = "ENABLED"
+      location = "${aws_s3_bucket.this.id}/build-log"
+      encryption_disabled = false
+    }
+  }
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "720_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/provider.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/provider.tf
new file mode 100644
index 000000000..90bccfaf7
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/terraform.tfvars b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/variables.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/codebuild.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/codebuild.tf
new file mode 100644
index 000000000..ebaa70922
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/codebuild.tf
@@ -0,0 +1,70 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "720-bucket-green1"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "720_codebuilt_green1"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status      = "ENABLED"
+      group_name  = "log-group-720-green1"
+      stream_name = "log-stream-720-green1"
+    }
+
+  }
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "720_role_green1"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/provider.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/provider.tf
new file mode 100644
index 000000000..de0082fc2
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/terraform.tfvars b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/variables.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/iam/720-policy.json b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/iam/720-policy.json
new file mode 100644
index 000000000..a8327220a
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/iam/720-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codebuild:ListProjects",
+                "codebuild:BatchGetProjects",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/codebuild.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/codebuild.tf
new file mode 100644
index 000000000..0531ada65
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/codebuild.tf
@@ -0,0 +1,75 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "720-bucket-red"
+  force_destroy = true
+}
+
+resource "aws_codebuild_project" "this" {
+  name = "720_codebuilt_red"
+
+  service_role = aws_iam_role.this.arn
+
+  artifacts {
+    type = "NO_ARTIFACTS"
+  }
+
+  cache {
+    type     = "S3"
+    location = aws_s3_bucket.this.bucket
+  }
+
+  source {
+    type            = "GITHUB"
+    location        = "https://github.com/mitchellh/packer.git"
+    git_clone_depth = 1
+
+    git_submodules_config {
+      fetch_submodules = true
+    }
+  }
+
+  logs_config {
+    cloudwatch_logs {
+      status      = "ENABLED"
+      group_name  = "log-group-720-red"
+      stream_name = "log-stream-720-red"
+    }
+
+    s3_logs {
+      status   = "ENABLED"
+      location = "${aws_s3_bucket.this.id}/build-log"
+      encryption_disabled = true
+    }
+  }
+  environment {
+    compute_type = "BUILD_GENERAL1_SMALL"
+    image        = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
+    type         = "LINUX_CONTAINER"
+
+    environment_variable {
+      name  = "SOME_KEY1"
+      value = "SOME_VALUE1"
+    }
+  }
+
+
+  depends_on = [aws_s3_bucket.this]
+}
+
+resource "aws_iam_role" "this" {
+  name = "720_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codebuild.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/provider.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/provider.tf
new file mode 100644
index 000000000..7b86f48ca
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/terraform.tfvars b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/variables.tf b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-720-codebuild_project_s3_logs_encrypted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/codedeploy.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/codedeploy.tf
new file mode 100644
index 000000000..6c247b702
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/codedeploy.tf
@@ -0,0 +1,96 @@
+resource "aws_codedeploy_app" "this" {
+  compute_platform = "Lambda"
+  name             = "721_codedeploy-app_green"
+}
+
+resource "aws_codedeploy_deployment_config" "this" {
+  deployment_config_name = "721_deployment-config_green"
+  compute_platform       = "Lambda"
+
+  traffic_routing_config {
+    type = "AllAtOnce"
+  }
+
+  depends_on = [aws_codedeploy_app.this]
+}
+
+resource "aws_codedeploy_deployment_group" "this" {
+  app_name               = aws_codedeploy_app.this.name
+  deployment_group_name  = "721_codedeploy_deployment_group_green"
+  service_role_arn       = aws_iam_role.codedeploy_service.arn
+  deployment_config_name = aws_codedeploy_deployment_config.this.id
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+  auto_rollback_configuration {
+    enabled = true
+    events  = ["DEPLOYMENT_STOP_ON_ALARM"]
+  }
+
+  alarm_configuration {
+    alarms  = ["721_alarm1_green", "721_alarm2_green"]
+    enabled = true
+  }
+
+  depends_on = [aws_codedeploy_app.this, aws_cloudwatch_metric_alarm.this1, aws_cloudwatch_metric_alarm.this2, aws_iam_role.codedeploy_service]
+}
+
+resource "aws_cloudwatch_metric_alarm" "this1" {
+  alarm_name          = "721_alarm1_green"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "Duration"
+  namespace           = "AWS/Lambda"
+  period              = "300"
+  unit                = "Milliseconds"
+  statistic           = "Maximum"
+  threshold           = "10"
+  alarm_description   = "This metric monitors Lambda duration."
+}
+
+resource "aws_cloudwatch_metric_alarm" "this2" {
+  alarm_name          = "721_alarm2_green"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "Errors"
+  namespace           = "AWS/Lambda"
+  period              = "300"
+  unit                = "Count"
+  statistic           = "Maximum"
+  threshold           = "0"
+  alarm_description   = "This metric monitors Lambda errors."
+}
+
+locals {
+  app_content_raw = {
+    "version" : 0.0,
+    "Resources" : [{
+      "721_lambda_fun_green" : {
+        "Type" : "AWS::Lambda::Function",
+        "Properties" : {
+          "Name" : "721_lambda_fun_green",
+          "Alias" : "721_lambda_alias_green",
+          "CurrentVersion" : "1",
+          "TargetVersion" : "2"
+        }
+      }
+    }]
+  }
+
+  appspec_content = replace(jsonencode(local.app_content_raw), "\"", "\\\"")
+  appspec_sha256  = sha256(jsonencode(local.app_content_raw))
+
+}
+
+
+resource "null_resource" "deployment" {
+  provisioner "local-exec" {
+    command     = "aws deploy create-deployment --application-name ${aws_codedeploy_app.this.name}  --deployment-config-name ${aws_codedeploy_deployment_config.this.id} --deployment-group-name 721_codedeploy_deployment_group_green --revision '{\"revisionType\": \"AppSpecContent\", \"appSpecContent\": {\"content\": \"${local.appspec_content}\", \"sha256\": \"${local.appspec_sha256}\"}}' "
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [aws_lambda_function.this, aws_lambda_alias.this, aws_codedeploy_app.this, aws_codedeploy_deployment_group.this, aws_codedeploy_deployment_config.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/iam.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/iam.tf
new file mode 100644
index 000000000..2e2633d7e
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/iam.tf
@@ -0,0 +1,64 @@
+resource "aws_iam_role" "codedeploy_service" {
+  name = "721_AWSCodeDeployRoleForLambda_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "codedeploy.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.codedeploy_service.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+}
+
+resource "aws_iam_role" "this" {
+  name = "721_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "721_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda.tf
new file mode 100644
index 000000000..7d120e2c3
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda.tf
@@ -0,0 +1,41 @@
+#If an error occurred while creating the Lambda function, rename it in terraform. For some reason, after a function was destroyed and recreated with the same name, AWS keeps track of Lambda versions and continues versioning where it left off, rather than starting at number 1.
+
+data "archive_file" "this1" {
+  type        = "zip"
+  source_file = "${path.module}/lambda_function_v1.py"
+  output_path = "lambda_code_v1.zip"
+}
+
+data "archive_file" "this2" {
+  type        = "zip"
+  source_file = "${path.module}/lambda_function_v2.py"
+  output_path = "lambda_code_v2.zip"
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "lambda_code_v1.zip"
+  function_name = "721_lambda_fun_green"
+  role          = aws_iam_role.this.arn
+  handler       = "lambda_function_v1.lambda_handler"
+  runtime       = "python3.8"
+  publish       = true
+
+  depends_on = [data.archive_file.this1]
+}
+
+resource "aws_lambda_alias" "this" {
+  name             = "721_lambda_alias_green"
+  description      = "a sample description"
+  function_name    = "721_lambda_fun_green"
+  function_version = "1"
+  depends_on       = [aws_lambda_function.this]
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command     = "aws lambda update-function-code --function-name 721_lambda_fun_green --zip-file fileb://lambda_code_v2.zip --publish"
+    interpreter = ["/bin/bash", "-c"]
+  }
+
+  depends_on = [aws_lambda_function.this, aws_lambda_alias.this, data.archive_file.this2]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v1.py b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v1.py
new file mode 100644
index 000000000..7f2c81275
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v1.py
@@ -0,0 +1,8 @@
+import boto3
+
+def lambda_handler(event, context):
+    result = "Hello World"
+    return {
+        'statusCode' : 200,
+        'body': result
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v2.py b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v2.py
new file mode 100644
index 000000000..7f2c81275
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/lambda_function_v2.py
@@ -0,0 +1,8 @@
+import boto3
+
+def lambda_handler(event, context):
+    result = "Hello World"
+    return {
+        'statusCode' : 200,
+        'body': result
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/provider.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/provider.tf
new file mode 100644
index 000000000..6c1cc7b47
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-721-codedeploy_auto_rollback_monitor_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/terraform.tfvars b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/variables.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/iam/721-policy.json b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/iam/721-policy.json
new file mode 100644
index 000000000..7980b9650
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/iam/721-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codedeploy:ListApplications",
+                "codedeploy:ListDeploymentGroups",
+                "codedeploy:GetDeploymentGroup",
+                "codedeploy:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/codedeploy.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/codedeploy.tf
new file mode 100644
index 000000000..fd5c21682
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/codedeploy.tf
@@ -0,0 +1,60 @@
+resource "aws_codedeploy_app" "this" {
+  compute_platform = "Lambda"
+  name             = "721_codedeploy-app_red"
+}
+
+resource "aws_codedeploy_deployment_config" "this" {
+  deployment_config_name = "721_deployment-config_red"
+  compute_platform       = "Lambda"
+
+  traffic_routing_config {
+    type = "AllAtOnce"
+  }
+
+  depends_on = [aws_codedeploy_app.this]
+}
+
+resource "aws_codedeploy_deployment_group" "this" {
+  app_name               = aws_codedeploy_app.this.name
+  deployment_group_name  = "721_codedeploy_deployment_group_red"
+  service_role_arn       = aws_iam_role.codedeploy_service.arn
+  deployment_config_name = aws_codedeploy_deployment_config.this.id
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+  alarm_configuration {
+    alarms  = ["721_alarm1_red", "721_alarm2_red"]
+    enabled = true
+  }
+
+  depends_on = [aws_codedeploy_app.this, aws_cloudwatch_metric_alarm.this1, aws_cloudwatch_metric_alarm.this2, aws_iam_role.codedeploy_service]
+}
+
+resource "aws_cloudwatch_metric_alarm" "this1" {
+  alarm_name          = "721_alarm1_red"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "Duration"
+  namespace           = "AWS/Lambda"
+  period              = "300"
+  unit                = "Milliseconds"
+  statistic           = "Maximum"
+  threshold           = "10"
+  alarm_description   = "This metric monitors Lambda duration."
+}
+
+resource "aws_cloudwatch_metric_alarm" "this2" {
+  alarm_name          = "721_alarm2_red"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "Errors"
+  namespace           = "AWS/Lambda"
+  period              = "300"
+  unit                = "Count"
+  statistic           = "Maximum"
+  threshold           = "0"
+  alarm_description   = "This metric monitors Lambda errors."
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/iam.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/iam.tf
new file mode 100644
index 000000000..1ec1adcfa
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/iam.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "codedeploy_service" {
+  name = "721_AWSCodeDeployRoleForLambda_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "codedeploy.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.codedeploy_service.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/provider.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/provider.tf
new file mode 100644
index 000000000..cc90e8fb3
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-721-codedeploy_auto_rollback_monitor_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/terraform.tfvars b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/variables.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/codedeploy.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/codedeploy.tf
new file mode 100644
index 000000000..4c8adedba
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/codedeploy.tf
@@ -0,0 +1,52 @@
+resource "aws_codedeploy_app" "this" {
+  compute_platform = "Lambda"
+  name             = "721_codedeploy-app_red1"
+}
+
+resource "aws_codedeploy_deployment_config" "this" {
+  deployment_config_name = "721_deployment-config_red1"
+  compute_platform       = "Lambda"
+
+  traffic_routing_config {
+    type = "AllAtOnce"
+  }
+
+  depends_on = [aws_codedeploy_app.this]
+}
+
+resource "aws_codedeploy_deployment_group" "this" {
+  app_name               = aws_codedeploy_app.this.name
+  deployment_group_name  = "721_codedeploy_deployment_group_red1"
+  service_role_arn       = aws_iam_role.codedeploy_service.arn
+  deployment_config_name = aws_codedeploy_deployment_config.this.id
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+  auto_rollback_configuration {
+    enabled = true
+    events  = ["DEPLOYMENT_STOP_ON_ALARM"]
+  }
+
+  alarm_configuration {
+    alarms  = ["721_alarm1_red"]
+    enabled = false
+  }
+
+  depends_on = [aws_codedeploy_app.this, aws_cloudwatch_metric_alarm.this1, aws_iam_role.codedeploy_service]
+}
+
+resource "aws_cloudwatch_metric_alarm" "this1" {
+  alarm_name          = "721_alarm1_red1"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "Duration"
+  namespace           = "AWS/Lambda"
+  period              = "300"
+  unit                = "Milliseconds"
+  statistic           = "Maximum"
+  threshold           = "10"
+  alarm_description   = "This metric monitors Lambda duration."
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/iam.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/iam.tf
new file mode 100644
index 000000000..940098768
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/iam.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "codedeploy_service" {
+  name = "721_AWSCodeDeployRoleForLambda_red1"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "codedeploy.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.codedeploy_service.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/provider.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/provider.tf
new file mode 100644
index 000000000..bad8f05f4
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-721-codedeploy_auto_rollback_monitor_enabled"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/terraform.tfvars b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/variables.tf b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/codedeploy.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/codedeploy.tf
new file mode 100644
index 000000000..17df1d0dd
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/codedeploy.tf
@@ -0,0 +1,32 @@
+resource "aws_codedeploy_app" "this" {
+  compute_platform = "Lambda"
+  name             = "723_codedeploy-app_green"
+}
+
+resource "aws_codedeploy_deployment_config" "this" {
+  deployment_config_name = "723_deployment-config_green"
+  compute_platform       = "Lambda"
+
+  traffic_routing_config {
+    type = "AllAtOnce"
+  }
+
+  depends_on = [aws_codedeploy_app.this]
+}
+
+resource "aws_codedeploy_deployment_group" "this" {
+  app_name               = aws_codedeploy_app.this.name
+  deployment_group_name  = "723_codedeploy_deployment_group_green"
+  service_role_arn       = aws_iam_role.codedeploy_service.arn
+  deployment_config_name = aws_codedeploy_deployment_config.this.id
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+
+
+  depends_on = [aws_codedeploy_app.this, aws_iam_role.codedeploy_service]
+}
+
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/iam.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/iam.tf
new file mode 100644
index 000000000..af8b69c5a
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/iam.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "codedeploy_service" {
+  name = "723_AWSCodeDeployRoleForLambda_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "codedeploy.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.codedeploy_service.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+}
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/provider.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/provider.tf
new file mode 100644
index 000000000..072fc2250
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/terraform.tfvars b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/variables.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/iam/723-policy.json b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/iam/723-policy.json
new file mode 100644
index 000000000..7980b9650
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/iam/723-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "codedeploy:ListApplications",
+                "codedeploy:ListDeploymentGroups",
+                "codedeploy:GetDeploymentGroup",
+                "codedeploy:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/codedeploy.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/codedeploy.tf
new file mode 100644
index 000000000..fd7b39004
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/codedeploy.tf
@@ -0,0 +1,19 @@
+resource "aws_codedeploy_app" "this" {
+  compute_platform = "Lambda"
+  name             = "723_codedeploy-app_red"
+}
+
+resource "aws_codedeploy_deployment_group" "this" {
+  app_name               = aws_codedeploy_app.this.name
+  deployment_group_name  = "723_codedeploy_deployment_group_red"
+  service_role_arn       = aws_iam_role.codedeploy_service.arn
+  deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"
+
+  deployment_style {
+    deployment_option = "WITH_TRAFFIC_CONTROL"
+    deployment_type   = "BLUE_GREEN"
+  }
+
+  depends_on = [aws_codedeploy_app.this, aws_iam_role.codedeploy_service]
+}
+
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/iam.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/iam.tf
new file mode 100644
index 000000000..23b1918b4
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/iam.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "codedeploy_service" {
+  name = "723_AWSCodeDeployRoleForLambda_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "codedeploy.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.codedeploy_service.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRoleForLambda"
+}
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/provider.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/provider.tf
new file mode 100644
index 000000000..0e6df019a
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/terraform.tfvars b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/variables.tf b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/codepipeline.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/codepipeline.tf
new file mode 100644
index 000000000..3e2ef295c
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/codepipeline.tf
@@ -0,0 +1,161 @@
+resource "aws_codepipeline" "codepipeline" {
+  name     = "724-codepipeline-green"
+  role_arn = aws_iam_role.this.arn
+
+  artifact_store {
+    location = aws_s3_bucket.this.bucket
+    type     = "S3"
+
+    encryption_key {
+      id   = aws_kms_alias.this.arn
+      type = "KMS"
+    }
+  }
+
+  stage {
+    name = "Source"
+
+    action {
+      name             = "Source"
+      category         = "Source"
+      owner            = "AWS"
+      provider         = "CodeStarSourceConnection"
+      version          = "1"
+      output_artifacts = ["source_output"]
+
+      configuration = {
+        ConnectionArn    = aws_codestarconnections_connection.this.arn
+        FullRepositoryId = "my-organization/example"
+        BranchName       = "main"
+      }
+    }
+  }
+
+  stage {
+    name = "724-build-green"
+
+    action {
+      name             = "Build"
+      category         = "Build"
+      owner            = "AWS"
+      provider         = "CodeBuild"
+      input_artifacts  = ["source_output"]
+      output_artifacts = ["build_output"]
+      version          = "1"
+
+      configuration = {
+        ProjectName = "724-project-green"
+      }
+    }
+  }
+
+  stage {
+    name = "724-deploy-green"
+
+    action {
+      name            = "Deploy"
+      category        = "Deploy"
+      owner           = "AWS"
+      provider        = "CloudFormation"
+      input_artifacts = ["build_output"]
+      version         = "1"
+
+      configuration = {
+        ActionMode     = "REPLACE_ON_FAILURE"
+        Capabilities   = "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM"
+        OutputFileName = "CreateStackOutput.json"
+        StackName      = "MyStack"
+        TemplatePath   = "build_output::sam-templated.yaml"
+      }
+    }
+  }
+}
+
+resource "aws_codestarconnections_connection" "this" {
+  name          = "724-connection-green"
+  provider_type = "GitHub"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "724-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_iam_role" "this" {
+  name = "724-role-green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codepipeline.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "724-role-policy-green"
+  role = aws_iam_role.this.id
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect":"Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:GetObjectVersion",
+        "s3:GetBucketVersioning",
+        "s3:PutObjectAcl",
+        "s3:PutObject"
+      ],
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codestar-connections:UseConnection"
+      ],
+      "Resource": "${aws_codestarconnections_connection.this.arn}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codebuild:BatchGetBuilds",
+        "codebuild:StartBuild",
+        "codedeploy:*"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt CodePipeline"
+  key_usage               = "ENCRYPT_DECRYPT"
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-724"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/provider.tf
new file mode 100644
index 000000000..3934abf3d
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/terraform.tfvars
new file mode 100644
index 000000000..1a588b8cf
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/terraform.tfvars
@@ -0,0 +1,3 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/variables.tf
new file mode 100644
index 000000000..53875a4e2
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/green/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/iam/724-policy.json b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/iam/724-policy.json
new file mode 100644
index 000000000..5d1e6196a
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/iam/724-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "codepipeline:ListPipelines",
+                "codepipeline:GetPipeline",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/codepipeline.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/codepipeline.tf
new file mode 100644
index 000000000..a258cfb80
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/codepipeline.tf
@@ -0,0 +1,143 @@
+resource "aws_codepipeline" "codepipeline" {
+  name     = "724-codepipeline-red"
+  role_arn = aws_iam_role.this.arn
+
+  artifact_store {
+    location = aws_s3_bucket.this.bucket
+    type     = "S3"
+  }
+
+  stage {
+    name = "Source"
+
+    action {
+      name             = "Source"
+      category         = "Source"
+      owner            = "AWS"
+      provider         = "CodeStarSourceConnection"
+      version          = "1"
+      output_artifacts = ["source_output"]
+
+      configuration = {
+        ConnectionArn    = aws_codestarconnections_connection.this.arn
+        FullRepositoryId = "my-organization/example"
+        BranchName       = "main"
+      }
+    }
+  }
+
+  stage {
+    name = "724-build-red"
+
+    action {
+      name             = "Build"
+      category         = "Build"
+      owner            = "AWS"
+      provider         = "CodeBuild"
+      input_artifacts  = ["source_output"]
+      output_artifacts = ["build_output"]
+      version          = "1"
+
+      configuration = {
+        ProjectName = "724-project-red"
+      }
+    }
+  }
+
+  stage {
+    name = "724-deploy-red"
+
+    action {
+      name            = "Deploy"
+      category        = "Deploy"
+      owner           = "AWS"
+      provider        = "CloudFormation"
+      input_artifacts = ["build_output"]
+      version         = "1"
+
+      configuration = {
+        ActionMode     = "REPLACE_ON_FAILURE"
+        Capabilities   = "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM"
+        OutputFileName = "CreateStackOutput.json"
+        StackName      = "MyStack"
+        TemplatePath   = "build_output::sam-templated.yaml"
+      }
+    }
+  }
+}
+
+resource "aws_codestarconnections_connection" "this" {
+  name          = "724-connection-red"
+  provider_type = "GitHub"
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "724-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_iam_role" "this" {
+  name = "724-role-red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "codepipeline.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "724-role-policy-red"
+  role = aws_iam_role.this.id
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect":"Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:GetObjectVersion",
+        "s3:GetBucketVersioning",
+        "s3:PutObjectAcl",
+        "s3:PutObject"
+      ],
+      "Resource": [
+        "${aws_s3_bucket.this.arn}",
+        "${aws_s3_bucket.this.arn}/*"
+      ]
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codestar-connections:UseConnection"
+      ],
+      "Resource": "${aws_codestarconnections_connection.this.arn}"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "codebuild:BatchGetBuilds",
+        "codebuild:StartBuild",
+        "codedeploy:*"
+      ],
+      "Resource": "*"
+    }
+  ]
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/provider.tf
new file mode 100644
index 000000000..90980613e
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/terraform.tfvars
new file mode 100644
index 000000000..2b1e2d4ad
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/terraform.tfvars
@@ -0,0 +1,5 @@
+profile         = "c7n"
+default-region  = "us-east-1"
+access_key      = "example"
+secret_key      = "example"
+github_location = "example"
\ No newline at end of file
diff --git a/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/variables.tf
new file mode 100644
index 000000000..a9652f32d
--- /dev/null
+++ b/terraform/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red/variables.tf
@@ -0,0 +1,24 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+variable "github_location" {
+  type        = string
+  description = "GitHub repository"
+}
+
+variable "access_key" {
+  type        = string
+  description = "Your access key"
+}
+
+variable "secret_key" {
+  type        = string
+  description = "Your secret key"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/log_group.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/log_group.tf
new file mode 100644
index 000000000..d8d5621d6
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/log_group.tf
@@ -0,0 +1,4 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "cloudwatch_725_log_group_green"
+  retention_in_days = 180
+}
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/provider.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/provider.tf
new file mode 100644
index 000000000..78e0ce1a2
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-725-cloudwatch_log_group_retention_period_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/terraform.tfvars b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/variables.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/iam/725-policy.json b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/iam/725-policy.json
new file mode 100644
index 000000000..4700edf97
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/iam/725-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/log_group.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/log_group.tf
new file mode 100644
index 000000000..197b85450
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/log_group.tf
@@ -0,0 +1,4 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name              = "cloudwatch_725_log_group_red"
+  retention_in_days = 7
+}
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/provider.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/provider.tf
new file mode 100644
index 000000000..a30e171e7
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-725-cloudwatch_log_group_retention_period_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/terraform.tfvars b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/variables.tf b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-725-cloudwatch_log_group_retention_period_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/ec2.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/ec2.tf
new file mode 100644
index 000000000..4b5efad0f
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/ec2.tf
@@ -0,0 +1,18 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  monitoring    = true
+
+  tags = {
+    Name = "734_instance_green"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/provider.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/provider.tf
new file mode 100644
index 000000000..e64fcfe58
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-734-ec2_instance_detailed_monitoring_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/terraform.tfvars b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/variables.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/iam/734-policy.json b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/iam/734-policy.json
new file mode 100644
index 000000000..1a02f8802
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/iam/734-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/ec2.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/ec2.tf
new file mode 100644
index 000000000..c996d8771
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/ec2.tf
@@ -0,0 +1,17 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+
+  tags = {
+    Name = "734_instance_red"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/provider.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/provider.tf
new file mode 100644
index 000000000..e6ba28ca7
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-734-ec2_instance_detailed_monitoring_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/terraform.tfvars b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/variables.tf b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/ec2.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/ec2.tf
new file mode 100644
index 000000000..5ec4b43e0
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/ec2.tf
@@ -0,0 +1,22 @@
+resource "aws_instance" "this" {
+  ami              = data.aws_ami.this.id
+  instance_type    = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_put_response_hop_limit = 1
+  }
+  
+
+  tags = {
+    Name = "739_instance_green"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/provider.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/provider.tf
new file mode 100644
index 000000000..a3ef24bf7
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-739-ec2_token_hop_limit_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/terraform.tfvars b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/variables.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/iam/739-policy.json b/terraform/ecc-aws-739-ec2_token_hop_limit_check/iam/739-policy.json
new file mode 100644
index 000000000..1a02f8802
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/iam/739-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeInstances"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/ec2.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/ec2.tf
new file mode 100644
index 000000000..55e75897e
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/ec2.tf
@@ -0,0 +1,22 @@
+resource "aws_instance" "this" {
+  ami              = data.aws_ami.this.id
+  instance_type    = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_put_response_hop_limit = 5 
+  }
+  
+
+  tags = {
+    Name = "739_instance_red"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners = ["amazon"]
+  filter {
+    name = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/provider.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/provider.tf
new file mode 100644
index 000000000..b67bec27d
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-739-ec2_token_hop_limit_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/terraform.tfvars b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/variables.tf b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-739-ec2_token_hop_limit_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/provider.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/provider.tf
new file mode 100644
index 000000000..f90ba0559
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/terraform.tfvars b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/transit_gateway.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/transit_gateway.tf
new file mode 100644
index 000000000..8fb3249fd
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  auto_accept_shared_attachments = "disable"
+}
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/variables.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/iam/740-policy.json b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/iam/740-policy.json
new file mode 100644
index 000000000..b1057eb14
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/iam/740-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "ec2:DescribeTransitGateways"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/provider.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/provider.tf
new file mode 100644
index 000000000..b402ad36d
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/terraform.tfvars b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/transit_gateway.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/transit_gateway.tf
new file mode 100644
index 000000000..dbcd137ed
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/transit_gateway.tf
@@ -0,0 +1,3 @@
+resource "aws_ec2_transit_gateway" "this" {
+  auto_accept_shared_attachments = "enable"
+}
diff --git a/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/variables.tf b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/ecr.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/ecr.tf
new file mode 100644
index 000000000..cc5a55769
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/ecr.tf
@@ -0,0 +1,27 @@
+resource "aws_ecr_repository" "this" {
+  name = "741_ecr_respository_green"
+}
+
+resource "aws_ecr_lifecycle_policy" "this" {
+  repository = aws_ecr_repository.this.name
+
+  policy = <<EOF
+{
+    "rules": [
+        {
+            "rulePriority": 1,
+            "description": "Expire images older than 14 days",
+            "selection": {
+                "tagStatus": "untagged",
+                "countType": "sinceImagePushed",
+                "countUnit": "days",
+                "countNumber": 14
+            },
+            "action": {
+                "type": "expire"
+            }
+        }
+    ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/provider.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/provider.tf
new file mode 100644
index 000000000..0c1f7db69
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-741-ecr_private_lifecycle_policy_configured"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/terraform.tfvars b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/variables.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/iam/741-policy.json b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/iam/741-policy.json
new file mode 100644
index 000000000..ff99d0aba
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/iam/741-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecr:DescribeRepositories",
+                "ecr:GetLifecyclePolicy",
+                "ecr:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/ecr.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/ecr.tf
new file mode 100644
index 000000000..b3f7c71d5
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/ecr.tf
@@ -0,0 +1,3 @@
+resource "aws_ecr_repository" "this" {
+  name = "741_ecr_respository_red"
+}
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/provider.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/provider.tf
new file mode 100644
index 000000000..26d59a482
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-741-ecr_private_lifecycle_policy_configured"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/terraform.tfvars b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/variables.tf b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-741-ecr_private_lifecycle_policy_configured/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/ecs.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/ecs.tf
new file mode 100644
index 000000000..4a33e8144
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/ecs.tf
@@ -0,0 +1,41 @@
+resource "aws_ecs_cluster" "this" {
+  name = "744_ecs_cluster_green"
+}
+
+data "aws_ecs_task_definition" "this" {
+  task_definition = aws_ecs_task_definition.this.family
+  depends_on      = [aws_ecs_task_definition.this]
+}
+
+resource "aws_ecs_task_definition" "this" {
+    family                   = "service"
+    cpu                      = 256
+    memory                   = 512
+    requires_compatibilities = ["FARGATE"]
+    network_mode             = "awsvpc"
+    container_definitions = <<DEFINITION
+[
+  {
+    "name": "web",
+    "image": "nginx",
+    "cpu": 2,
+    "memory": 10
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name             = "744_ecs_service_green"
+  launch_type      = "FARGATE"
+  cluster          = aws_ecs_cluster.this.id
+  task_definition  = aws_ecs_task_definition.this.arn
+  desired_count    = 1
+  platform_version = "LATEST"
+
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    assign_public_ip = true
+  }
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/provider.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/provider.tf
new file mode 100644
index 000000000..9afe8432c
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-744-ecs_fargate_latest_platform_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/route_tables.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/route_tables.tf
new file mode 100644
index 000000000..453ac4ff9
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/route_tables.tf
@@ -0,0 +1,31 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "table1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table" "table2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "association1" {
+  subnet_id = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.table1.id
+}
+
+resource "aws_route_table_association" "association2" {
+  subnet_id = aws_subnet.subnet2.id
+  route_table_id = aws_route_table.table2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/terraform.tfvars b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/variables.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/vpc.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/vpc.tf
new file mode 100644
index 000000000..529c9c72a
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/green/vpc.tf
@@ -0,0 +1,28 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "744_security_group_green"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/iam/744-policy.json b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/iam/744-policy.json
new file mode 100644
index 000000000..31ce0295e
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/iam/744-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ecs:DescribeServices",
+                "ecs:ListClusters",
+                "ecs:ListServices"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/ecs.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/ecs.tf
new file mode 100644
index 000000000..e07d8f98a
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/ecs.tf
@@ -0,0 +1,41 @@
+resource "aws_ecs_cluster" "this" {
+  name = "744_ecs_cluster_red"
+}
+
+data "aws_ecs_task_definition" "this" {
+  task_definition = aws_ecs_task_definition.this.family
+  depends_on      = [aws_ecs_task_definition.this]
+}
+
+resource "aws_ecs_task_definition" "this" {
+    family                   = "service"
+    cpu                      = 256
+    memory                   = 512
+    requires_compatibilities = ["FARGATE"]
+    network_mode             = "awsvpc"
+    container_definitions    = <<DEFINITION
+[
+  {
+    "name": "web",
+    "image": "nginx",
+    "cpu": 2,
+    "memory": 10
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name             = "744_ecs_service_red"
+  launch_type      = "FARGATE"
+  cluster          = aws_ecs_cluster.this.id
+  task_definition  = aws_ecs_task_definition.this.arn
+  platform_version = "1.3.0"
+  desired_count    = 1
+
+  network_configuration {
+    security_groups  = [aws_security_group.this.id]
+    subnets          = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+    assign_public_ip = true
+  }
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/provider.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/provider.tf
new file mode 100644
index 000000000..9afe8432c
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-744-ecs_fargate_latest_platform_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/route_tables.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/route_tables.tf
new file mode 100644
index 000000000..453ac4ff9
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/route_tables.tf
@@ -0,0 +1,31 @@
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "table1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table" "table2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "association1" {
+  subnet_id = aws_subnet.subnet1.id
+  route_table_id = aws_route_table.table1.id
+}
+
+resource "aws_route_table_association" "association2" {
+  subnet_id = aws_subnet.subnet2.id
+  route_table_id = aws_route_table.table2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/terraform.tfvars b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/variables.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/vpc.tf b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/vpc.tf
new file mode 100644
index 000000000..9580b2f02
--- /dev/null
+++ b/terraform/ecc-aws-744-ecs_fargate_latest_platform_version/red/vpc.tf
@@ -0,0 +1,28 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name        = "744_security_group_red"
+  vpc_id      = aws_vpc.this.id
+
+  ingress {
+    description = "SSH from VPC"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/ecs.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/ecs.tf
new file mode 100644
index 000000000..fe7e89f19
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecs_cluster_745_green"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "745_ecs_task_definition_green"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  pid_mode                 = "task"
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true
+  }
+]
+DEFINITION
+}
+
+
+resource "aws_ecs_service" "this" {
+  name            = "745_ecs_service_green"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/provider.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/provider.tf
new file mode 100644
index 000000000..3f7895bd7
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/terraform.tfvars b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/variables.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/iam/745-policy.json b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/iam/745-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/iam/745-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/ecs.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/ecs.tf
new file mode 100644
index 000000000..b78d539ae
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/ecs.tf
@@ -0,0 +1,28 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecs_cluster_745_red"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "745_ecs_task_definition_red"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  pid_mode                 = "task"
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memoryReservation": 5,
+    "essential": true
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "745_ecs_service_red"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/provider.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/provider.tf
new file mode 100644
index 000000000..973fbc59c
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/terraform.tfvars b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/variables.tf b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-745-ecs_task_definition_memory_hard_limit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/ecs.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/ecs.tf
new file mode 100644
index 000000000..b2305a9a8
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecs_cluster_746_green"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "746_ecs_task_definition_green"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  pid_mode                 = "task"
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true
+  }
+]
+DEFINITION
+}
+
+
+resource "aws_ecs_service" "this" {
+  name            = "746_ecs_service_green"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/provider.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/provider.tf
new file mode 100644
index 000000000..483146198
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-746-ecs_task_definition_pid_mode_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/terraform.tfvars b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/variables.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/iam/746-policy.json b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/iam/746-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/iam/746-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/ecs.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/ecs.tf
new file mode 100644
index 000000000..099ec33b3
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/ecs.tf
@@ -0,0 +1,28 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecs_cluster_746_red"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "746_ecs_task_definition_red"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  pid_mode                 = "host"
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "746_ecs_service_red"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/provider.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/provider.tf
new file mode 100644
index 000000000..37119ddd6
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-746-ecs_task_definition_pid_mode_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/terraform.tfvars b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/variables.tf b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-746-ecs_task_definition_pid_mode_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/eks.tf b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/eks.tf
new file mode 100644
index 000000000..c45305805
--- /dev/null
+++ b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/eks.tf
@@ -0,0 +1,58 @@
+resource "aws_eks_cluster" "this" {
+  name     = "751_eks_cluster_green"
+  role_arn = aws_iam_role.this.arn
+
+  vpc_config {
+    subnet_ids = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  }
+  depends_on = [
+    aws_iam_role_policy_attachment.Cluster_Policy,
+    aws_iam_role_policy_attachment.Service_Policy,
+  ]
+}
+
+resource "aws_iam_role" "this" {
+  name = "eks-751-cluster-green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "eks.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "Cluster_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policy_attachment" "Service_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_vpc" "this" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
diff --git a/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/provider.tf b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/provider.tf
new file mode 100644
index 000000000..c217a7459
--- /dev/null
+++ b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-751-eks_cluster_oldest_supported_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/terraform.tfvars b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/variables.tf b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/iam/751-policy.json b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/iam/751-policy.json
new file mode 100644
index 000000000..a52eb2f88
--- /dev/null
+++ b/terraform/ecc-aws-751-eks_cluster_oldest_supported_version/iam/751-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "eks:DescribeCluster",
+                "eks:ListClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/alb.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/alb.tf
new file mode 100644
index 000000000..d52f09cfe
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/alb.tf
@@ -0,0 +1,7 @@
+resource "aws_lb" "alb" {
+  name                   = "alb-755-green"
+  load_balancer_type     = "application"
+  subnets                = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal               = false
+}
+
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/glb.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/glb.tf
new file mode 100644
index 000000000..a14b9b7c6
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/glb.tf
@@ -0,0 +1,6 @@
+resource "aws_lb" "glb" {
+  name               = "glb-755-green"
+  internal           = false
+  load_balancer_type = "gateway"
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/nlb.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/nlb.tf
new file mode 100644
index 000000000..723ff37d7
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/nlb.tf
@@ -0,0 +1,6 @@
+resource "aws_lb" "nlb" {
+  name               = "nlb-755-green"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/provider.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/provider.tf
new file mode 100644
index 000000000..a6a788f29
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-755-elbv2_multiple_az"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/terraform.tfvars b/terraform/ecc-aws-755-elbv2_multiple_az/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/variables.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/green/vpc.tf b/terraform/ecc-aws-755-elbv2_multiple_az/green/vpc.tf
new file mode 100644
index 000000000..2f294a6d0
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/green/vpc.tf
@@ -0,0 +1,18 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/iam/755-policy.json b/terraform/ecc-aws-755-elbv2_multiple_az/iam/755-policy.json
new file mode 100644
index 000000000..ec2ac9417
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/iam/755-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/glb.tf b/terraform/ecc-aws-755-elbv2_multiple_az/red/glb.tf
new file mode 100644
index 000000000..ce4824a38
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/glb.tf
@@ -0,0 +1,6 @@
+resource "aws_lb" "glb" {
+  name               = "glb-755-red"
+  internal           = false
+  load_balancer_type = "gateway"
+  subnets            = [aws_subnet.subnet.id]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/nlb.tf b/terraform/ecc-aws-755-elbv2_multiple_az/red/nlb.tf
new file mode 100644
index 000000000..0e7a6d25e
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/nlb.tf
@@ -0,0 +1,6 @@
+resource "aws_lb" "nlb" {
+  name               = "nlb-755-red"
+  internal           = false
+  load_balancer_type = "network"
+  subnets            = [aws_subnet.subnet.id]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/provider.tf b/terraform/ecc-aws-755-elbv2_multiple_az/red/provider.tf
new file mode 100644
index 000000000..01308f6ee
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-755-elbv2_multiple_az"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/terraform.tfvars b/terraform/ecc-aws-755-elbv2_multiple_az/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/variables.tf b/terraform/ecc-aws-755-elbv2_multiple_az/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-755-elbv2_multiple_az/red/vpc.tf b/terraform/ecc-aws-755-elbv2_multiple_az/red/vpc.tf
new file mode 100644
index 000000000..0be5f7364
--- /dev/null
+++ b/terraform/ecc-aws-755-elbv2_multiple_az/red/vpc.tf
@@ -0,0 +1,13 @@
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/green/group.tf b/terraform/ecc-aws-760-iam_group_has_users_check/green/group.tf
new file mode 100644
index 000000000..d5ff6c53d
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/green/group.tf
@@ -0,0 +1,18 @@
+resource "aws_iam_group" "this" {
+  name = "760-group-green"
+  path = "/"
+}
+
+resource "aws_iam_group_membership" "this" {
+  name = "760-group-membership-green"
+
+  users = [
+    aws_iam_user.this.name,
+  ]
+
+  group = aws_iam_group.this.name
+}
+
+resource "aws_iam_user" "this" {
+  name = "760-user-green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/green/provider.tf b/terraform/ecc-aws-760-iam_group_has_users_check/green/provider.tf
new file mode 100644
index 000000000..f4916baf1
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-760-iam_group_has_users_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/green/terraform.tfvars b/terraform/ecc-aws-760-iam_group_has_users_check/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/green/variables.tf b/terraform/ecc-aws-760-iam_group_has_users_check/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/iam/760-policy.json b/terraform/ecc-aws-760-iam_group_has_users_check/iam/760-policy.json
new file mode 100644
index 000000000..a5497a5f3
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/iam/760-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListGroups",
+                "iam:GetGroup"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/red/group.tf b/terraform/ecc-aws-760-iam_group_has_users_check/red/group.tf
new file mode 100644
index 000000000..d05896866
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/red/group.tf
@@ -0,0 +1,5 @@
+resource "aws_iam_group" "this" {
+  name = "760-group-red"
+  path = "/"
+}
+
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/red/provider.tf b/terraform/ecc-aws-760-iam_group_has_users_check/red/provider.tf
new file mode 100644
index 000000000..f96fa761b
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-760-iam_group_has_users_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/red/terraform.tfvars b/terraform/ecc-aws-760-iam_group_has_users_check/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-760-iam_group_has_users_check/red/variables.tf b/terraform/ecc-aws-760-iam_group_has_users_check/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-760-iam_group_has_users_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/func.zip b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/lambda.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/lambda.tf
new file mode 100644
index 000000000..078a108ec
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/lambda.tf
@@ -0,0 +1,63 @@
+resource "aws_iam_role" "this" {
+  name = "762_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "762_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface",
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords",
+                "xray:GetSamplingRules",
+                "xray:GetSamplingTargets",
+                "xray:GetSamplingStatisticSummaries"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "762_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+
+  vpc_config {
+    subnet_ids         = [data.aws_subnets.this.ids[0],data.aws_subnets.this.ids[1]]
+    security_group_ids = [aws_security_group.this.id]
+  }
+
+  depends_on = [aws_security_group.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/provider.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/provider.tf
new file mode 100644
index 000000000..68a1c527e
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-762-lambda_vpc_multi_az_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/terraform.tfvars b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/variables.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/vpc.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/vpc.tf
new file mode 100644
index 000000000..567d82d8c
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/green/vpc.tf
@@ -0,0 +1,28 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+} 
+
+resource "aws_security_group" "this" {
+  name   = "112_security_group_green"
+  vpc_id = data.aws_vpc.default.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/iam/762-policy.json b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/iam/762-policy.json
new file mode 100644
index 000000000..56ff18aec
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/iam/762-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "lambda:ListFunctions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/func.zip b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/lambda.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/lambda.tf
new file mode 100644
index 000000000..508bde801
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/lambda.tf
@@ -0,0 +1,62 @@
+resource "aws_iam_role" "this" {
+  name = "762_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "762_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface",
+                "xray:PutTraceSegments",
+                "xray:PutTelemetryRecords",
+                "xray:GetSamplingRules",
+                "xray:GetSamplingTargets",
+                "xray:GetSamplingStatisticSummaries"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "762_lambda_red"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+
+  vpc_config {
+    subnet_ids         = [data.aws_subnets.this.ids[0]]
+    security_group_ids = [aws_security_group.this.id]
+  }
+  depends_on = [aws_security_group.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/provider.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/provider.tf
new file mode 100644
index 000000000..0f8282994
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-762-lambda_vpc_multi_az_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/terraform.tfvars b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/variables.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/vpc.tf b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/vpc.tf
new file mode 100644
index 000000000..dedea6a8a
--- /dev/null
+++ b/terraform/ecc-aws-762-lambda_vpc_multi_az_check/red/vpc.tf
@@ -0,0 +1,28 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+} 
+
+resource "aws_security_group" "this" {
+  name   = "112_security_group_red"
+  vpc_id = data.aws_vpc.default.id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/green/es.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/es.tf
new file mode 100644
index 000000000..932b6b83d
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/es.tf
@@ -0,0 +1,53 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-769-green"
+  elasticsearch_version = "7.10"
+
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 3
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+  
+  encrypt_at_rest {
+    enabled = true
+  }
+
+  domain_endpoint_options {
+    enforce_https       = true
+    tls_security_policy = "Policy-Min-TLS-1-2-2019-07"
+  }
+
+  node_to_node_encryption {
+    enabled = true
+  }
+
+  advanced_security_options {
+    enabled                        = true
+    internal_user_database_enabled = true
+    master_user_options {
+      master_user_name     = "root"
+      master_user_password = random_password.this.result
+    }
+  }
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
+
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  lower            = true
+  numeric          = true  
+  upper            = true
+  min_lower        = 1
+  min_upper        = 1
+  min_numeric      = 1
+  min_special      = 1
+
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/green/provider.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/provider.tf
new file mode 100644
index 000000000..88ba84ce6
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-769-opensearch_access_control_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/green/terraform.tfvars b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/green/variables.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/iam/769-policy.json b/terraform/ecc-aws-769-opensearch_access_control_enabled/iam/769-policy.json
new file mode 100644
index 000000000..59f1771e8
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/iam/769-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "es:DescribeDomains",
+                "es:DescribeElasticsearchDomains",
+                "es:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/red/es.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/es.tf
new file mode 100644
index 000000000..355f461cb
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/es.tf
@@ -0,0 +1,16 @@
+resource "aws_elasticsearch_domain" "this" {
+  domain_name           = "domain-769-red"
+
+  elasticsearch_version = "7.10"
+  cluster_config {
+    instance_type            = "t3.small.elasticsearch"
+    dedicated_master_count   = 2
+    dedicated_master_enabled = true
+    dedicated_master_type    = "t3.small.elasticsearch"
+  }
+  
+  ebs_options {
+    ebs_enabled = true
+    volume_size = 10
+  }
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/red/provider.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/provider.tf
new file mode 100644
index 000000000..a80a62a4d
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-769-opensearch_access_control_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/red/terraform.tfvars b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-769-opensearch_access_control_enabled/red/variables.tf b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-769-opensearch_access_control_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/provider.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/provider.tf
new file mode 100644
index 000000000..86ddc2ce7
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-770-rds_automatic_minor_version_upgrade_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/rds.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/rds.tf
new file mode 100644
index 000000000..53df002f7
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/rds.tf
@@ -0,0 +1,19 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage          = 10
+  engine                     = "mysql"
+  engine_version             = "5.7"
+  instance_class             = "db.t3.micro"
+  db_name                    = "database770green"
+  username                   = "root"
+  password                   = random_password.this.result
+  parameter_group_name       = "default.mysql5.7"
+  skip_final_snapshot        = true
+  auto_minor_version_upgrade = true
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/terraform.tfvars b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/variables.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/iam/770-policy.json b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/iam/770-policy.json
new file mode 100644
index 000000000..805b5cf76
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/iam/770-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/provider.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/provider.tf
new file mode 100644
index 000000000..90a27adb6
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-770-rds_automatic_minor_version_upgrade_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/rds.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/rds.tf
new file mode 100644
index 000000000..d0cca580b
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/rds.tf
@@ -0,0 +1,19 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage          = 10
+  engine                     = "mysql"
+  engine_version             = "5.7"
+  instance_class             = "db.t3.micro"
+  db_name                    = "database770red"
+  username                   = "root"
+  password                   = random_password.this.result
+  parameter_group_name       = "default.mysql5.7"
+  skip_final_snapshot        = true
+  auto_minor_version_upgrade = false
+}
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/terraform.tfvars b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/variables.tf b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/cluster.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/cluster.tf
new file mode 100644
index 000000000..366718d15
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-771-green"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.10.2"
+  database_name       = "cluster771green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/provider.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/provider.tf
new file mode 100644
index 000000000..4897aa8e7
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-771-rds_cluster_default_admin_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/terraform.tfvars b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/variables.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/iam/771-policy.json b/terraform/ecc-aws-771-rds_cluster_default_admin_check/iam/771-policy.json
new file mode 100644
index 000000000..d6234c5f4
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/iam/771-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "rds:DescribeDBClusters",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/cluster.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/cluster.tf
new file mode 100644
index 000000000..e1b3f402f
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/cluster.tf
@@ -0,0 +1,16 @@
+resource "aws_rds_cluster" "this" {
+  cluster_identifier  = "cluster-771-red"
+  engine              = "aurora-mysql"
+  engine_version      = "5.7.mysql_aurora.2.10.2"
+  database_name       = "cluster771red"
+  master_username     = "admin"
+  master_password     = random_password.this.result
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/provider.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/provider.tf
new file mode 100644
index 000000000..458719d9a
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-771-rds_cluster_default_admin_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/terraform.tfvars b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/variables.tf b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-771-rds_cluster_default_admin_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/green/provider.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/provider.tf
new file mode 100644
index 000000000..8f98b74eb
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-773-rds_instance_default_admin_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/green/rds.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/rds.tf
new file mode 100644
index 000000000..200b56001
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/rds.tf
@@ -0,0 +1,18 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database773green"
+  username              = "root"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/green/terraform.tfvars b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/green/variables.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/iam/773-policy.json b/terraform/ecc-aws-773-rds_instance_default_admin_check/iam/773-policy.json
new file mode 100644
index 000000000..805b5cf76
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/iam/773-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/red/provider.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/provider.tf
new file mode 100644
index 000000000..ed8b11474
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-773-rds_instance_default_admin_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/red/rds.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/rds.tf
new file mode 100644
index 000000000..f837e9d72
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/rds.tf
@@ -0,0 +1,18 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  allocated_storage     = 10
+  engine                = "mysql"
+  engine_version        = "5.7"
+  instance_class        = "db.t3.micro"
+  db_name               = "database773red"
+  username              = "admin"
+  password              = random_password.this.result
+  parameter_group_name  = "default.mysql5.7"
+  skip_final_snapshot   = true
+}
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/red/terraform.tfvars b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-773-rds_instance_default_admin_check/red/variables.tf b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-773-rds_instance_default_admin_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/green/provider.tf b/terraform/ecc-aws-776-redshift_default_admin_check/green/provider.tf
new file mode 100644
index 000000000..081e3f873
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-776-redshift_default_admin_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/green/redshift.tf b/terraform/ecc-aws-776-redshift_default_admin_check/green/redshift.tf
new file mode 100644
index 000000000..a959f43fe
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/green/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-776-redshift-green"
+  database_name       = "redshift776green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/green/terraform.tfvars b/terraform/ecc-aws-776-redshift_default_admin_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/green/variables.tf b/terraform/ecc-aws-776-redshift_default_admin_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/iam/776-policy.json b/terraform/ecc-aws-776-redshift_default_admin_check/iam/776-policy.json
new file mode 100644
index 000000000..ea4f3e0d3
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/iam/776-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/red/provider.tf b/terraform/ecc-aws-776-redshift_default_admin_check/red/provider.tf
new file mode 100644
index 000000000..edec4b2e9
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-776-redshift_default_admin_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/red/redshift.tf b/terraform/ecc-aws-776-redshift_default_admin_check/red/redshift.tf
new file mode 100644
index 000000000..3dc167fb0
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-776-redshift-red"
+  database_name       = "redshift776green"
+  master_username     = "awsuser"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/red/terraform.tfvars b/terraform/ecc-aws-776-redshift_default_admin_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-776-redshift_default_admin_check/red/variables.tf b/terraform/ecc-aws-776-redshift_default_admin_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-776-redshift_default_admin_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/green/provider.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/green/provider.tf
new file mode 100644
index 000000000..ca1d28535
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-777-redshift_default_db_name_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/green/redshift.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/green/redshift.tf
new file mode 100644
index 000000000..262e62297
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/green/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-777-redshift-green"
+  database_name       = "redshift777green"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/green/terraform.tfvars b/terraform/ecc-aws-777-redshift_default_db_name_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/green/variables.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/iam/777-policy.json b/terraform/ecc-aws-777-redshift_default_db_name_check/iam/777-policy.json
new file mode 100644
index 000000000..ea4f3e0d3
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/iam/777-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "redshift:DescribeClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/red/provider.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/red/provider.tf
new file mode 100644
index 000000000..2274f66b2
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-777-redshift_default_db_name_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/red/redshift.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/red/redshift.tf
new file mode 100644
index 000000000..66aa49bc5
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/red/redshift.tf
@@ -0,0 +1,15 @@
+resource "aws_redshift_cluster" "this" {
+  cluster_identifier  = "c7n-777-redshift-red"
+  database_name       = "dev"
+  master_username     = "root"
+  master_password     = random_password.this.result
+  node_type           = "dc2.large"
+  skip_final_snapshot = true
+}
+
+resource "random_password" "this" {
+  length           = 12
+  special          = false
+  override_special = "_%@"
+  min_numeric      = 1
+}
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/red/terraform.tfvars b/terraform/ecc-aws-777-redshift_default_db_name_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-777-redshift_default_db_name_check/red/variables.tf b/terraform/ecc-aws-777-redshift_default_db_name_check/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-777-redshift_default_db_name_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/provider.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/provider.tf
new file mode 100644
index 000000000..78eb1fb0c
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-780-sns_topic_message_delivery_notification_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/sns.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/sns.tf
new file mode 100644
index 000000000..81731a896
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/sns.tf
@@ -0,0 +1,47 @@
+resource "aws_sns_topic" "this" {
+  name                           = "sns-780-green"
+  http_success_feedback_role_arn = aws_iam_role.success.arn
+  http_failure_feedback_role_arn = aws_iam_role.failure.arn
+}
+
+resource "aws_iam_role" "success" {
+  name                = "780-success-role-green"
+  assume_role_policy  = data.aws_iam_policy_document.this.json
+  managed_policy_arns = [aws_iam_policy.this.arn]
+}
+
+resource "aws_iam_role" "failure" {
+  name                = "780-failure-role-green"
+  assume_role_policy  = data.aws_iam_policy_document.this.json
+  managed_policy_arns = [aws_iam_policy.this.arn]
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["sns.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_iam_policy" "this" {
+  name = "780-policy-green"
+
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action   = ["logs:CreateLogGroup",
+                    "logs:CreateLogStream",
+                    "logs:PutLogEvents",
+                    "logs:PutMetricFilter",
+                    "logs:PutRetentionPolicy"]
+        Effect   = "Allow"
+        Resource = "*"
+      },
+    ]
+  })
+}
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/terraform.tfvars b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/variables.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
new file mode 100644
index 000000000..8a6b298be
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sns:ListTopics",
+                "SNS:GetTopicAttributes",
+                "SNS:ListTagsForResource"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/provider.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/provider.tf
new file mode 100644
index 000000000..7a64072d3
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-780-sns_topic_message_delivery_notification_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/sns.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/sns.tf
new file mode 100644
index 000000000..5f37b284d
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/sns.tf
@@ -0,0 +1,3 @@
+resource "aws_sns_topic" "this" {
+  name = "sns-780-red"
+}
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/terraform.tfvars b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/variables.tf b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/code.py b/terraform/ecc-aws-787-mwaa_latest_version/green/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/iam.tf b/terraform/ecc-aws-787-mwaa_latest_version/green/iam.tf
new file mode 100644
index 000000000..2ae202f86
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "787_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "787_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_787_green"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/mwaa.tf b/terraform/ecc-aws-787-mwaa_latest_version/green/mwaa.tf
new file mode 100644
index 000000000..287ccbb60
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/mwaa.tf
@@ -0,0 +1,50 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_787_green"
+  max_workers = 1
+
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "787-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
+
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/provider.tf b/terraform/ecc-aws-787-mwaa_latest_version/green/provider.tf
new file mode 100644
index 000000000..ffaf1bccd
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-787-mwaa_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/terraform.tfvars b/terraform/ecc-aws-787-mwaa_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/variables.tf b/terraform/ecc-aws-787-mwaa_latest_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/green/vpc.tf b/terraform/ecc-aws-787-mwaa_latest_version/green/vpc.tf
new file mode 100644
index 000000000..7f12b9259
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/green/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "787_vpc_green"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "787_security_group_green"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/iam/787-policy.json b/terraform/ecc-aws-787-mwaa_latest_version/iam/787-policy.json
new file mode 100644
index 000000000..300d965ad
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/iam/787-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/code.py b/terraform/ecc-aws-787-mwaa_latest_version/red/code.py
new file mode 100644
index 000000000..02c0cc1fc
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/code.py
@@ -0,0 +1,62 @@
+import boto3
+import json
+import requests 
+import base64
+import getopt
+import sys
+
+argv = sys.argv[1:]
+mwaa_env=''
+aws_region=''
+var_file=''
+
+try:
+    opts, args = getopt.getopt(argv, 'e:v:r:', ['environment', 'variable-file','region'])
+    #if len(opts) == 0 and len(opts) > 3:
+    if len(opts) != 3:
+        print ('Usage: -e MWAA environment -v variable file location and filename -r aws region')
+    else:
+        for opt, arg in opts:
+            if opt in ("-e"):
+                mwaa_env=arg
+            elif opt in ("-r"):
+                aws_region=arg
+            elif opt in ("-v"):
+                var_file=arg
+
+        boto3.setup_default_session(region_name="{}".format(aws_region))
+        mwaa_env_name = "{}".format(mwaa_env)
+
+        client = boto3.client('mwaa')
+        mwaa_cli_token = client.create_cli_token(
+            Name=mwaa_env_name
+        )
+        
+        with open ("{}".format(var_file), "r") as myfile:
+            fileconf = myfile.read().replace('\n', '')
+
+        json_dictionary = json.loads(fileconf)
+        for key in json_dictionary:
+            print(key, " ", json_dictionary[key])
+            val = (key + " " + json_dictionary[key])
+            mwaa_auth_token = 'Bearer ' + mwaa_cli_token['CliToken']
+            mwaa_webserver_hostname = 'https://{0}/aws_mwaa/cli'.format(mwaa_cli_token['WebServerHostname'])
+            raw_data = "variables set {0}".format(val)
+            mwaa_response = requests.post(
+                mwaa_webserver_hostname,
+                headers={
+                    'Authorization': mwaa_auth_token,
+                    'Content-Type': 'text/plain'
+                    },
+                data=raw_data
+                )
+            mwaa_std_err_message = base64.b64decode(mwaa_response.json()['stderr']).decode('utf8')
+            mwaa_std_out_message = base64.b64decode(mwaa_response.json()['stdout']).decode('utf8')
+            print(mwaa_response.status_code)
+            print(mwaa_std_err_message)
+            print(mwaa_std_out_message)
+
+except:
+    print('Use this script with the following options: -e MWAA environment -v variable file location and filename -r aws region')
+    print("Unexpected error:", sys.exc_info()[0])
+    sys.exit(2)
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/iam.tf b/terraform/ecc-aws-787-mwaa_latest_version/red/iam.tf
new file mode 100644
index 000000000..c3aebc5e0
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/iam.tf
@@ -0,0 +1,62 @@
+data "aws_caller_identity" "current" {}
+
+resource "aws_iam_role" "this" {
+  name = "787_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": [
+            "airflow-env.amazonaws.com", 
+            "airflow.amazonaws.com"
+        ]
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "787_policy_red"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "airflow:PublishMetrics"
+            ],
+            "Resource": "arn:aws:airflow:${var.default-region}:${data.aws_caller_identity.current.account_id}:environment/mwaa_787_red"
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "*"
+            ],
+            "Resource": [
+                "${aws_s3_bucket.this.arn}",
+                "${aws_s3_bucket.this.arn}/*"
+            ]
+        },
+        {
+            "Effect": "Allow",
+            "Action": [
+                "logs:DescribeLogGroups"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+  EOF
+}
+
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/mwaa.tf b/terraform/ecc-aws-787-mwaa_latest_version/red/mwaa.tf
new file mode 100644
index 000000000..54bfbb7b4
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/mwaa.tf
@@ -0,0 +1,49 @@
+resource "aws_mwaa_environment" "this" {
+  airflow_configuration_options = {
+    "core.default_task_retries" = 16
+    "core.parallelism"          = 1
+  }
+
+  dag_s3_path        = "dags/"
+  execution_role_arn = aws_iam_role.this.arn
+  name               = "mwaa_787_red"
+  max_workers        = 1
+  airflow_version    = "2.0.2"
+  network_configuration {
+    security_group_ids = [aws_security_group.this.id]
+    subnet_ids         = [aws_subnet.private1.id, aws_subnet.private2.id]
+  }
+
+  source_bucket_arn = aws_s3_bucket.this.arn
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "787-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls   = true
+  block_public_policy = true
+  ignore_public_acls  = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_object" "this" {
+  key        = "dags/code.py"
+  bucket     = aws_s3_bucket.this.id
+  source     = "code.py"
+}
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/provider.tf b/terraform/ecc-aws-787-mwaa_latest_version/red/provider.tf
new file mode 100644
index 000000000..a5a9e0b08
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-787-mwaa_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/terraform.tfvars b/terraform/ecc-aws-787-mwaa_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/variables.tf b/terraform/ecc-aws-787-mwaa_latest_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-787-mwaa_latest_version/red/vpc.tf b/terraform/ecc-aws-787-mwaa_latest_version/red/vpc.tf
new file mode 100644
index 000000000..e62ed1f92
--- /dev/null
+++ b/terraform/ecc-aws-787-mwaa_latest_version/red/vpc.tf
@@ -0,0 +1,141 @@
+resource "aws_vpc" "this" {
+  cidr_block         = "10.0.0.0/16"
+  enable_dns_support = true
+
+  tags = {
+    Name = "787_vpc_red"
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_subnet" "public1" {
+  availability_zone = "us-east-1a"
+  cidr_block        = "10.0.1.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "public2" {
+  availability_zone = "us-east-1b"
+  cidr_block        = "10.0.2.0/24"
+  vpc_id            = aws_vpc.this.id
+  map_public_ip_on_launch = true
+}
+
+resource "aws_subnet" "private1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.10.0/24"
+  availability_zone = "us-east-1a"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "private2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.20.0/24"
+  availability_zone = "us-east-1b"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_eip" "this1" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+resource "aws_eip" "this2" {
+  vpc        = true
+  depends_on = [aws_internet_gateway.this]
+}
+
+resource "aws_nat_gateway" "this1" {
+  allocation_id = aws_eip.this1.id
+  subnet_id     = aws_subnet.public1.id
+  depends_on    = [aws_eip.this1]
+}
+
+resource "aws_nat_gateway" "this2" {
+  allocation_id = aws_eip.this2.id
+  subnet_id     = aws_subnet.public2.id
+  depends_on    = [aws_eip.this2]
+}
+
+resource "aws_security_group" "this" {
+  name                   = "787_security_group_red"
+  vpc_id                 = aws_vpc.this.id
+  revoke_rules_on_delete = true
+  ingress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_route_table" "route_table_internet_gateway" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_internet_gateway.this
+  ]
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway1" {
+  subnet_id      = aws_subnet.public1.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table_association" "route_table_internet_gateway2" {
+  subnet_id      = aws_subnet.public2.id
+  route_table_id = aws_route_table.route_table_internet_gateway.id
+}
+
+resource "aws_route_table" "route_table_nat_gateway1" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this1.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this1
+  ]
+}
+
+resource "aws_route_table" "route_table_nat_gateway2" {
+  vpc_id = aws_vpc.this.id
+
+  route {
+    cidr_block     = "0.0.0.0/0"
+    nat_gateway_id = aws_nat_gateway.this2.id
+  }
+
+  depends_on = [
+    aws_vpc.this,
+    aws_nat_gateway.this2
+  ]
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway1" {
+  subnet_id      = aws_subnet.private1.id
+  route_table_id = aws_route_table.route_table_nat_gateway1.id
+}
+
+resource "aws_route_table_association" "route_table_nat_gateway2" {
+  subnet_id      = aws_subnet.private2.id
+  route_table_id = aws_route_table.route_table_nat_gateway2.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/dax.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/dax.tf
new file mode 100644
index 000000000..923f99607
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/dax.tf
@@ -0,0 +1,25 @@
+resource "aws_iam_role" "this" {
+  name = "dax_800_green"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name                     = "cluster-800-green"
+  iam_role_arn                     = aws_iam_role.this.arn
+  node_type                        = "dax.t2.small"
+  replication_factor               = 1
+  cluster_endpoint_encryption_type = "TLS"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/provider.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/provider.tf
new file mode 100644
index 000000000..33ed00639
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-800-dax_encrypted_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/terraform.tfvars b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/variables.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/iam/800-policy.json b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/iam/800-policy.json
new file mode 100644
index 000000000..142b8657b
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/iam/800-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "dax:DescribeClusters",
+                "dax:ListTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/dax.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/dax.tf
new file mode 100644
index 000000000..297e2ea81
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/dax.tf
@@ -0,0 +1,24 @@
+resource "aws_iam_role" "this" {
+  name = "dax_800_red"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "dax.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_dax_cluster" "this" {
+  cluster_name       = "cluster-800-red"
+  iam_role_arn       = aws_iam_role.this.arn
+  node_type          = "dax.t2.small"
+  replication_factor = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/provider.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/provider.tf
new file mode 100644
index 000000000..1dcace41b
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-800-dax_encrypted_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/terraform.tfvars b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/variables.tf b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-800-dax_ecnrypted_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-808-clb_internet_facing/green/elb.tf b/terraform/ecc-aws-808-clb_internet_facing/green/elb.tf
new file mode 100644
index 000000000..39b3caac8
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/green/elb.tf
@@ -0,0 +1,47 @@
+resource "aws_elb" "this" {
+  name               = "elb-808-green"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  idle_timeout       = 400
+  internal           = true
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "808_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-808-clb_internet_facing/green/provider.tf b/terraform/ecc-aws-808-clb_internet_facing/green/provider.tf
new file mode 100644
index 000000000..a6eb0367c
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-808-clb_internet_facing"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-808-clb_internet_facing/green/terraform.tfvars b/terraform/ecc-aws-808-clb_internet_facing/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-808-clb_internet_facing/green/variables.tf b/terraform/ecc-aws-808-clb_internet_facing/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-808-clb_internet_facing/iam/808-policy.json b/terraform/ecc-aws-808-clb_internet_facing/iam/808-policy.json
new file mode 100644
index 000000000..836c39df0
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/iam/808-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeTags",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-808-clb_internet_facing/red/elb.tf b/terraform/ecc-aws-808-clb_internet_facing/red/elb.tf
new file mode 100644
index 000000000..0c487f09d
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/red/elb.tf
@@ -0,0 +1,47 @@
+resource "aws_elb" "this" {
+  name               = "elb-808-red"
+  security_groups    = [aws_security_group.this.id]
+  subnets            = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  idle_timeout       = 400
+  internal           = false
+
+  listener {
+    instance_port     = 8000
+    instance_protocol = "http"
+    lb_port           = 80
+    lb_protocol       = "http"
+  }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "808_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-808-clb_internet_facing/red/provider.tf b/terraform/ecc-aws-808-clb_internet_facing/red/provider.tf
new file mode 100644
index 000000000..c30dc59a2
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-808-clb_internet_facing"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-808-clb_internet_facing/red/terraform.tfvars b/terraform/ecc-aws-808-clb_internet_facing/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-808-clb_internet_facing/red/variables.tf b/terraform/ecc-aws-808-clb_internet_facing/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-808-clb_internet_facing/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-809-elb_internet_facing/green/alb.tf b/terraform/ecc-aws-809-elb_internet_facing/green/alb.tf
new file mode 100644
index 000000000..c1fd1dcb0
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/green/alb.tf
@@ -0,0 +1,40 @@
+resource "aws_lb" "this" {
+  name                       = "alb-809-green"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = true
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "809_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
diff --git a/terraform/ecc-aws-809-elb_internet_facing/green/provider.tf b/terraform/ecc-aws-809-elb_internet_facing/green/provider.tf
new file mode 100644
index 000000000..d02e54833
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-809-elb_internet_facing"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-809-elb_internet_facing/green/terraform.tfvars b/terraform/ecc-aws-809-elb_internet_facing/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-809-elb_internet_facing/green/variables.tf b/terraform/ecc-aws-809-elb_internet_facing/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-809-elb_internet_facing/iam/809-policy.json b/terraform/ecc-aws-809-elb_internet_facing/iam/809-policy.json
new file mode 100644
index 000000000..43f7e1d47
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/iam/809-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+				"elasticloadbalancing:DescribeTags"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-809-elb_internet_facing/red/alb.tf b/terraform/ecc-aws-809-elb_internet_facing/red/alb.tf
new file mode 100644
index 000000000..6cf8277df
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/red/alb.tf
@@ -0,0 +1,57 @@
+resource "aws_lb" "this" {
+  name                       = "alb-809-Red"
+  load_balancer_type         = "application"
+  security_groups            = [aws_security_group.this.id]
+  subnets                    = [aws_subnet.subnet1.id, aws_subnet.subnet2.id]
+  internal                   = false
+  enable_deletion_protection = false
+  # subnet_mapping   {
+  #   subnet_id     = aws_subnet.subnet1.id
+  #   allocation_id = aws_eip.this.id
+  # }
+  # subnet_mapping  {
+  #   subnet_id     = aws_subnet.subnet2.id
+  #   allocation_id = aws_eip.this1.id
+  # }
+}
+
+resource "aws_vpc" "this" {
+  cidr_block       = "10.0.0.0/16"
+  instance_tenancy = "default"
+}
+
+resource "aws_subnet" "subnet1" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.1.0/24"
+  availability_zone = "us-east-1a"
+}
+
+resource "aws_subnet" "subnet2" {
+  vpc_id            = aws_vpc.this.id
+  cidr_block        = "10.0.2.0/24"
+  availability_zone = "us-east-1b"
+}
+
+resource "aws_security_group" "this" {
+  name   = "809_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+# resource "aws_eip" "this" {
+#   vpc   = true
+# }
+
+# resource "aws_eip" "this1" {
+#   vpc   = true
+# }
\ No newline at end of file
diff --git a/terraform/ecc-aws-809-elb_internet_facing/red/provider.tf b/terraform/ecc-aws-809-elb_internet_facing/red/provider.tf
new file mode 100644
index 000000000..8f029f600
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-809-elb_internet_facing"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-809-elb_internet_facing/red/terraform.tfvars b/terraform/ecc-aws-809-elb_internet_facing/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-809-elb_internet_facing/red/variables.tf b/terraform/ecc-aws-809-elb_internet_facing/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-809-elb_internet_facing/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/acm.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/acm.tf
new file mode 100644
index 000000000..d06195048
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/acm.tf
@@ -0,0 +1,24 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "examplegreen.com"
+  }
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+  validity_period_hours = 12
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/provider.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/provider.tf
new file mode 100644
index 000000000..4f79f7c80
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/terraform.tfvars b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/variables.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/iam/821-policy.json b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/iam/821-policy.json
new file mode 100644
index 000000000..1232ae9cd
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/iam/821-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/acm.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/acm.tf
new file mode 100644
index 000000000..34d4a2377
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/acm.tf
@@ -0,0 +1,24 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 1024
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "examplered.com"
+  }
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+  validity_period_hours = 12
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/provider.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/provider.tf
new file mode 100644
index 000000000..996e9a08b
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/terraform.tfvars b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/variables.tf b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/iam.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/iam.tf
new file mode 100644
index 000000000..d2052a691
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/iam.tf
@@ -0,0 +1,8 @@
+resource "aws_iam_user" "this" {
+  name = "835_user_green"
+}
+
+resource "aws_iam_access_key" "this" {
+  user = aws_iam_user.this.name
+  status = "Active"
+}
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/provider.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/provider.tf
new file mode 100644
index 000000000..d2bef34cd
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-835-inactive_iam_access_keys_are_not_deleted"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/terraform.tfvars b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/variables.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/iam/835-policy.json b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/iam/835-policy.json
new file mode 100644
index 000000000..71bd94ad6
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/iam/835-policy.json
@@ -0,0 +1,17 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:GenerateCredentialReport",
+                "iam:ListAccountAliases",
+                "iam:ListUsers",
+                "iam:GetUser",
+                "iam:GetCredentialReport"
+            ],
+            "Resource": "*"   
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/iam.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/iam.tf
new file mode 100644
index 000000000..36dc28abf
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/iam.tf
@@ -0,0 +1,8 @@
+resource "aws_iam_user" "this" {
+  name = "835_user_red"
+}
+
+resource "aws_iam_access_key" "this" {
+  user = aws_iam_user.this.name
+  status = "Inactive"
+}
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/provider.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/provider.tf
new file mode 100644
index 000000000..e63320838
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-835-inactive_iam_access_keys_are_not_deleted"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/terraform.tfvars b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/variables.tf b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-897-security_hub_enabled/green/provider.tf b/terraform/ecc-aws-897-security_hub_enabled/green/provider.tf
new file mode 100644
index 000000000..41feedb48
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-897-security_hub_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-897-security_hub_enabled/green/security-hub.tf b/terraform/ecc-aws-897-security_hub_enabled/green/security-hub.tf
new file mode 100644
index 000000000..5bd083775
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/green/security-hub.tf
@@ -0,0 +1,8 @@
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws securityhub enable-security-hub --enable-default-standards"
+
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-897-security_hub_enabled/green/terraform.tfvars b/terraform/ecc-aws-897-security_hub_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-897-security_hub_enabled/green/variables.tf b/terraform/ecc-aws-897-security_hub_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-897-security_hub_enabled/iam/897-policy.json b/terraform/ecc-aws-897-security_hub_enabled/iam/897-policy.json
new file mode 100644
index 000000000..a6dd80727
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/iam/897-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "securityhub:DescribeHub",
+                "iam:ListAccountAliases"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-897-security_hub_enabled/red/provider.tf b/terraform/ecc-aws-897-security_hub_enabled/red/provider.tf
new file mode 100644
index 000000000..06edcbf0e
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-897-security_hub_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-897-security_hub_enabled/red/security_hub.tf b/terraform/ecc-aws-897-security_hub_enabled/red/security_hub.tf
new file mode 100644
index 000000000..04195114f
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/red/security_hub.tf
@@ -0,0 +1,7 @@
+resource "null_resource" "this" {
+
+  provisioner "local-exec" {
+    command = "aws securityhub disable-security-hub"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
diff --git a/terraform/ecc-aws-897-security_hub_enabled/red/terraform.tfvars b/terraform/ecc-aws-897-security_hub_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-897-security_hub_enabled/red/variables.tf b/terraform/ecc-aws-897-security_hub_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-897-security_hub_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.py b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.py
new file mode 100644
index 000000000..76eda3b9a
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.py
@@ -0,0 +1,8 @@
+import json
+
+def lambda_handler(event, context):
+    # TODO implement
+    return {
+        'statusCode': 200,
+        'body': json.dumps('Hello from Lambda!')
+    }
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.zip b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/lambda.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/lambda.tf
new file mode 100644
index 000000000..4df7c5a94
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/lambda.tf
@@ -0,0 +1,59 @@
+resource "aws_iam_role" "this" {
+  name = "899_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "899_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename      = "func.zip"
+  function_name = "899_lambda_green"
+  role          = aws_iam_role.this.arn
+  handler       = "func.py"
+  runtime       = "python3.8"
+}
+
+resource "aws_lambda_permission" "this" {
+  statement_id  = "AllowExecutionFromS3Bucket"
+  action        = "lambda:InvokeFunction"
+  function_name = aws_lambda_function.this.arn
+  principal     = "s3.amazonaws.com"
+  source_arn    = aws_s3_bucket.lambda.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/provider.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/provider.tf
new file mode 100644
index 000000000..f63039989
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-899-s3_event_notifications_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/s3.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/s3.tf
new file mode 100644
index 000000000..916b876a8
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/s3.tf
@@ -0,0 +1,58 @@
+resource "aws_s3_bucket" "sns" {
+  bucket = "899-sns-s3-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "sns" {
+  bucket = aws_s3_bucket.sns.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_notification" "sns" {
+  bucket = aws_s3_bucket.sns.id
+
+  topic {
+    topic_arn     = aws_sns_topic.this.arn
+    events        = ["s3:ObjectCreated:*"]
+    filter_suffix = ".log"
+  }
+}
+
+resource "aws_s3_bucket" "sqs" {
+  bucket = "899-sqs-s3-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "sqs" {
+  bucket = aws_s3_bucket.sqs.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_notification" "sqs" {
+  bucket = aws_s3_bucket.sqs.id
+  queue {
+    queue_arn     = aws_sqs_queue.this.arn
+    events        = ["s3:ObjectCreated:*"]
+    filter_suffix = ".log"
+  }
+}
+
+resource "aws_s3_bucket" "lambda" {
+  bucket = "899-lambda-s3-bucket-green"
+}
+
+resource "aws_s3_bucket_acl" "lambda" {
+  bucket = aws_s3_bucket.lambda.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_notification" "lambda" {
+  bucket = aws_s3_bucket.lambda.id
+
+  lambda_function {
+    lambda_function_arn = aws_lambda_function.this.arn
+    events              = ["s3:ObjectCreated:*"]
+    filter_prefix       = "AWSLogs/"
+    filter_suffix       = ".log"
+  }
+
+  depends_on = [aws_lambda_permission.this]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sns.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sns.tf
new file mode 100644
index 000000000..c1b3481d5
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sns.tf
@@ -0,0 +1,18 @@
+resource "aws_sns_topic" "this" {
+  name = "sns-899-green"
+
+  policy = <<POLICY
+{
+    "Version":"2012-10-17",
+    "Statement":[{
+        "Effect": "Allow",
+        "Principal": { "Service": "s3.amazonaws.com" },
+        "Action": "SNS:Publish",
+        "Resource": "arn:aws:sns:*:*:sns-899-green",
+        "Condition":{
+            "ArnLike":{"aws:SourceArn":"${aws_s3_bucket.sns.arn}"}
+        }
+    }]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sqs.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sqs.tf
new file mode 100644
index 000000000..f3915ad43
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/sqs.tf
@@ -0,0 +1,20 @@
+resource "aws_sqs_queue" "this" {
+  name = "899_sqs_green"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": "*",
+      "Action": "sqs:SendMessage",
+      "Resource": "arn:aws:sqs:*:*:899_sqs_green",
+      "Condition": {
+        "ArnEquals": { "aws:SourceArn": "${aws_s3_bucket.sqs.arn}" }
+      }
+    }
+  ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/terraform.tfvars b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/green/variables.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/iam/899-policy.json b/terraform/ecc-aws-899-s3_event_notifications_enabled/iam/899-policy.json
new file mode 100644
index 000000000..361698fbe
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/iam/899-policy.json
@@ -0,0 +1,22 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "s3:GetLifecycleConfiguration",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketLogging",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketAcl",
+                "s3:GetBucketNotification",
+                "s3:GetBucketLocation",
+                "s3:GetBucketPolicy",
+                "s3:GetReplicationConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/red/provider.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/provider.tf
new file mode 100644
index 000000000..092bcb182
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-899-s3_event_notifications_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/red/s3.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/s3.tf
new file mode 100644
index 000000000..0c71b2e51
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/s3.tf
@@ -0,0 +1,8 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "899-s3-bucket-red"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/red/terraform.tfvars b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-899-s3_event_notifications_enabled/red/variables.tf b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-899-s3_event_notifications_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-902-vpc_vpn_2_tunnels_up/iam/902-policy.json b/terraform/ecc-aws-902-vpc_vpn_2_tunnels_up/iam/902-policy.json
new file mode 100644
index 000000000..abd21a758
--- /dev/null
+++ b/terraform/ecc-aws-902-vpc_vpn_2_tunnels_up/iam/902-policy.json
@@ -0,0 +1,10 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "ec2:DescribeVpnConnections",
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/asg.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/asg.tf
new file mode 100644
index 000000000..f14fdc412
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/asg.tf
@@ -0,0 +1,20 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix                 = "904_launch_configuration_green"
+  image_id                    = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = "1"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/provider.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/provider.tf
new file mode 100644
index 000000000..f9ad0c1b5
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-904-autoscaling_launch_config_hop_limit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/terraform.tfvars b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/variables.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/iam/904-policy.json b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/iam/904-policy.json
new file mode 100644
index 000000000..8a8e9cb9b
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/iam/904-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeLaunchConfigurations"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/asg.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/asg.tf
new file mode 100644
index 000000000..f325b16d5
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/asg.tf
@@ -0,0 +1,20 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix                 = "904_launch_configuration_red"
+  image_id                    = data.aws_ami.this.id
+  instance_type               = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = "5"
+  }
+}  
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  
+  filter {
+    name = "name"
+	values = ["amzn2-ami-hvm*"]
+  }
+}
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/provider.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/provider.tf
new file mode 100644
index 000000000..fe65dac91
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-904-autoscaling_launch_config_hop_limit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/terraform.tfvars b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/variables.tf b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-904-autoscaling_launch_config_hop_limit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/green/ecs.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/ecs.tf
new file mode 100644
index 000000000..c3b6740f2
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/ecs.tf
@@ -0,0 +1,27 @@
+resource "aws_ecs_cluster" "this" {
+  name = "906-ecs-cluster-green"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "906_ecs_task_definition_green"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "ReadonlyRootFilesystem": true
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "906_ecs_service_green"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/green/provider.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/provider.tf
new file mode 100644
index 000000000..0a5e2a63f
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-906-ecs_containers_readonly_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/green/terraform.tfvars b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/green/variables.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/iam/906-policy.json b/terraform/ecc-aws-906-ecs_containers_readonly_access/iam/906-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/iam/906-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/red/ecs.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/ecs.tf
new file mode 100644
index 000000000..91cb5d848
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/ecs.tf
@@ -0,0 +1,27 @@
+resource "aws_ecs_cluster" "this" {
+  name = "906-ecs-cluster-red"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "906_ecs_task_definition_red"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "ReadonlyRootFilesystem": false
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "906_ecs_service_red"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/red/provider.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/provider.tf
new file mode 100644
index 000000000..465d0c963
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-906-ecs_containers_readonly_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/red/terraform.tfvars b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-906-ecs_containers_readonly_access/red/variables.tf b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-906-ecs_containers_readonly_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/green/ecs.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/ecs.tf
new file mode 100644
index 000000000..0ec4227c7
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/ecs.tf
@@ -0,0 +1,33 @@
+resource "aws_ecs_cluster" "this" {
+  name = "907-ecs-cluster-green"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "907_ecs_task_definition_green"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "environment": [
+      {
+        "name": "AWS_ACCESS_KEY_ID",
+        "value": "arn:qwe:test"
+      }
+    ]
+
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "907_ecs_service_green"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/green/provider.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/provider.tf
new file mode 100644
index 000000000..36b0666dc
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-907-ecs_no_environment_secrets"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/green/terraform.tfvars b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/green/variables.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/iam/907-policy.json b/terraform/ecc-aws-907-ecs_no_environment_secrets/iam/907-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/iam/907-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/red/ecs.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/ecs.tf
new file mode 100644
index 000000000..d0adfd74f
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/ecs.tf
@@ -0,0 +1,40 @@
+resource "aws_ecs_cluster" "this" {
+  name = "907-ecs-cluster-red"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "907_ecs_task_definition_red"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "environment": [
+      {
+        "name": "AWS_ACCESS_KEY_ID", 
+        "value": "arn:qwe:test"
+      },
+      {
+        "name": "AWS_SECRET_ACCESS_KEY", 
+        "value": "test"
+      },
+      {
+        "name": "ECS_ENGINE_AUTH_DATA", 
+        "value": "test"
+      }
+    ]
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "907_ecs_service_red"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/red/provider.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/provider.tf
new file mode 100644
index 000000000..a3e373c4d
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-907-ecs_no_environment_secrets"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/red/terraform.tfvars b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-907-ecs_no_environment_secrets/red/variables.tf b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-907-ecs_no_environment_secrets/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/kms.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/kms.tf
new file mode 100644
index 000000000..2db0bc790
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/kms.tf
@@ -0,0 +1,33 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-911-green"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/provider.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/provider.tf
new file mode 100644
index 000000000..fb9101902
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-911-kms_cmk_not_scheduled_for_deletion"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/terraform.tfvars b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/variables.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/iam/911-policy.json b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/iam/911-policy.json
new file mode 100644
index 000000000..1e2588a4f
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/iam/911-policy.json
@@ -0,0 +1,16 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "kms:ListKeys",
+                "kms:DescribeKey",
+                "kms:ListAliases",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/kms.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/kms.tf
new file mode 100644
index 000000000..e90fc6345
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/kms.tf
@@ -0,0 +1,34 @@
+# To get red resource(pending deletion) create and destroy terraform infrastructure before custodian scan
+
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-911-red"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "Allow root"
+    effect = "Allow"
+    principals {
+      type = "AWS"
+      identifiers = [
+        "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root",
+      ]
+    }
+    actions = [
+      "kms:*",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/provider.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/provider.tf
new file mode 100644
index 000000000..ad86c4156
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-911-kms_cmk_not_scheduled_for_deletion"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/terraform.tfvars b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/variables.tf b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/provider.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/provider.tf
new file mode 100644
index 000000000..00f3815e5
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-917-waf_global_webacl_not_empty"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/terraform.tfvars b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/variables.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/waf.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/waf.tf
new file mode 100644
index 000000000..e0679fff7
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/green/waf.tf
@@ -0,0 +1,80 @@
+resource "aws_waf_ipset" "this" {
+  name = "917_ipset_green"
+
+  ip_set_descriptors {
+    type  = "IPV4"
+    value = "1.1.1.0/24"
+  }
+}
+
+resource "aws_waf_rule" "this" {
+  name        = "917_waf_rule_green"
+  metric_name = "917WafRuleMetricGreen"
+
+   predicates {
+    data_id = aws_waf_ipset.this.id
+    negated = false
+    type    = "IPMatch"
+  }
+  depends_on  = [aws_waf_ipset.this]
+}
+
+resource "aws_waf_rule_group" "this" {
+  name        = "917_waf_rule_group_green"
+  metric_name = "917WafRuleGroupMetricGreen"
+
+  activated_rule {
+    action {
+      type = "ALLOW"
+    }
+
+    priority = 1
+    rule_id  = aws_waf_rule.this.id
+  }
+}
+
+resource "aws_waf_web_acl" "this" {
+  name        = "917_webacl_green"
+  metric_name = "917WebaclMetricGreen"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rules {
+    override_action{
+      type = "NONE"
+    }
+    priority = 1
+    rule_id  = aws_waf_rule_group.this.id
+    type = "GROUP"
+  }
+  
+  depends_on = [
+    aws_waf_ipset.this,
+    aws_waf_rule.this,
+  ]
+}
+
+resource "aws_waf_web_acl" "this2" {
+  name        = "917_webacl_green2"
+  metric_name = "917WebaclMetricGreen2"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rules {
+    action {
+      type = "ALLOW"
+    }
+
+    priority = 1
+    rule_id  = aws_waf_rule.this.id
+  }
+  
+  depends_on = [
+    aws_waf_ipset.this,
+    aws_waf_rule.this,
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/iam/917-policy.json b/terraform/ecc-aws-917-waf_global_webacl_not_empty/iam/917-policy.json
new file mode 100644
index 000000000..f7a412377
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/iam/917-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "waf:ListWebACLs",
+                "waf:GetWebACL"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/provider.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/provider.tf
new file mode 100644
index 000000000..58d055c1b
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-917-waf_global_webacl_not_empty"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/terraform.tfvars b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/variables.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/waf.tf b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/waf.tf
new file mode 100644
index 000000000..b49047efa
--- /dev/null
+++ b/terraform/ecc-aws-917-waf_global_webacl_not_empty/red/waf.tf
@@ -0,0 +1,9 @@
+resource "aws_waf_web_acl" "this" {
+  name        = "917_webacl_red"
+  metric_name = "917WebaclMetricRed"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/acm.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/acm.tf
new file mode 100644
index 000000000..6761e10a2
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/acm.tf
@@ -0,0 +1,11 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "examplegreen.com"
+  validation_method = "DNS"
+
+  options {
+    certificate_transparency_logging_preference = "ENABLED"
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/provider.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..e2d1b1e55
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-922-acm_certificate_transparency_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/variables.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/iam/922-policy.json b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/iam/922-policy.json
new file mode 100644
index 000000000..1232ae9cd
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/iam/922-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/acm.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/acm.tf
new file mode 100644
index 000000000..751366d85
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/acm.tf
@@ -0,0 +1,11 @@
+resource "aws_acm_certificate" "this" {
+  domain_name       = "examplered.com"
+  validation_method = "DNS"
+
+  options {
+    certificate_transparency_logging_preference = "DISABLED"
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+}
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/provider.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..516ea43ce
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-922-acm_certificate_transparency_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/variables.tf b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-922-acm_certificate_transparency_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/distribution.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/distribution.tf
new file mode 100644
index 000000000..e1cf20211
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/distribution.tf
@@ -0,0 +1,86 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "https-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "https-only"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+
+  ordered_cache_behavior {
+    path_pattern     = "/content/*"
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+      headers      = ["Origin"]
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    min_ttl                = 0
+    default_ttl            = 86400
+    max_ttl                = 31536000
+    compress               = true
+    viewer_protocol_policy = "redirect-to-https"
+  }
+}
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/provider.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/provider.tf
new file mode 100644
index 000000000..249cc3e39
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-938-cloudfront_encryption_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/terraform.tfvars b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/variables.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/iam/938-policy.json b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/iam/938-policy.json
new file mode 100644
index 000000000..cbefe5622
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/iam/938-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudfront:ListDistributions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/distribution.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/distribution.tf
new file mode 100644
index 000000000..8ac0db8e5
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/distribution.tf
@@ -0,0 +1,86 @@
+resource "aws_instance" "this" {
+  ami           = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+locals {
+  ec2_origin_id = "myEC2Origin"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_instance.this.public_dns
+    origin_id   = local.ec2_origin_id
+    custom_origin_config {
+      origin_protocol_policy = "https-only"
+      http_port              = "80"
+      https_port             = "443"
+      origin_ssl_protocols   = ["TLSv1"]
+    }
+  }
+
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+    min_ttl                = 0
+    default_ttl            = 3600
+    max_ttl                = 86400
+  }
+
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+
+  ordered_cache_behavior {
+    path_pattern     = "/content/*"
+    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
+    cached_methods   = ["GET", "HEAD", "OPTIONS"]
+    target_origin_id = local.ec2_origin_id
+
+    forwarded_values {
+      query_string = false
+      headers      = ["Origin"]
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    min_ttl                = 0
+    default_ttl            = 86400
+    max_ttl                = 31536000
+    compress               = true
+    viewer_protocol_policy = "allow-all"
+  }
+}
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/provider.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/provider.tf
new file mode 100644
index 000000000..84bcda2f9
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-938-cloudfront_encryption_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/terraform.tfvars b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/variables.tf b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-938-cloudfront_encryption_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/ebs.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/ebs.tf
new file mode 100644
index 000000000..1a20ec8f2
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/ebs.tf
@@ -0,0 +1,3 @@
+resource "aws_ebs_encryption_by_default" "this" {
+  enabled = true
+}
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/provider.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/provider.tf
new file mode 100644
index 000000000..68507aac3
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-939-ebs_default_encryption_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/terraform.tfvars b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/variables.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/iam/939-policy.json b/terraform/ecc-aws-939-ebs_default_encryption_enabled/iam/939-policy.json
new file mode 100644
index 000000000..4cb1da8d5
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/iam/939-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "iam:ListAccountAliases",
+                "ec2:GetEbsEncryptionByDefault"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/ebs.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/ebs.tf
new file mode 100644
index 000000000..931640820
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/ebs.tf
@@ -0,0 +1,3 @@
+resource "aws_ebs_encryption_by_default" "this" {
+  enabled = false
+}
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/provider.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/provider.tf
new file mode 100644
index 000000000..8b9ad1b93
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-939-ebs_default_encryption_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/terraform.tfvars b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/variables.tf b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-939-ebs_default_encryption_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/acm.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/acm.tf
new file mode 100644
index 000000000..93f09710b
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/acm.tf
@@ -0,0 +1,25 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example_green.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 800
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/provider.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/provider.tf
new file mode 100644
index 000000000..2a9eb289e
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-948-imported_and_acm_certificates_expire_in_one_month"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/terraform.tfvars b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/variables.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/iam/948-policy.json b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/iam/948-policy.json
new file mode 100644
index 000000000..78ea93d45
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/iam/948-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "acm:ListCertificates",
+                "acm:DescribeCertificate",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/acm.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/acm.tf
new file mode 100644
index 000000000..265bba857
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/acm.tf
@@ -0,0 +1,25 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example_red.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 48
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/provider.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/provider.tf
new file mode 100644
index 000000000..562cdc158
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-948-imported_and_acm_certificates_expire_in_one_month"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/terraform.tfvars b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/variables.tf b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/green/key-pair.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/green/key-pair.tf
new file mode 100644
index 000000000..7883d937a
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/green/key-pair.tf
@@ -0,0 +1,9 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "generated_key" {
+  key_name   = "keypair949green"
+  public_key = tls_private_key.this.public_key_openssh
+}
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/green/provider.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..b8abb8441
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-949-key_pair_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-949-key_pair_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/green/variables.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/iam/949-policy.json b/terraform/ecc-aws-949-key_pair_without_tag_information/iam/949-policy.json
new file mode 100644
index 000000000..d4c75857e
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/iam/949-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeKeyPairs"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/red/key-pair.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/red/key-pair.tf
new file mode 100644
index 000000000..cd3449f2e
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/red/key-pair.tf
@@ -0,0 +1,9 @@
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "aws_key_pair" "generated_key" {
+  key_name   = "keypair949red"
+  public_key = tls_private_key.this.public_key_openssh
+}
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/red/provider.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..770bbd3d1
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region
+}
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-949-key_pair_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-949-key_pair_without_tag_information/red/variables.tf b/terraform/ecc-aws-949-key_pair_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-949-key_pair_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green/asg.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green/asg.tf
new file mode 100644
index 000000000..d7d22e553
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green/asg.tf
@@ -0,0 +1,29 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "950_launch_template_green"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  availability_zones        = ["us-east-1a"]
+  desired_capacity          = 0
+  max_size                  = 0
+  min_size                  = 0
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green/provider.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green/provider.tf
new file mode 100644
index 000000000..aa8fea367
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-950-autoscaling_launch_template"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green/terraform.tfvars b/terraform/ecc-aws-950-autoscaling_launch_template/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green/variables.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green1/asg.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green1/asg.tf
new file mode 100644
index 000000000..8ed348821
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green1/asg.tf
@@ -0,0 +1,29 @@
+resource "aws_launch_template" "this" {
+  name_prefix   = "950_launch_template_green1"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.nano"
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  availability_zones        = ["us-east-1a"]
+  desired_capacity          = 0
+  max_size                  = 0
+  min_size                  = 0
+  mixed_instances_policy {
+    launch_template {
+      launch_template_specification {
+        launch_template_id = aws_launch_template.this.id
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green1/provider.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green1/provider.tf
new file mode 100644
index 000000000..96231aea3
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-950-autoscaling_launch_template"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green1/terraform.tfvars b/terraform/ecc-aws-950-autoscaling_launch_template/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/green1/variables.tf b/terraform/ecc-aws-950-autoscaling_launch_template/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/iam/950-policy.json b/terraform/ecc-aws-950-autoscaling_launch_template/iam/950-policy.json
new file mode 100644
index 000000000..cf44f39ef
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/iam/950-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "autoscaling:DescribeAutoScalingGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/red/asg.tf b/terraform/ecc-aws-950-autoscaling_launch_template/red/asg.tf
new file mode 100644
index 000000000..38d75c4ef
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/red/asg.tf
@@ -0,0 +1,30 @@
+resource "aws_launch_configuration" "this" {
+  name_prefix   = "950_launch_configuration_red"
+  image_id      = data.aws_ami.this.id
+  instance_type = "t2.micro"
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = "5"
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-hvm*"]
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  availability_zones        = ["us-east-1a"]
+  desired_capacity          = 0
+  max_size                  = 0
+  min_size                  = 0
+  health_check_grace_period = 300
+  health_check_type         = "ELB"
+  launch_configuration      = aws_launch_configuration.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/red/provider.tf b/terraform/ecc-aws-950-autoscaling_launch_template/red/provider.tf
new file mode 100644
index 000000000..1460c7785
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-950-autoscaling_launch_template"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/red/terraform.tfvars b/terraform/ecc-aws-950-autoscaling_launch_template/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-950-autoscaling_launch_template/red/variables.tf b/terraform/ecc-aws-950-autoscaling_launch_template/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-950-autoscaling_launch_template/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green/lb.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green/lb.tf
new file mode 100644
index 000000000..c33a6aa3d
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green/lb.tf
@@ -0,0 +1,38 @@
+resource "aws_elb" "this" {
+  name               = "951-elb-http-green"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "tcp"
+    lb_port            = 443
+    lb_protocol        = "ssl"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green/provider.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green/provider.tf
new file mode 100644
index 000000000..74ce80e5a
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-951-clb_acm_certificate_required"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green/terraform.tfvars b/terraform/ecc-aws-951-clb_acm_certificate_required/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green/variables.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green1/lb.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/lb.tf
new file mode 100644
index 000000000..ab7c0c69c
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/lb.tf
@@ -0,0 +1,38 @@
+resource "aws_elb" "this" {
+  name               = "951-elb-http-green1"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "http"
+    lb_port            = 443
+    lb_protocol        = "https"
+    ssl_certificate_id = aws_acm_certificate.this.arn
+  }
+}
+
+resource "tls_private_key" "this" {
+  algorithm = "RSA"
+}
+
+resource "tls_self_signed_cert" "this" {
+  private_key_pem = tls_private_key.this.private_key_pem
+
+  subject {
+    common_name  = "example.com"
+    organization = "ACME Examples, Inc"
+  }
+
+  validity_period_hours = 12
+
+  allowed_uses = [
+    "key_encipherment",
+    "digital_signature",
+    "server_auth",
+  ]
+}
+
+resource "aws_acm_certificate" "this" {
+  private_key      = tls_private_key.this.private_key_pem
+  certificate_body = tls_self_signed_cert.this.cert_pem
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green1/provider.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/provider.tf
new file mode 100644
index 000000000..d3a8bf9c1
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-951-clb_acm_certificate_required"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green1/terraform.tfvars b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green1/variables.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green2/lb.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/lb.tf
new file mode 100644
index 000000000..368c076b1
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/lb.tf
@@ -0,0 +1,11 @@
+resource "aws_elb" "this" {
+  name               = "951-elb-http-green2"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+
+  listener {
+    instance_port      = 80
+    instance_protocol  = "http"
+    lb_port            = 80
+    lb_protocol        = "http"
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green2/provider.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/provider.tf
new file mode 100644
index 000000000..475a8ee75
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-951-clb_acm_certificate_required"
+      ComplianceStatus = "Green2"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green2/terraform.tfvars b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/green2/variables.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/green2/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/iam/951-policy.json b/terraform/ecc-aws-951-clb_acm_certificate_required/iam/951-policy.json
new file mode 100644
index 000000000..03fb3561a
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/iam/951-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/red/iam.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/red/iam.tf
new file mode 100644
index 000000000..59d9fe69c
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/red/iam.tf
@@ -0,0 +1,36 @@
+resource "aws_iam_server_certificate" "this" {
+  name             = "951_server_certificate_red"
+  certificate_body = data.local_file.this2.content
+  private_key      = data.local_file.this1.content
+
+  depends_on = [local_file.this1, local_file.this2]
+}
+
+resource "local_file" "this1" {
+    source  = "private.key"
+    filename = "private.key"
+    depends_on = [null_resource.this]
+}
+
+resource "local_file" "this2" {
+    source  = "certificate.crt"
+    filename = "certificate.crt"
+    depends_on = [null_resource.this]
+}
+
+data "local_file" "this1" {
+    filename = "private.key"
+    depends_on = [local_file.this1, local_file.this2]
+}
+
+data "local_file" "this2" {
+    filename = "certificate.crt"
+    depends_on = [local_file.this1, local_file.this2]
+}
+
+resource "null_resource" "this" {
+  provisioner "local-exec" {
+    command = "openssl req -x509 -nodes -days 1 -newkey rsa:2048 -keyout private.key -out certificate.crt -subj '/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com'"
+    interpreter = ["/bin/bash", "-c"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/red/lb.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/red/lb.tf
new file mode 100644
index 000000000..df1df561a
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/red/lb.tf
@@ -0,0 +1,12 @@
+resource "aws_elb" "this" {
+  name               = "951-elb-http-red"
+  availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
+  
+  listener {
+    instance_port      = 8000
+    instance_protocol  = "tcp"
+    lb_port            = 443
+    lb_protocol        = "ssl"
+    ssl_certificate_id = aws_iam_server_certificate.this.arn
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/red/provider.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/red/provider.tf
new file mode 100644
index 000000000..988ea6cfa
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-951-clb_acm_certificate_required"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/red/terraform.tfvars b/terraform/ecc-aws-951-clb_acm_certificate_required/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-951-clb_acm_certificate_required/red/variables.tf b/terraform/ecc-aws-951-clb_acm_certificate_required/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-951-clb_acm_certificate_required/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/green/func.zip b/terraform/ecc-aws-953-lambda_function_settings_check/green/func.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3438f93d5f1efc1451e6796ba311097789f0dc33
GIT binary patch
literal 299
zcmWIWW@Zs#U|`^2@Tz(kup-vAs~yN&2E^<PG7M>@dC7VOm7yV=49wOm|HOF#acKoN
z10%}|W(Ec@;o4`&eaJwh<@=v5b-v7n9))jKH8)>48XI(9J8aUP341z}{*_<WxmWhR
z@Q$utfk=hQH!sDr3B9u~#JoSYc<GG`llPPqB<p{fR2C4hrS)`$Ok&}|N!okbCaSpe
z&(8{bsp3{-WiUxD;r{o#^1eOqh1PAhKBKq9ZT^X<Hp@-T#eX+k%+;-#`in8Zn~_P5
q8JABafc{}%U<BeVjUX1>U#t*+q4_Dmo0Scuj1dTZf%FLwhXDY6?`CQM

literal 0
HcmV?d00001

diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/green/lambda.tf b/terraform/ecc-aws-953-lambda_function_settings_check/green/lambda.tf
new file mode 100644
index 000000000..f5aac648c
--- /dev/null
+++ b/terraform/ecc-aws-953-lambda_function_settings_check/green/lambda.tf
@@ -0,0 +1,51 @@
+resource "aws_iam_role" "this" {
+  name = "953_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "953_policy_green"
+  role = aws_iam_role.this.id
+
+  policy = <<-EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:CreateNetworkInterface",
+                "ec2:DeleteNetworkInterface",
+                "ec2:DescribeInstances",
+                "ec2:AttachNetworkInterface"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+  EOF
+}
+
+resource "aws_lambda_function" "this" {
+  filename                       = "func.zip"
+  function_name                  = "953_lambda_green"
+  role                           = aws_iam_role.this.arn
+  handler                        = "func.py"
+  runtime                        = "python3.8"
+}
diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/green/provider.tf b/terraform/ecc-aws-953-lambda_function_settings_check/green/provider.tf
new file mode 100644
index 000000000..37d3b1e41
--- /dev/null
+++ b/terraform/ecc-aws-953-lambda_function_settings_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-953-lambda_function_settings_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/green/terraform.tfvars b/terraform/ecc-aws-953-lambda_function_settings_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-953-lambda_function_settings_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/green/variables.tf b/terraform/ecc-aws-953-lambda_function_settings_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-953-lambda_function_settings_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-953-lambda_function_settings_check/iam/953-policy.json b/terraform/ecc-aws-953-lambda_function_settings_check/iam/953-policy.json
new file mode 100644
index 000000000..bb28bd3c5
--- /dev/null
+++ b/terraform/ecc-aws-953-lambda_function_settings_check/iam/953-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "lambda:ListFunctions",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/ecs.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/ecs.tf
new file mode 100644
index 000000000..acb527038
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/ecs.tf
@@ -0,0 +1,24 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-955-ecs_task_definitions_green"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "955_ecs_task_definition_green"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["FARGATE"]
+  cpu                      = 256
+  memory                   = 512
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": false,
+    "user": "test" 
+  }
+]
+DEFINITION
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/provider.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/provider.tf
new file mode 100644
index 000000000..b7d3c0886
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-955-ecs_containers_nonprivileged"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/terraform.tfvars b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/variables.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/ecs.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/ecs.tf
new file mode 100644
index 000000000..396ac0332
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-955-ecs_task_definitions_green1"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "955_ecs_task_definition_green1"
+  network_mode             = "host"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": true,
+    "user": "test" 
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "955_ecs_service_green1"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/provider.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/provider.tf
new file mode 100644
index 000000000..b7d3c0886
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-955-ecs_containers_nonprivileged"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/terraform.tfvars b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/variables.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/iam/955-policy.json b/terraform/ecc-aws-955-ecs_containers_nonprivileged/iam/955-policy.json
new file mode 100644
index 000000000..9d12643e4
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/iam/955-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListTaskDefinitions",
+                "ecs:DescribeTaskDefinition"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/ecs.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/ecs.tf
new file mode 100644
index 000000000..ee59c7ddf
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/ecs.tf
@@ -0,0 +1,22 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-955-ecs_task_definitions_red"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "955_ecs_task_definition_red"
+  network_mode             = "awsvpc"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": true,
+    "user": "test" 
+  }
+]
+DEFINITION
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/provider.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/provider.tf
new file mode 100644
index 000000000..5061a40ee
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-955-ecs_containers_nonprivileged"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/terraform.tfvars b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/variables.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/ecs.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/ecs.tf
new file mode 100644
index 000000000..df96734ff
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/ecs.tf
@@ -0,0 +1,29 @@
+resource "aws_ecs_cluster" "this" {
+  name = "ecc-aws-955-ecs_task_definitions_red1"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "955_ecs_task_definition_red1"
+  network_mode             = "bridge"
+  requires_compatibilities = ["EC2"]
+  container_definitions    = <<DEFINITION
+[
+  {
+    "name": "mysql",
+    "image": "mysql",
+    "cpu": 1,
+    "memory": 5,
+    "essential": true,
+    "privileged": true,
+    "user": "test" 
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name            = "955_ecs_service_red1"
+  cluster         = aws_ecs_cluster.this.id
+  task_definition = aws_ecs_task_definition.this.arn
+  desired_count   = 1
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/provider.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/provider.tf
new file mode 100644
index 000000000..5061a40ee
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-955-ecs_containers_nonprivileged"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/terraform.tfvars b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/variables.tf b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-955-ecs_containers_nonprivileged/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/cloudfront.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/cloudfront.tf
new file mode 100644
index 000000000..9e037a890
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/cloudfront.tf
@@ -0,0 +1,45 @@
+resource "aws_cloudfront_origin_access_control" "this" {
+  name                              = "958_origin_access_control_green"
+  description                       = "origin_access_indentity_958_green"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name              = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id                = local.s3_origin_id
+    origin_access_control_id = aws_cloudfront_origin_access_control.this.id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE", "UA"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/error.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/error.html
new file mode 100644
index 000000000..efbcd2eb2
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/index.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/index.html
new file mode 100644
index 000000000..5c72b0703
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/provider.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/provider.tf
new file mode 100644
index 000000000..514d98c8f
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-958-cloudfront_s3_origin_non_existent_bucket"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/s3.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/s3.tf
new file mode 100644
index 000000000..00947ffb7
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/s3.tf
@@ -0,0 +1,50 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-958-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+locals {
+  s3_origin_id = "originId958"
+}
+
+resource "aws_s3_object" "index" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "index.html"
+  source       = "index.html"
+  etag         = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "error.html"
+  source       = "error.html"
+  etag         = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/terraform.tfvars b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/variables.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/cloudfront.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/cloudfront.tf
new file mode 100644
index 000000000..5772fc2a9
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/cloudfront.tf
@@ -0,0 +1,42 @@
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
+    origin_id   = local.s3_origin_id
+    custom_origin_config{
+      http_port = 80
+      https_port = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols = ["TLSv1.2"]
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE", "UA"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/error.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/error.html
new file mode 100644
index 000000000..efbcd2eb2
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/index.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/index.html
new file mode 100644
index 000000000..5c72b0703
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/provider.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/provider.tf
new file mode 100644
index 000000000..66805d400
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-958-cloudfront_s3_origin_non_existent_bucket"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/s3.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/s3.tf
new file mode 100644
index 000000000..f9f7de74f
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/s3.tf
@@ -0,0 +1,70 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-958-green1"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+locals {
+  s3_origin_id = "originId958"
+}
+
+resource "aws_s3_bucket_website_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "error.html"
+  }
+}
+
+resource "aws_s3_object" "index" {
+  bucket = aws_s3_bucket.this.bucket
+  key    = "index.html"
+  source = "index.html"
+  etag = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket = aws_s3_bucket.this.bucket
+  key    = "error.html"
+  source = "error.html"
+  etag = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+  }
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/terraform.tfvars b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/variables.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/iam/958-policy.json b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/iam/958-policy.json
new file mode 100644
index 000000000..4b12c6ba1
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/iam/958-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudfront:ListDistributions",
+                "tag:GetResources",
+                "s3:ListAllMyBuckets"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/cloudfront.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/cloudfront.tf
new file mode 100644
index 000000000..97781957a
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/cloudfront.tf
@@ -0,0 +1,45 @@
+resource "aws_cloudfront_origin_access_control" "this" {
+  name                              = "958_origin_access_control_red"
+  description                       = "origin_access_indentity_958_red"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name              = "no-bucket-958-red.s3.amazonaws.com"
+    origin_id                = local.s3_origin_id
+    origin_access_control_id = aws_cloudfront_origin_access_control.this.id
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE", "UA"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/error.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/error.html
new file mode 100644
index 000000000..efbcd2eb2
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/index.html b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/index.html
new file mode 100644
index 000000000..5c72b0703
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/provider.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/provider.tf
new file mode 100644
index 000000000..6c858e09d
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-958-cloudfront_s3_origin_non_existent_bucket"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/s3.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/s3.tf
new file mode 100644
index 000000000..406923130
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/s3.tf
@@ -0,0 +1,50 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-958-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+locals {
+  s3_origin_id = "originId958"
+}
+
+resource "aws_s3_object" "index" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "index.html"
+  source       = "index.html"
+  etag         = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "error.html"
+  source       = "error.html"
+  etag         = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/terraform.tfvars b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/variables.tf b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/cloudfront.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/cloudfront.tf
new file mode 100644
index 000000000..21e00a5f5
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/cloudfront.tf
@@ -0,0 +1,45 @@
+resource "aws_cloudfront_origin_access_control" "this" {
+  name                              = "961_origin_access_control_green"
+  description                       = "origin_access_indentity_961_green"
+  origin_access_control_origin_type = "s3"
+  signing_behavior                  = "always"
+  signing_protocol                  = "sigv4"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name              = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id                = local.s3_origin_id
+    origin_access_control_id = aws_cloudfront_origin_access_control.this.id
+  }
+  comment             = "961_cloudfront_distribution_green"
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE", "UA"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/error.html b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/error.html
new file mode 100644
index 000000000..efbcd2eb2
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/index.html b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/index.html
new file mode 100644
index 000000000..5c72b0703
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/provider.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/provider.tf
new file mode 100644
index 000000000..b329522f8
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-961-cloudfront_origin_access_control_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/s3.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/s3.tf
new file mode 100644
index 000000000..00947ffb7
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/s3.tf
@@ -0,0 +1,50 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-958-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+locals {
+  s3_origin_id = "originId958"
+}
+
+resource "aws_s3_object" "index" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "index.html"
+  source       = "index.html"
+  etag         = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "error.html"
+  source       = "error.html"
+  etag         = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/terraform.tfvars b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/variables.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/cloudfront.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/cloudfront.tf
new file mode 100644
index 000000000..63157d45d
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/cloudfront.tf
@@ -0,0 +1,42 @@
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket_website_configuration.this.website_endpoint
+    origin_id   = local.s3_origin_id
+    custom_origin_config {
+      http_port              = 80
+      https_port             = 443
+      origin_protocol_policy = "http-only"
+      origin_ssl_protocols   = ["TLSv1.2"]
+    }
+  }
+  comment             = "961_cloudfront_distribution_green1"
+  enabled             = true
+  default_root_object = "index.html"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE", "UA"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/error.html b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/error.html
new file mode 100644
index 000000000..efbcd2eb2
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/error.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Error Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/index.html b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/index.html
new file mode 100644
index 000000000..5c72b0703
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/index.html
@@ -0,0 +1,9 @@
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head>
+    <title>My Website Home Page</title>
+</head>
+<body>
+  <h1>Welcome to my website</h1>
+  <p>Now hosted on Amazon S3!</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/provider.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/provider.tf
new file mode 100644
index 000000000..b4fcff87f
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-961-cloudfront_origin_access_control_enabled"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/s3.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/s3.tf
new file mode 100644
index 000000000..cd95b381d
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/s3.tf
@@ -0,0 +1,70 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-961-green1"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = false
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = false
+}
+
+locals {
+  s3_origin_id = "originId961"
+}
+
+resource "aws_s3_bucket_website_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  index_document {
+    suffix = "index.html"
+  }
+
+  error_document {
+    key = "error.html"
+  }
+}
+
+resource "aws_s3_object" "index" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "index.html"
+  source       = "index.html"
+  etag         = filemd5("index.html")
+  content_type = "text/html"
+}
+
+resource "aws_s3_object" "error" {
+  bucket       = aws_s3_bucket.this.bucket
+  key          = "error.html"
+  source       = "error.html"
+  etag         = filemd5("error.html")
+  content_type = "text/html"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudfront.amazonaws.com"]
+    }
+  }
+  statement {
+    actions   = ["s3:GetObject"]
+    resources = ["${aws_s3_bucket.this.arn}/*"]
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/terraform.tfvars b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/variables.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/iam/961-policy.json b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/iam/961-policy.json
new file mode 100644
index 000000000..64afa00ea
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/iam/961-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "tag:GetResources",
+                "cloudfront:ListDistributions"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/cloudfront.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/cloudfront.tf
new file mode 100644
index 000000000..4aa966a2c
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/cloudfront.tf
@@ -0,0 +1,44 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-961-red"
+  force_destroy = "true"
+}
+
+locals {
+  s3_origin_id = "myRedS3"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+  }
+  comment = "961_cloudfront_distribution_red"
+  enabled = true
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/provider.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/provider.tf
new file mode 100644
index 000000000..5c55a4c47
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-961-cloudfront_origin_access_control_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/terraform.tfvars b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/variables.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/cloudfront.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/cloudfront.tf
new file mode 100644
index 000000000..2ba7264a9
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/cloudfront.tf
@@ -0,0 +1,59 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-961-red1"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+locals {
+  s3_origin_id = "myred1S3"
+}
+
+resource "aws_cloudfront_origin_access_identity" "this" {
+  comment = "origin_access_indentity_961_red1"
+}
+
+resource "aws_cloudfront_distribution" "this" {
+  origin {
+    domain_name = aws_s3_bucket.this.bucket_regional_domain_name
+    origin_id   = local.s3_origin_id
+
+    s3_origin_config {
+      origin_access_identity = aws_cloudfront_origin_access_identity.this.cloudfront_access_identity_path
+    }
+  }
+
+  enabled             = true
+  default_root_object = "index.html"
+  comment             = "961_cloudfront_distribution_red1"
+
+  default_cache_behavior {
+    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
+    cached_methods   = ["GET", "HEAD"]
+    target_origin_id = local.s3_origin_id
+
+    forwarded_values {
+      query_string = false
+
+      cookies {
+        forward = "none"
+      }
+    }
+
+    viewer_protocol_policy = "allow-all"
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "whitelist"
+      locations        = ["US", "CA", "GB", "DE"]
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/provider.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/provider.tf
new file mode 100644
index 000000000..99ff6ca8b
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-961-cloudfront_origin_access_control_enabled"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/terraform.tfvars b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/variables.tf b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-961-cloudfront_origin_access_control_enabled/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/glue.tf b/terraform/ecc-aws-962-glue_job_latest_version/green/glue.tf
new file mode 100644
index 000000000..284e189b0
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/glue.tf
@@ -0,0 +1,9 @@
+resource "aws_glue_job" "this" {
+  name         = "962_glue_job_green"
+  role_arn     = aws_iam_role.this.arn
+  glue_version = "4.0"
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/iam.tf b/terraform/ecc-aws-962-glue_job_latest_version/green/iam.tf
new file mode 100644
index 000000000..4f9845c51
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "962_role_green"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "962_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-962-green/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/provider.tf b/terraform/ecc-aws-962-glue_job_latest_version/green/provider.tf
new file mode 100644
index 000000000..a5f82cbb2
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-962-glue_job_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/s3.tf b/terraform/ecc-aws-962-glue_job_latest_version/green/s3.tf
new file mode 100644
index 000000000..2eafa0e65
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-962-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/script.py b/terraform/ecc-aws-962-glue_job_latest_version/green/script.py
new file mode 100644
index 000000000..ecffd94e7
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-962-green/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-962-green",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/terraform.tfvars b/terraform/ecc-aws-962-glue_job_latest_version/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/green/variables.tf b/terraform/ecc-aws-962-glue_job_latest_version/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/iam/962-policy.json b/terraform/ecc-aws-962-glue_job_latest_version/iam/962-policy.json
new file mode 100644
index 000000000..317892da6
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/iam/962-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetJobs",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/glue.tf b/terraform/ecc-aws-962-glue_job_latest_version/red/glue.tf
new file mode 100644
index 000000000..4182b07d3
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/glue.tf
@@ -0,0 +1,9 @@
+resource "aws_glue_job" "this" {
+  name         = "962_glue_job_red"
+  glue_version = "3.0"
+  role_arn     = aws_iam_role.this.arn
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/iam.tf b/terraform/ecc-aws-962-glue_job_latest_version/red/iam.tf
new file mode 100644
index 000000000..0b4b84c27
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "962_role_red"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "962_policy_red"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-962-red/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/provider.tf b/terraform/ecc-aws-962-glue_job_latest_version/red/provider.tf
new file mode 100644
index 000000000..c354713e7
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-962-glue_job_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/s3.tf b/terraform/ecc-aws-962-glue_job_latest_version/red/s3.tf
new file mode 100644
index 000000000..15d903497
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-962-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/script.py b/terraform/ecc-aws-962-glue_job_latest_version/red/script.py
new file mode 100644
index 000000000..55757e65b
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-962-red/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-962-red",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/terraform.tfvars b/terraform/ecc-aws-962-glue_job_latest_version/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-962-glue_job_latest_version/red/variables.tf b/terraform/ecc-aws-962-glue_job_latest_version/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-962-glue_job_latest_version/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/glue.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/green/glue.tf
new file mode 100644
index 000000000..a18585cfc
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/glue.tf
@@ -0,0 +1,17 @@
+resource "aws_glue_job" "this" {
+  name         = "963_glue_job_green"
+  role_arn     = aws_iam_role.this.arn
+  default_arguments = {
+    "--continuous-log-logGroup"          = aws_cloudwatch_log_group.this.name
+    "--enable-continuous-cloudwatch-log" = "true"
+    "--enable-continuous-log-filter"     = "true"
+    "--enable-metrics"                   = ""
+  }
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "cloudwatch_log_group_963_green"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/iam.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/green/iam.tf
new file mode 100644
index 000000000..d72b341bf
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "963_role_green"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "963_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-963-green/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/provider.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..a5f82cbb2
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-962-glue_job_latest_version"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/s3.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/green/s3.tf
new file mode 100644
index 000000000..652cc5bc4
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-963-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/script.py b/terraform/ecc-aws-963-glue_job_logging_enabled/green/script.py
new file mode 100644
index 000000000..a99aa03a9
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-963-green/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-963-green",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-963-glue_job_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/green/variables.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/iam/963-policy.json b/terraform/ecc-aws-963-glue_job_logging_enabled/iam/963-policy.json
new file mode 100644
index 000000000..317892da6
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/iam/963-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "glue:GetJobs",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/glue.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/red/glue.tf
new file mode 100644
index 000000000..40a35ff34
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/glue.tf
@@ -0,0 +1,8 @@
+resource "aws_glue_job" "this" {
+  name         = "963_glue_job_red"
+  role_arn     = aws_iam_role.this.arn
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/iam.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/red/iam.tf
new file mode 100644
index 000000000..dcbe16c0c
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/iam.tf
@@ -0,0 +1,53 @@
+resource "aws_iam_role" "this" {
+  name = "963_role_red"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "963_policy_red"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["*"]
+    }
+    actions   = ["s3:PutObject"]
+    resources = ["arn:aws:s3:::bucket-963-red/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/provider.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..c354713e7
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-962-glue_job_latest_version"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/s3.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/red/s3.tf
new file mode 100644
index 000000000..6fd6ddba0
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-963-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/script.py b/terraform/ecc-aws-963-glue_job_logging_enabled/red/script.py
new file mode 100644
index 000000000..64e1c6339
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-963-red/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-963-red",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-963-glue_job_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-963-glue_job_logging_enabled/red/variables.tf b/terraform/ecc-aws-963-glue_job_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-963-glue_job_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file

From 17fbbb0cd42c5e646432f3b66aa37843e61f1b7a Mon Sep 17 00:00:00 2001
From: Astr1k <astr1kyv@gmail.com>
Date: Wed, 14 Jun 2023 15:36:18 +0000
Subject: [PATCH 04/15] Added Tests

---
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-green/iam.GetUser_1.json          |   32 +
 .../placebo-green/iam.ListUsers_1.json        |   35 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.GetUser_1.json            |   32 +
 .../placebo-red/iam.ListUsers_1.json          |   35 +
 .../red_policy_test.py                        |    7 +
 .../green_policy_test.py                      |    7 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-green/iam.GetUser_1.json          |   32 +
 .../placebo-green/iam.ListUsers_1.json        |   35 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.GetUser_1.json            |   32 +
 .../placebo-red/iam.ListUsers_1.json          |   35 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/ec2.DescribeFlowLogs_1.json |   36 +
 .../placebo-green/ec2.DescribeVpcs_1.json     |   26 +
 .../placebo-red/ec2.DescribeFlowLogs_1.json   |    7 +
 .../placebo-red/ec2.DescribeVpcs_1.json       |   26 +
 .../red_policy_test.py                        |    7 +
 .../rds.DescribeDBInstances_1.json            |  143 +++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBInstances_1.json            |  119 ++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBInstances_1.json            |  133 +++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBInstances_1.json            |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    6 +
 .../green_policy_test.py                      |    7 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../red_policy_test.py                        |    6 +
 .../green_policy_test.py                      |    7 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../red_policy_test.py                        |    6 +
 .../cloudfront.ListDistributions_1.json       |  144 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  140 +++
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    5 +
 ...ancing.DescribeLoadBalancerPolicies_1.json |  390 +++++++
 ...loadbalancing.DescribeLoadBalancers_1.json |   74 ++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 ...ancing.DescribeLoadBalancerPolicies_1.json |  390 +++++++
 ...loadbalancing.DescribeLoadBalancers_1.json |   73 ++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    7 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   77 ++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   72 ++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    6 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    9 +
 .../green_policy_test.py                      |    7 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-green/iam.GetUser_1.json          |   32 +
 .../placebo-green/iam.ListUsers_1.json        |   35 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.GetUser_1.json            |   32 +
 .../placebo-red/iam.ListUsers_1.json          |   35 +
 .../red_policy_test.py                        |   11 +
 .../placebo-green/iam.GetUser_1.json          |   22 +
 .../iam.ListAttachedUserPolicies_1.json       |    8 +
 .../placebo-green/iam.ListUsers_1.json        |   25 +
 .../placebo-red/iam.GetPolicy_1.json          |   36 +
 .../placebo-red/iam.GetUser_1.json            |   22 +
 .../iam.ListAttachedUserPolicies_1.json       |   13 +
 .../placebo-red/iam.ListUsers_1.json          |   25 +
 .../red_policy_test.py                        |    6 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   16 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeInstances_1.json              |  165 +++
 .../placebo-green/ec2.DescribeTags_1.json     |   20 +
 .../placebo-red/ec2.DescribeInstances_1.json  |  155 +++
 .../placebo-red/ec2.DescribeTags_1.json       |   20 +
 .../red_policy_test.py                        |    6 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   77 ++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   77 ++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../sqs.GetQueueAttributes_1.json             |   22 +
 .../placebo-green/sqs.ListQueues_1.json       |    9 +
 .../placebo-green/tagging.GetResources_1.json |   19 +
 .../placebo-red/sqs.GetQueueAttributes_1.json |   20 +
 .../placebo-red/sqs.ListQueues_1.json         |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    7 +
 .../ec2.DescribeInstanceAttribute_1.json      |   10 +
 .../ec2.DescribeInstances_1.json              |  493 ++++++++
 .../ec2.DescribeInstanceAttribute_1.json      |   10 +
 .../placebo-red/ec2.DescribeInstances_1.json  |  172 +++
 .../red_policy_test.py                        |    8 +
 .../rds.DescribeDBInstances_1.json            |  142 +++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBInstances_1.json            |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   76 ++
 .../red_policy_test.py                        |    9 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/eks.DescribeCluster_1.json  |   69 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../placebo-red/eks.DescribeCluster_1.json    |   69 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  137 +++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../rds.DescribeDBInstances_1.json            |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   15 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    6 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   15 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   15 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   15 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   15 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../iam.GetAccountPasswordPolicy_1.json       |   17 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GetAccountPasswordPolicy_1.json       |   16 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    6 +
 .../cloudtrail.DescribeTrails_1.json          |   21 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../cloudtrail.DescribeTrails_1.json          |   21 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    6 +
 .../cloudtrail.DescribeTrails_1.json          |   22 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  171 +++
 .../placebo-red/ec2.DescribeInstances_1.json  |  161 +++
 .../placebo-red/ec2.DescribeTags_1.json       |   14 +
 .../red_policy_test.py                        |    5 +
 ...DescribeConfigurationRecorderStatus_1.json |   43 +
 ...nfig.DescribeConfigurationRecorders_1.json |   17 +
 .../config.DescribeDeliveryChannels_1.json    |   12 +
 .../iam.ListAccountAliases_1.json             |   10 +
 ...DescribeConfigurationRecorderStatus_1.json |   12 +
 ...nfig.DescribeConfigurationRecorders_1.json |   19 +
 .../config.DescribeDeliveryChannels_1.json    |   12 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    9 +
 .../cloudtrail.DescribeTrails_1.json          |   21 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/kms.DescribeKey_1.json      |   31 +
 .../kms.GetKeyRotationStatus_1.json           |    7 +
 .../placebo-green/kms.ListAliases_1.json      |   77 ++
 .../placebo-green/kms.ListKeys_1.json         |   53 +
 .../placebo-green/tagging.GetResources_1.json |   36 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../kms.GetKeyRotationStatus_1.json           |    7 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/kms.ListKeys_1.json           |   13 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../ec2.DescribeSecurityGroups_1.json         |   43 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   17 +
 .../ec2.DescribeSecurityGroups_1.json         |   30 +
 .../red_policy_test.py                        |   16 +
 .../cloudfront.ListDistributions_1.json       |  148 +++
 .../placebo-green/tagging.GetResources_1.json |   13 +
 .../cloudfront.ListDistributions_1.json       |  148 +++
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    8 +
 .../placebo-green/eks.DescribeCluster_1.json  |   65 ++
 .../placebo-green/eks.DescribeCluster_2.json  |   63 +
 .../placebo-green/eks.ListClusters_1.json     |   10 +
 .../placebo-red/eks.DescribeCluster_1.json    |   65 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    6 +
 ...caling.DescribeLaunchConfigurations_1.json |    7 +
 .../batch.DescribeComputeEnvironments_1.json  |    7 +
 .../codebuild.ListProjects_1.json             |    7 +
 .../ec2.DescribeNetworkInterfaces_1.json      |   67 ++
 ...ec2.DescribeSecurityGroupReferences_1.json |    7 +
 .../ec2.DescribeSecurityGroups_1.json         |   27 +
 .../placebo-green/events.ListRules_1.json     |    7 +
 .../events.ListTargetsByRule_1.json           |    7 +
 .../placebo-green/lambda.ListFunctions_1.json |    7 +
 ...caling.DescribeLaunchConfigurations_1.json |    7 +
 .../batch.DescribeComputeEnvironments_1.json  |    7 +
 .../placebo-red/codebuild.ListProjects_1.json |    7 +
 .../ec2.DescribeNetworkInterfaces_1.json      |    7 +
 ...ec2.DescribeSecurityGroupReferences_1.json |    7 +
 .../ec2.DescribeSecurityGroups_1.json         |   27 +
 .../placebo-red/events.ListRules_1.json       |    7 +
 .../events.ListTargetsByRule_1.json           |    7 +
 .../placebo-red/lambda.ListFunctions_1.json   |    7 +
 .../red_policy_test.py                        |    9 +
 .../codebuild.BatchGetProjects_1.json         |  137 +++
 .../codebuild.ListProjects_1.json             |   10 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../codebuild.BatchGetProjects_1.json         |  145 +++
 .../placebo-red/codebuild.ListProjects_1.json |   10 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    9 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   62 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   62 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeAddresses_1.json              |   26 +
 .../placebo-red/ec2.DescribeAddresses_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   89 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    6 +
 .../es.DescribeElasticsearchDomains_1.json    |   75 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    6 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   76 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    6 +
 .../es.DescribeElasticsearchDomains_1.json    |   74 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    6 +
 .../red_policy_test.py                        |    8 +
 .../ec2.DescribeSnapshotAttribute_1.json      |    8 +
 .../ec2.DescribeSnapshots_1.json              |   34 +
 .../ec2.DescribeSnapshotAttribute_1.json      |   12 +
 .../placebo-red/ec2.DescribeSnapshots_1.json  |   39 +
 .../red_policy_test.py                        |    6 +
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    8 +
 .../placebo-green/lambda.ListFunctions_1.json |   36 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../placebo-red/lambda.ListFunctions_1.json   |   35 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   63 +
 .../redshift.DescribeClusters_1.json          |   67 ++
 .../red_policy_test.py                        |    8 +
 .../codebuild.BatchGetProjects_1.json         |   79 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../codebuild.BatchGetProjects_1.json         |   84 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    9 +
 .../rds.DescribeDBSnapshotAttributes_1.json   |   15 +
 .../rds.DescribeDBSnapshots_1.json            |   51 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBSnapshotAttributes_1.json   |   17 +
 .../rds.DescribeDBSnapshots_1.json            |   51 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  183 +++
 ...ssm.ListResourceComplianceSummaries_1.json |    7 +
 .../placebo-red/ec2.DescribeInstances_1.json  |  183 +++
 ...ssm.ListResourceComplianceSummaries_1.json |   51 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeImageAttribute_1.json         |    8 +
 .../placebo-green/ec2.DescribeImages_1.json   |   40 +
 .../ec2.DescribeImageAttribute_1.json         |   12 +
 .../placebo-red/ec2.DescribeImages_1.json     |   40 +
 .../red_policy_test.py                        |    5 +
 ....sagemaker.DescribeNotebookInstance_1.json |   41 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   16 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/ec2.DescribeSubnets_1.json  |   24 +
 .../placebo-red/ec2.DescribeSubnets_1.json    |   24 +
 .../red_policy_test.py                        |    5 +
 ....sagemaker.DescribeNotebookInstance_1.json |   40 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../api.sagemaker.ListTags_1.json             |   12 +
 ....sagemaker.DescribeNotebookInstance_1.json |   40 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   12 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.ListDistributions_1.json       |   12 +
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    6 +
 .../cloudfront.ListDistributions_1.json       |  138 +++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/acm.ListCertificates_1.json |    7 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.GetDistributionConfig_1.json   |  119 ++
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../cloudfront.GetDistributionConfig_1.json   |  119 ++
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   17 +
 ...waf-regional.ListResourcesForWebACL_1.json |    9 +
 .../waf-regional.ListWebACLs_1.json           |   13 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   17 +
 .../waf-regional.ListWebACLs_1.json           |    7 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/iam.GetUser_1.json          |   22 +
 .../placebo-green/iam.ListUserPolicies_1.json |    8 +
 .../placebo-green/iam.ListUsers_1.json        |   25 +
 .../placebo-red/iam.GetUser_1.json            |   22 +
 .../placebo-red/iam.ListUserPolicies_1.json   |   10 +
 .../placebo-red/iam.ListUsers_1.json          |   25 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   98 ++
 .../placebo-green/eks.DescribeCluster_1.json  |   71 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../ec2.DescribeSecurityGroups_1.json         |   51 +
 .../placebo-red/eks.DescribeCluster_1.json    |   70 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    9 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   29 +
 .../placebo-red/apigateway.GetRestApis_1.json |   29 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/apigateway.GetMethod_1.json |    9 +
 .../apigateway.GetResources_1.json            |   21 +
 .../apigateway.GetRestApis_1.json             |   29 +
 .../placebo-red/apigateway.GetMethod_1.json   |    9 +
 .../apigateway.GetResources_1.json            |   21 +
 .../placebo-red/apigateway.GetRestApis_1.json |   29 +
 .../red_policy_test.py                        |    6 +
 .../kinesis.DescribeStream_1.json             |   42 +
 .../placebo-green/kinesis.ListStreams_1.json  |   10 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../placebo-red/kinesis.DescribeStream_1.json |   42 +
 .../placebo-red/kinesis.ListStreams_1.json    |   10 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../kinesis.DescribeStream_1.json             |   42 +
 .../placebo-green/kinesis.ListStreams_1.json  |   10 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 .../placebo-red/kinesis.DescribeStream_1.json |   41 +
 .../placebo-red/kinesis.ListStreams_1.json    |   10 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   50 +
 .../ec2.DescribeSecurityGroups_1.json         |   50 +
 .../red_policy_test.py                        |    5 +
 .../dynamodb.DescribeTable_1.json             |   65 ++
 .../placebo-green/dynamodb.ListTables_1.json  |    9 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../placebo-red/dynamodb.DescribeTable_1.json |   60 +
 .../placebo-red/dynamodb.ListTables_1.json    |    9 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 ...asticfilesystem.DescribeFileSystems_1.json |   42 +
 .../placebo-green/tagging.GetResources_1.json |   18 +
 ...asticfilesystem.DescribeFileSystems_1.json |   41 +
 .../placebo-red/tagging.GetResources_1.json   |   18 +
 .../red_policy_test.py                        |    5 +
 ...asticfilesystem.DescribeFileSystems_1.json |   45 +
 .../placebo-green/kms.DescribeKey_1.json      |   31 +
 .../placebo-green/kms.ListAliases_1.json      |   14 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-green/tagging.GetResources_2.json |   22 +
 ...asticfilesystem.DescribeFileSystems_1.json |   45 +
 .../placebo-red/kms.DescribeKey_1.json        |   31 +
 .../placebo-red/kms.ListAliases_1.json        |   14 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   45 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   45 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   80 ++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   84 ++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   83 ++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../green_policy_test.py                      |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../red_policy_test.py                        |   11 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   44 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   12 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   44 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   12 +
 .../red_policy_test.py                        |    5 +
 ...sticloadbalancing.DescribeListeners_1.json |   34 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   43 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...sticloadbalancing.DescribeListeners_1.json |   34 +
 ...sticloadbalancing.DescribeListeners_2.json |   34 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   43 +
 .../elasticloadbalancing.DescribeTags_1.json  |   17 +
 .../red_policy_test.py                        |    5 +
 .../guardduty.GetDetector_1.json              |   26 +
 .../guardduty.GetMasterAccount_1.json         |    6 +
 .../guardduty.ListDetectors_1.json            |    9 +
 .../iam.ListAccountAliases_1.json             |    8 +
 .../guardduty.ListDetectors_1.json            |    7 +
 .../placebo-red/iam.ListAccountAliases_1.json |    8 +
 .../red_policy_test.py                        |    5 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    8 +
 .../access-analyzer.ListAnalyzers_1.json      |   36 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../access-analyzer.ListAnalyzers_1.json      |    7 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/iam.GetUser_1.json          |   22 +
 .../placebo-green/iam.ListAccessKeys_1.json   |   24 +
 .../placebo-green/iam.ListUsers_1.json        |   25 +
 .../placebo-red/iam.GetUser_1.json            |   22 +
 .../placebo-red/iam.ListAccessKeys_1.json     |   39 +
 .../placebo-red/iam.ListUsers_1.json          |   25 +
 .../red_policy_test.py                        |    6 +
 .../green_policy_test.py                      |    7 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../iam.ListServerCertificates_1.json         |   35 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeVolumes_1.json  |   45 +
 .../placebo-red/ec2.DescribeVolumes_1.json    |   44 +
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBInstances_1.json            |  133 +++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBInstances_1.json            |  133 +++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   29 +
 .../placebo-green/apigateway.GetStages_1.json |   49 +
 .../placebo-red/apigateway.GetRestApis_1.json |   29 +
 .../placebo-red/apigateway.GetStages_1.json   |   49 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   83 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   76 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   78 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   78 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   76 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   76 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    7 +
 .../rds.DescribeDBClusters_1.json             |   92 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   92 ++
 .../placebo-red/tagging.GetResources_1.json   |   35 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  141 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../rds.DescribeDBInstances_1.json            |  141 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusterParameters_1.json |  144 +++
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../redshift.DescribeLoggingStatus_1.json     |   18 +
 .../redshift.DescribeClusterParameters_1.json |  144 +++
 .../redshift.DescribeClusters_1.json          |  153 +++
 .../redshift.DescribeLoggingStatus_1.json     |    7 +
 .../red_policy_test.py                        |   15 +
 .../placebo-green/ecs.DescribeServices_1.json |  116 ++
 .../placebo-green/ecs.ListClusters_1.json     |    9 +
 .../placebo-green/ecs.ListServices_1.json     |    9 +
 .../placebo-red/ecs.DescribeServices_1.json   |  130 +++
 .../placebo-red/ecs.ListClusters_1.json       |    9 +
 .../placebo-red/ecs.ListServices_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   66 ++
 .../ec2.DescribeSecurityGroups_1.json         |   66 ++
 .../red_policy_test.py                        |    8 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../ec2.DescribeSecurityGroups_1.json         |   53 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSecurityGroups_1.json         |   66 ++
 .../ec2.DescribeSecurityGroups_1.json         |   66 ++
 .../red_policy_test.py                        |    8 +
 .../rds.DescribeDBClusters_1.json             |   92 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   92 ++
 .../placebo-red/tagging.GetResources_1.json   |   35 +
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBInstances_1.json            |  129 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../rds.DescribeDBInstances_1.json            |  129 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBSnapshots_1.json            |   61 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../rds.DescribeDBSnapshots_1.json            |   60 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   33 +
 .../placebo-green/apigateway.GetStages_1.json |   54 +
 .../placebo-red/apigateway.GetRestApis_1.json |   33 +
 .../placebo-red/apigateway.GetStages_1.json   |   53 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   50 +
 .../placebo-green/apigateway.GetStages_1.json |   37 +
 .../placebo-red/apigateway.GetRestApis_1.json |   29 +
 .../placebo-red/apigateway.GetStages_1.json   |   37 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.GetDistributionConfig_1.json   |  125 ++
 .../cloudfront.ListDistributions_1.json       |  138 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.GetDistributionConfig_1.json   |  125 ++
 .../cloudfront.ListDistributions_1.json       |  138 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.GetDistributionConfig_1.json   |  164 +++
 .../cloudfront.ListDistributions_1.json       |  177 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.GetDistributionConfig_1.json   |  119 ++
 .../cloudfront.ListDistributions_1.json       |  132 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../dms.DescribeReplicationInstances_1.json   |   97 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 .../dynamodb.DescribeContinuousBackups_1.json |   32 +
 .../dynamodb.DescribeTable_1.json             |   54 +
 .../placebo-green/dynamodb.ListTables_1.json  |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../dynamodb.DescribeContinuousBackups_1.json |   12 +
 .../placebo-red/dynamodb.DescribeTable_1.json |   54 +
 .../placebo-red/dynamodb.ListTables_1.json    |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/dax.DescribeClusters_1.json |   59 +
 .../placebo-green/dax.ListTags_1.json         |   16 +
 .../placebo-red/dax.DescribeClusters_1.json   |   59 +
 .../placebo-red/dax.ListTags_1.json           |   16 +
 .../red_policy_test.py                        |    5 +
 .../green_policy_test.py                      |    7 +
 .../ec2.DescribeInstances_1.json              |  168 +++
 .../placebo-red/ec2.DescribeInstances_1.json  |  168 +++
 .../red_policy_test.py                        |   14 +
 .../ec2.DescribeInstances_1.json              |  158 +++
 .../placebo-red/ec2.DescribeInstances_1.json  |  169 +++
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeVpcEndpoints_1.json           |   49 +
 .../placebo-green/ec2.DescribeVpcs_1.json     |   40 +
 .../ec2.DescribeVpcEndpoints_1.json           |   49 +
 .../placebo-red/ec2.DescribeVpcs_1.json       |   40 +
 .../red_policy_test.py                        |    7 +
 .../ec2.DescribeNetworkAcls_1.json            |   47 +
 .../ec2.DescribeNetworkAcls_1.json            |   41 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  162 +++
 .../placebo-red/ec2.DescribeInstances_1.json  |  204 ++++
 .../red_policy_test.py                        |    5 +
 .../ecs.DescribeTaskDefinition_1.json         |   58 +
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   55 +
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    7 +
 ...asticfilesystem.DescribeFileSystems_1.json |   49 +
 .../placebo-green/tagging.GetResources_1.json |   26 +
 ...asticfilesystem.DescribeFileSystems_1.json |   45 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 ...asticbeanstalk.DescribeEnvironments_1.json |   48 +
 ...lasticbeanstalk.ListTagsForResource_1.json |   29 +
 ...asticbeanstalk.DescribeEnvironments_1.json |   47 +
 ...lasticbeanstalk.ListTagsForResource_1.json |   29 +
 .../red_policy_test.py                        |    5 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   52 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   52 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   52 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   52 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 ...sticloadbalancing.DescribeListeners_1.json |   28 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...sticloadbalancing.DescribeListeners_1.json |   28 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    8 +
 .../elasticmapreduce.DescribeCluster_1.json   |   87 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    6 +
 .../es.DescribeElasticsearchDomains_1.json    |   78 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   78 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   85 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |    6 +
 .../es.DescribeElasticsearchDomains_1.json    |   85 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    6 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  143 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../rds.DescribeDBInstances_1.json            |  141 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   92 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   92 ++
 .../placebo-red/tagging.GetResources_1.json   |   35 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  133 +++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../rds.DescribeDBInstances_1.json            |  133 +++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  151 +++
 .../rds.DescribeDBInstances_1.json            |  150 +++
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBParameters_1.json           | 1030 +++++++++++++++++
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           | 1029 ++++++++++++++++
 .../red_policy_test.py                        |   23 +
 .../rds.DescribeDBInstances_1.json            |  154 +++
 .../rds.DescribeDBParameters_1.json           |   41 +
 .../rds.DescribeDBInstances_1.json            |  154 +++
 .../rds.DescribeDBParameters_1.json           |   39 +
 .../red_policy_test.py                        |   20 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBInstances_1.json            |  150 +++
 .../rds.DescribeDBParameters_1.json           |   42 +
 .../rds.DescribeDBInstances_1.json            |  150 +++
 .../rds.DescribeDBParameters_1.json           |   40 +
 .../red_policy_test.py                        |   26 +
 .../rds.DescribeDBInstances_1.json            |  150 +++
 .../rds.DescribeDBParameters_1.json           |   41 +
 .../rds.DescribeDBInstances_1.json            |  150 +++
 .../rds.DescribeDBParameters_1.json           |   40 +
 .../red_policy_test.py                        |   26 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBParameters_1.json           |   30 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBParameters_1.json           |   28 +
 .../red_policy_test.py                        |   22 +
 .../rds.DescribeDBInstances_1.json            |  141 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../rds.DescribeDBInstances_1.json            |  141 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   92 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   92 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   93 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   92 ++
 .../placebo-red/tagging.GetResources_1.json   |   35 +
 .../red_policy_test.py                        |    6 +
 .../rds.DescribeDBClusters_1.json             |  105 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../placebo-red/rds.DescribeDBClusters_1.json |   99 ++
 .../placebo-red/tagging.GetResources_1.json   |   35 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusterParameters_1.json |  134 +++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../redshift.DescribeClusterParameters_1.json |  134 +++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../red_policy_test.py                        |    7 +
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../redshift.DescribeClusters_1.json          |   79 ++
 .../red_policy_test.py                        |    5 +
 .../sns.GetTopicAttributes_1.json             |   22 +
 .../placebo-green/sns.ListTopics_1.json       |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/sns.GetTopicAttributes_1.json |   21 +
 .../placebo-red/sns.ListTopics_1.json         |   11 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  179 +++
 .../ssm.DescribeInstanceInformation_1.json    |   57 +
 .../placebo-red/ec2.DescribeInstances_1.json  |  175 +++
 .../ssm.DescribeInstanceInformation_1.json    |    7 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeInstances_1.json              |  179 +++
 ...ssm.ListResourceComplianceSummaries_1.json |    7 +
 .../placebo-red/ec2.DescribeInstances_1.json  |  179 +++
 ...ssm.ListResourceComplianceSummaries_1.json |   49 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  175 +++
 .../placebo-red/ec2.DescribeInstances_1.json  |  175 +++
 .../red_policy_test.py                        |    5 +
 .../placebo-green/eks.DescribeCluster_1.json  |   59 +
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../placebo-red/eks.DescribeCluster_1.json    |   64 +
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    7 +
 .../ec2.DescribeSecurityGroups_1.json         |   85 ++
 .../placebo-green/eks.DescribeCluster_1.json  |   70 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../ec2.DescribeSecurityGroups_1.json         |  149 +++
 .../placebo-red/eks.DescribeCluster_1.json    |   70 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |   10 +
 .../placebo-green/eks.DescribeCluster_1.json  |   69 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../placebo-red/eks.DescribeCluster_1.json    |   68 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../red_policy_test.py                        |    5 +
 .../api.ecr.DescribeRepositories_1.json       |   32 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../red_policy_test.py                        |    5 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.ListTagsForResource_1.json        |    7 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.ListTagsForResource_1.json        |    7 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   30 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   30 +
 .../red_policy_test.py                        |   22 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  134 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  135 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  147 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../ec2.DescribeTransitGateways_1.json        |   48 +
 .../ec2.DescribeTransitGateways_1.json        |   49 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeTransitGateways_1.json        |   48 +
 .../ec2.DescribeTransitGateways_1.json        |   49 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   30 +
 .../placebo-green/apigateway.GetStages_1.json |   37 +
 .../placebo-red/apigateway.GetRestApis_1.json |   30 +
 .../placebo-red/apigateway.GetStages_1.json   |   36 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   31 +
 .../placebo-red/apigateway.GetRestApis_1.json |   30 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   30 +
 .../placebo-green/apigateway.GetStages_1.json |   37 +
 .../placebo-red/apigateway.GetRestApis_1.json |   30 +
 .../placebo-red/apigateway.GetStages_1.json   |   36 +
 .../red_policy_test.py                        |    6 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   15 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   14 +
 .../red_policy_test.py                        |    5 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   15 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |    8 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   15 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../glue.GetSecurityConfigurations_1.json     |   36 +
 .../glue.GetSecurityConfigurations_1.json     |   35 +
 .../red_policy_test.py                        |    5 +
 .../glue.GetSecurityConfigurations_1.json     |   36 +
 .../glue.GetSecurityConfigurations_1.json     |   35 +
 .../red_policy_test.py                        |    5 +
 .../glue.GetSecurityConfigurations_1.json     |   36 +
 .../glue.GetSecurityConfigurations_1.json     |   35 +
 .../red_policy_test.py                        |    5 +
 .../elasticmapreduce.DescribeCluster_1.json   |   93 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    6 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    6 +
 .../elasticmapreduce.DescribeCluster_1.json   |   89 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeInternetGateways_1.json       |   28 +
 .../ec2.DescribeInternetGateways_1.json       |   23 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeVpnGateways_1.json            |   26 +
 .../ec2.DescribeVpnGateways_1.json            |   28 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   48 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   46 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   46 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   46 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   86 ++
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   86 ++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 ...asticache.DescribeReplicationGroups_1.json |   66 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...asticache.DescribeReplicationGroups_1.json |   65 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ...asticache.DescribeReplicationGroups_1.json |   76 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...asticache.DescribeReplicationGroups_1.json |   65 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   57 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../elasticache.DescribeCacheClusters_1.json  |   47 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   86 ++
 .../placebo-green/tagging.GetResources_1.json |   35 +
 .../elasticache.DescribeCacheClusters_1.json  |   86 ++
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    6 +
 .../es.DescribeElasticsearchDomains_1.json    |   92 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   88 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |   16 +
 .../red_policy_test.py                        |    7 +
 .../green_policy_test.py                      |    7 +
 .../elasticache.DescribeCacheClusters_1.json  |   57 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../elasticache.DescribeCacheClusters_1.json  |   57 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |   11 +
 .../es.DescribeElasticsearchDomains_1.json    |   84 ++
 .../placebo-green/es.ListDomainNames_1.json   |   12 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../es.DescribeElasticsearchDomains_1.json    |   84 ++
 .../placebo-red/es.ListDomainNames_1.json     |   12 +
 .../placebo-red/es.ListTags_1.json            |   16 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    8 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   82 ++
 .../placebo-green/es.ListDomainNames_1.json   |   11 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   81 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   83 ++
 .../placebo-green/es.ListDomainNames_1.json   |   12 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   82 ++
 .../placebo-red/es.ListDomainNames_1.json     |   11 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    5 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   79 ++
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 .../red_policy_test.py                        |    6 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../xray.GetEncryptionConfig_1.json           |   11 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../xray.GetEncryptionConfig_1.json           |   11 +
 .../red_policy_test.py                        |    8 +
 .../green_policy_test.py                      |    7 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ....DescribeWorkspacesConnectionStatus_1.json |   32 +
 .../workspaces.DescribeWorkspaces_1.json      |   29 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 ....DescribeWorkspacesConnectionStatus_1.json |   32 +
 .../workspaces.DescribeWorkspaces_1.json      |   29 +
 .../red_policy_test.py                        |   11 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   78 ++
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 .../red_policy_test.py                        |    5 +
 .../placebo-green/tagging.GetResources_1.json |   26 +
 .../workspaces.DescribeWorkspaces_1.json      |   29 +
 .../placebo-red/tagging.GetResources_1.json   |   26 +
 .../workspaces.DescribeWorkspaces_1.json      |   30 +
 .../red_policy_test.py                        |    5 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   78 ++
 .../placebo-green/ec2.DescribeImages_1.json   |   41 +
 .../placebo-green/ec2.DescribeKeyPairs_1.json |    7 +
 .../ec2.DescribeLaunchTemplateVersions_1.json |   30 +
 .../ec2.DescribeSecurityGroups_1.json         |    7 +
 .../placebo-green/ec2.DescribeSubnets_1.json  |   40 +
 ...loadbalancing.DescribeLoadBalancers_1.json |    7 +
 .../elasticloadbalancing.DescribeTags_1.json  |   12 +
 ...cloadbalancing.DescribeTargetGroups_1.json |   29 +
 ...cloadbalancing.DescribeTargetHealth_1.json |    7 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 .../placebo-red/ec2.DescribeImages_1.json     |   41 +
 .../placebo-red/ec2.DescribeKeyPairs_1.json   |    7 +
 .../ec2.DescribeLaunchTemplateVersions_1.json |   31 +
 .../ec2.DescribeSecurityGroups_1.json         |    7 +
 .../placebo-red/ec2.DescribeSubnets_1.json    |   24 +
 ...loadbalancing.DescribeLoadBalancers_1.json |    7 +
 .../elasticloadbalancing.DescribeTags_1.json  |   12 +
 ...cloadbalancing.DescribeTargetGroups_1.json |   29 +
 ...cloadbalancing.DescribeTargetHealth_1.json |    7 +
 .../red_policy_test.py                        |   10 +
 .../placebo-green/tagging.GetResources_1.json |   26 +
 .../workspaces.DescribeWorkspaces_1.json      |   29 +
 .../placebo-red/tagging.GetResources_1.json   |   26 +
 .../workspaces.DescribeWorkspaces_1.json      |   26 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/backup.GetBackupPlan_1.json |   37 +
 .../backup.ListBackupPlans_1.json             |   24 +
 .../placebo-green/backup.ListTags_1.json      |   10 +
 .../placebo-red/backup.GetBackupPlan_1.json   |   36 +
 .../placebo-red/backup.ListBackupPlans_1.json |   24 +
 .../placebo-red/backup.ListTags_1.json        |   10 +
 .../red_policy_test.py                        |    6 +
 .../backup.ListBackupVaults_1.json            |   24 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-green/tagging.GetResources_2.json |   22 +
 .../backup.ListBackupVaults_1.json            |   24 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |   11 +
 .../cloudfront.ListDistributions_1.json       |  152 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  152 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  143 +++
 .../rds.DescribeDBInstances_1.json            |  143 +++
 .../red_policy_test.py                        |    6 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../sqs.GetQueueAttributes_1.json             |   23 +
 .../placebo-green/sqs.ListQueues_1.json       |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/sqs.GetQueueAttributes_1.json |   23 +
 .../placebo-red/sqs.ListQueues_1.json         |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.ListDistributions_1.json       |  141 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  141 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../sqs.GetQueueAttributes_1.json             |   21 +
 .../placebo-green/sqs.ListQueues_1.json       |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/sqs.GetQueueAttributes_1.json |   21 +
 .../placebo-red/sqs.ListQueues_1.json         |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../cloudtrail.GetEventSelectors_1.json       |   15 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../cloudtrail.GetEventSelectors_1.json       |   22 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    9 +
 .../events.ListEventBuses_1.json              |   17 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/events.ListEventBuses_1.json  |   17 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../glacier.GetVaultAccessPolicy_1.json       |    9 +
 .../glacier.ListTagsForVault_1.json           |   10 +
 .../placebo-green/glacier.ListVaults_1.json   |   15 +
 .../glacier.GetVaultAccessPolicy_1.json       |    9 +
 .../glacier.ListTagsForVault_1.json           |   10 +
 .../placebo-red/glacier.ListVaults_1.json     |   15 +
 .../red_policy_test.py                        |    9 +
 ...DescribeConfigurationRecorderStatus_1.json |   33 +
 ...nfig.DescribeConfigurationRecorders_1.json |   19 +
 .../config.DescribeDeliveryChannels_1.json    |   12 +
 ...DescribeConfigurationRecorderStatus_1.json |   35 +
 ...nfig.DescribeConfigurationRecorders_1.json |   17 +
 .../config.DescribeDeliveryChannels_1.json    |   12 +
 .../red_policy_test.py                        |    5 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 ....sagemaker.DescribeNotebookInstance_1.json |   38 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   16 +
 .../red_policy_test.py                        |    5 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    8 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   17 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   18 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  146 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  145 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../dms.DescribeReplicationInstances_1.json   |   70 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeVolumes_1.json  |   45 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-red/ec2.DescribeVolumes_1.json    |   45 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeSnapshots_1.json              |   39 +
 .../placebo-red/ec2.DescribeSnapshots_1.json  |   38 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeVolumes_1.json  |   62 +
 .../placebo-red/ec2.DescribeVolumes_1.json    |   44 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  188 +++
 .../placebo-green/ec2.DescribeKeyPairs_1.json |   24 +
 .../placebo-red/ec2.DescribeInstances_1.json  |   14 +
 .../placebo-red/ec2.DescribeKeyPairs_1.json   |   24 +
 .../red_policy_test.py                        |    4 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../rds.DescribeDBParameters_1.json           |   19 +
 .../red_policy_test.py                        |   18 +
 .../green_policy_test.py                      |    7 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../workspaces.DescribeWorkspaceImages_1.json |   29 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../workspaces.DescribeWorkspaceImages_1.json |   29 +
 .../red_policy_test.py                        |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...spaces.DescribeWorkspaceDirectories_1.json |   51 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 ...spaces.DescribeWorkspaceDirectories_1.json |   51 +
 .../red_policy_test.py                        |    5 +
 .../fsx.DescribeFileSystems_1.json            |   60 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../fsx.DescribeFileSystems_1.json            |   38 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    8 +
 .../firehose.DescribeDeliveryStream_1.json    |   83 ++
 .../firehose.ListDeliveryStreams_1.json       |   10 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../firehose.DescribeDeliveryStream_1.json    |   72 ++
 .../firehose.ListDeliveryStreams_1.json       |   10 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/lambda.ListFunctions_1.json |   30 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ...pi.sagemaker.DescribeEndpointConfig_1.json |   28 +
 .../api.sagemaker.ListEndpointConfigs_1.json  |   22 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...pi.sagemaker.DescribeEndpointConfig_1.json |   27 +
 .../api.sagemaker.ListEndpointConfigs_1.json  |   22 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   16 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/lambda.ListFunctions_1.json |   36 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |    7 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/lambda.ListFunctions_1.json   |   35 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   16 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/mq.DescribeBroker_1.json    |   77 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-red/mq.DescribeBroker_1.json      |   77 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/mq.DescribeBroker_1.json    |   77 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-red/mq.DescribeBroker_1.json      |   77 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    6 +
 .../api.sagemaker.DescribeModel_1.json        |   25 +
 .../api.sagemaker.ListModels_1.json           |   22 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 .../api.sagemaker.DescribeModel_1.json        |   25 +
 .../api.sagemaker.ListModels_1.json           |   22 +
 .../placebo-red/api.sagemaker.ListTags_1.json |   16 +
 .../red_policy_test.py                        |    5 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/mq.DescribeBroker_1.json    |   77 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-red/mq.DescribeBroker_1.json      |   77 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    5 +
 .../green_policy_test.py                      |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../red_policy_test.py                        |   15 +
 .../ec2.DescribeSecurityGroups_1.json         |   54 +
 .../placebo-green/mq.DescribeBroker_1.json    |   89 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../ec2.DescribeSecurityGroups_1.json         |   41 +
 .../placebo-red/mq.DescribeBroker_1.json      |   89 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    8 +
 .../route53.ListHostedZones_1.json            |   20 +
 .../route53.ListResourceRecordSets_1.json     |   76 ++
 .../route53.ListHostedZones_1.json            |   20 +
 .../route53.ListResourceRecordSets_1.json     |   53 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/kafka.ListClustersV2_1.json |   79 ++
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kafka.ListClustersV2_1.json   |   79 ++
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |  763 ++++++++++++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    8 +
 .../placebo-green/kafka.ListClustersV2_1.json |   79 ++
 .../placebo-red/kafka.ListClustersV2_1.json   |  225 ++++
 .../red_policy_test.py                        |    5 +
 .../route53.ListHostedZones_1.json            |   20 +
 .../route53.ListQueryLoggingConfigs_1.json    |   13 +
 .../route53.ListTagsForResources_1.json       |   22 +
 .../route53.ListHostedZones_1.json            |   20 +
 .../route53.ListQueryLoggingConfigs_1.json    |    7 +
 .../route53.ListTagsForResources_1.json       |   22 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/kafka.ListClustersV2_1.json |   87 ++
 .../placebo-red/kafka.ListClustersV2_1.json   |   79 ++
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../red_policy_test.py                        |    6 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../sns.GetTopicAttributes_1.json             |   22 +
 .../sns.ListTagsForResource_1.json            |   16 +
 .../placebo-green/sns.ListTopics_1.json       |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   32 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/sns.GetTopicAttributes_1.json |   22 +
 .../sns.ListTagsForResource_1.json            |   16 +
 .../placebo-red/sns.ListTopics_1.json         |   11 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    6 +
 .../redshift.DescribeClusterParameters_1.json |   18 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../redshift.DescribeLoggingStatus_1.json     |   17 +
 .../redshift.DescribeClusterParameters_1.json |   18 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../redshift.DescribeLoggingStatus_1.json     |   17 +
 .../red_policy_test.py                        |   13 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../placebo-red/tagging.GetResources_1.json   |    9 +
 .../red_policy_test.py                        |    8 +
 .../redshift.DescribeClusterParameters_1.json |   18 +
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../redshift.DescribeClusterParameters_1.json |   18 +
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../red_policy_test.py                        |   12 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../route53domains.ListDomains_1.json         |   23 +
 .../route53domains.ListTagsForDomain_1.json   |    7 +
 .../red_policy_test.py                        |    6 +
 .../apigateway.GetRestApis_1.json             |   34 +
 .../placebo-green/apigateway.GetStages_1.json |   45 +
 .../placebo-red/apigateway.GetRestApis_1.json |   34 +
 .../placebo-red/apigateway.GetStages_1.json   |   54 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ecs.DescribeClusters_1.json |   45 +
 .../placebo-green/ecs.ListClusters_1.json     |    9 +
 .../placebo-red/ecs.DescribeClusters_1.json   |   42 +
 .../placebo-red/ecs.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   34 +
 .../placebo-green/apigateway.GetStages_1.json |   58 +
 .../placebo-red/apigateway.GetRestApis_1.json |   34 +
 .../placebo-red/apigateway.GetStages_1.json   |   54 +
 .../red_policy_test.py                        |    6 +
 .../airflow.GetEnvironment_1.json             |   87 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/airflow.GetEnvironment_1.json |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../kinesisvideo.ListStreams_1.json           |   27 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   59 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../kinesisvideo.ListStreams_1.json           |   27 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ...caling.DescribeLaunchConfigurations_1.json |   36 +
 ...caling.DescribeLaunchConfigurations_1.json |   36 +
 .../red_policy_test.py                        |    5 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   16 +
 ...ue.GetDataCatalogEncryptionSettings_1.json |   15 +
 .../red_policy_test.py                        |    5 +
 .../fsx.DescribeFileSystems_1.json            |   65 ++
 .../fsx.DescribeFileSystems_1.json            |   60 +
 .../red_policy_test.py                        |    5 +
 .../ds.DescribeDirectories_1.json             |   56 +
 .../ds.ListTagsForResource_1.json             |   16 +
 .../ec2.DescribeSecurityGroups_1.json         |  274 +++++
 .../placebo-red/ds.DescribeDirectories_1.json |   56 +
 .../placebo-red/ds.ListTagsForResource_1.json |   16 +
 .../ec2.DescribeSecurityGroups_1.json         |  274 +++++
 .../red_policy_test.py                        |    8 +
 .../fsx.DescribeFileSystems_1.json            |   62 +
 .../fsx.DescribeFileSystems_1.json            |   62 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...spaces.DescribeWorkspaceDirectories_1.json |   51 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 ...spaces.DescribeWorkspaceDirectories_1.json |   51 +
 .../red_policy_test.py                        |    5 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../cloudtrail.GetEventSelectors_1.json       |   22 +
 .../placebo-green/tagging.GetResources_1.json |    8 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../cloudtrail.GetEventSelectors_1.json       |   15 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    9 +
 .../placebo-green/kms.DescribeKey_1.json      |   32 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-green/tagging.GetResources_2.json |   22 +
 .../workspaces.DescribeWorkspaces_1.json      |   26 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../workspaces.DescribeWorkspaces_1.json      |   29 +
 .../red_policy_test.py                        |    9 +
 .../placebo-green/ec2.DescribeImages_1.json   |   50 +
 .../placebo-red/ec2.DescribeImages_1.json     |   40 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeVolumes_1.json  |   40 +
 .../placebo-red/ec2.DescribeVolumes_1.json    |   30 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSnapshots_1.json              |   39 +
 .../placebo-red/ec2.DescribeSnapshots_1.json  |   29 +
 .../red_policy_test.py                        |    6 +
 .../ec2.DescribeAddresses_1.json              |   25 +
 .../placebo-red/ec2.DescribeAddresses_1.json  |   15 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeNetworkInterfaces_1.json      |   46 +
 .../ec2.DescribeNetworkInterfaces_1.json      |   37 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInternetGateways_1.json       |   28 +
 .../ec2.DescribeInternetGateways_1.json       |   19 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeNatGateways_1.json            |   41 +
 .../ec2.DescribeNatGateways_1.json            |   32 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeNetworkAcls_1.json            |   41 +
 .../ec2.DescribeNetworkAcls_1.json            |   32 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeRouteTables_1.json            |   33 +
 .../ec2.DescribeRouteTables_1.json            |   24 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeSecurityGroups_1.json         |   27 +
 .../ec2.DescribeSecurityGroups_1.json         |   17 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeSubnets_1.json  |   41 +
 .../placebo-red/ec2.DescribeSubnets_1.json    |   31 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeTransitGateways_1.json        |   45 +
 .../ec2.DescribeTransitGateways_1.json        |   36 +
 .../red_policy_test.py                        |    5 +
 ...2.DescribeTransitGatewayAttachments_1.json |   41 +
 .../ec2.DescribeTransitGateways_1.json        |   45 +
 ...2.DescribeTransitGatewayAttachments_1.json |   32 +
 .../ec2.DescribeTransitGateways_1.json        |   36 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeVpcPeeringConnections_1.json  |   57 +
 .../ec2.DescribeVpcPeeringConnections_1.json  |   48 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/ec2.DescribeVpcs_1.json     |   36 +
 .../placebo-red/ec2.DescribeVpcs_1.json       |   26 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeVpcEndpoints_1.json           |   44 +
 .../ec2.DescribeVpcEndpoints_1.json           |   35 +
 .../red_policy_test.py                        |    5 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/appflow.DescribeFlow_1.json |   77 ++
 .../placebo-green/appflow.ListFlows_1.json    |   42 +
 .../placebo-red/appflow.DescribeFlow_1.json   |   74 ++
 .../placebo-red/appflow.ListFlows_1.json      |   39 +
 .../red_policy_test.py                        |    5 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 ...toscaling.DescribeAutoScalingGroups_1.json |   62 +
 .../red_policy_test.py                        |    5 +
 .../cloudformation.DescribeStacks_1.json      |   45 +
 .../cloudformation.DescribeStacks_1.json      |   36 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.ListDistributions_1.json       |  142 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  142 +++
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    4 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudtrail.DescribeTrails_1.json          |   20 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../codebuild.BatchGetProjects_1.json         |   93 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codebuild.BatchGetProjects_1.json         |   85 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/dax.DescribeClusters_1.json |   61 +
 .../placebo-green/dax.ListTags_1.json         |   16 +
 .../placebo-red/dax.DescribeClusters_1.json   |   61 +
 .../placebo-red/dax.ListTags_1.json           |    7 +
 .../red_policy_test.py                        |    7 +
 .../dlm.GetLifecyclePolicies_1.json           |   18 +
 .../dlm.GetLifecyclePolicy_1.json             |   75 ++
 .../dlm.GetLifecyclePolicies_1.json           |   15 +
 .../placebo-red/dlm.GetLifecyclePolicy_1.json |   72 ++
 .../red_policy_test.py                        |    5 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |   16 +
 .../dms.DescribeReplicationInstances_1.json   |   96 ++
 .../dms.ListTagsForResource_1.json            |    7 +
 .../red_policy_test.py                        |    8 +
 .../placebo-green/ecs.DescribeClusters_1.json |   32 +
 .../placebo-green/ecs.ListClusters_1.json     |    9 +
 .../placebo-red/ecs.DescribeClusters_1.json   |   23 +
 .../placebo-red/ecs.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/eks.DescribeCluster_1.json  |   69 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../placebo-red/eks.DescribeCluster_1.json    |   66 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 ...asticfilesystem.DescribeFileSystems_1.json |   44 +
 ...asticfilesystem.DescribeFileSystems_1.json |   35 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   57 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../elasticache.DescribeCacheClusters_1.json  |   47 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 ...asticbeanstalk.DescribeEnvironments_1.json |   47 +
 ...lasticbeanstalk.ListTagsForResource_1.json |   29 +
 ...asticbeanstalk.DescribeEnvironments_1.json |   47 +
 ...lasticbeanstalk.ListTagsForResource_1.json |   21 +
 .../red_policy_test.py                        |    6 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   73 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   63 +
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    4 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   79 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    5 +
 .../es.DescribeElasticsearchDomains_1.json    |   83 ++
 .../placebo-green/es.ListDomainNames_1.json   |   12 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   83 ++
 .../placebo-red/es.ListDomainNames_1.json     |   12 +
 .../placebo-red/es.ListTags_1.json            |    7 +
 .../red_policy_test.py                        |    8 +
 .../fsx.DescribeFileSystems_1.json            |   60 +
 .../fsx.DescribeFileSystems_1.json            |   51 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/fsx.DescribeBackups_1.json  |   54 +
 .../placebo-red/fsx.DescribeBackups_1.json    |   45 +
 .../red_policy_test.py                        |    5 +
 .../glacier.ListTagsForVault_1.json           |   10 +
 .../placebo-green/glacier.ListVaults_1.json   |   15 +
 .../glacier.ListTagsForVault_1.json           |    7 +
 .../placebo-red/glacier.ListVaults_1.json     |   15 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/glue.GetJobs_1.json         |   55 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/glue.GetJobs_1.json           |   45 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/iam.GetUser_1.json          |   32 +
 .../placebo-green/iam.ListUsers_1.json        |   25 +
 .../placebo-red/iam.GetUser_1.json            |   22 +
 .../placebo-red/iam.ListUsers_1.json          |   25 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/iam.GetRole_1.json          |   35 +
 .../placebo-green/iam.ListRoles_1.json        |   27 +
 .../placebo-red/iam.GetRole_1.json            |   25 +
 .../placebo-red/iam.ListRoles_1.json          |   27 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kafka.ListClustersV2_1.json |   79 ++
 .../placebo-red/kafka.ListClustersV2_1.json   |   76 ++
 .../red_policy_test.py                        |    5 +
 .../kinesis.DescribeStream_1.json             |   54 +
 .../placebo-green/kinesis.ListStreams_1.json  |   10 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kinesis.DescribeStream_1.json |   45 +
 .../placebo-red/kinesis.ListStreams_1.json    |   10 +
 .../placebo-red/tagging.GetResources_1.json   |   13 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/kms.ListKeys_1.json         |   13 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/kms.ListKeys_1.json           |   13 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    4 +
 .../placebo-green/lambda.ListFunctions_1.json |   30 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../lightsail.GetInstances_1.json             |  117 ++
 .../placebo-red/lightsail.GetInstances_1.json |  108 ++
 .../red_policy_test.py                        |    5 +
 .../logs.DescribeLogGroups_1.json             |   15 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/logs.DescribeLogGroups_1.json |   15 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    4 +
 .../placebo-green/mq.DescribeBroker_1.json    |   77 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-red/mq.DescribeBroker_1.json      |   74 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   85 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/qldb.DescribeLedger_1.json  |   31 +
 .../placebo-green/qldb.ListLedgers_1.json     |   22 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/qldb.DescribeLedger_1.json    |   21 +
 .../placebo-red/qldb.ListLedgers_1.json       |   22 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   93 ++
 .../placebo-red/rds.DescribeDBClusters_1.json |   84 ++
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBSnapshots_1.json            |   71 ++
 .../rds.DescribeDBSnapshots_1.json            |   62 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../redshift.DescribeClusters_1.json          |   85 ++
 .../red_policy_test.py                        |    5 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../api.sagemaker.ListTags_1.json             |   16 +
 ....sagemaker.DescribeNotebookInstance_1.json |   37 +
 ...api.sagemaker.ListNotebookInstances_1.json |   35 +
 .../placebo-red/api.sagemaker.ListTags_1.json |    7 +
 .../red_policy_test.py                        |    5 +
 .../sns.GetTopicAttributes_1.json             |   21 +
 .../placebo-green/sns.ListTopics_1.json       |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/sns.GetTopicAttributes_1.json |   21 +
 .../sns.ListTagsForResource_1.json            |    7 +
 .../placebo-red/sns.ListTopics_1.json         |   11 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    7 +
 .../sqs.GetQueueAttributes_1.json             |   20 +
 .../placebo-green/sqs.ListQueues_1.json       |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/sqs.GetQueueAttributes_1.json |   20 +
 .../placebo-red/sqs.ListQueues_1.json         |    9 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/mq.DescribeBroker_1.json    |   89 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-red/mq.DescribeBroker_1.json      |   77 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/mq.DescribeBroker_1.json    |   57 +
 .../placebo-green/mq.DescribeBroker_2.json    |   77 ++
 .../placebo-green/mq.ListBrokers_1.json       |   46 +
 .../placebo-red/mq.DescribeBroker_1.json      |   57 +
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/mq.DescribeBroker_1.json    |   78 ++
 .../placebo-green/mq.ListBrokers_1.json       |   27 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   33 +
 .../placebo-red/kms.ListAliases_1.json        |   34 +
 .../placebo-red/mq.DescribeBroker_1.json      |   78 ++
 .../placebo-red/mq.ListBrokers_1.json         |   27 +
 .../placebo-red/tagging.GetResources_1.json   |    8 +
 .../red_policy_test.py                        |    8 +
 .../kinesis.DescribeStream_1.json             |   52 +
 .../placebo-green/kinesis.ListStreams_1.json  |   10 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kinesis.DescribeStream_1.json |   44 +
 .../placebo-red/kinesis.ListStreams_1.json    |   10 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/qldb.DescribeLedger_1.json  |   21 +
 .../placebo-green/qldb.ListLedgers_1.json     |   22 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/qldb.DescribeLedger_1.json    |   21 +
 .../placebo-red/qldb.ListLedgers_1.json       |   22 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/qldb.DescribeLedger_1.json  |   21 +
 .../placebo-green/qldb.ListLedgers_1.json     |   22 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/qldb.DescribeLedger_1.json    |   21 +
 .../placebo-red/qldb.ListLedgers_1.json       |   22 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   87 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   84 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   87 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   84 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   84 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    6 +
 .../airflow.GetEnvironment_1.json             |   87 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   87 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |  108 ++
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   69 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../elasticache.DescribeCacheClusters_1.json  |   46 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../elasticache.DescribeCacheClusters_1.json  |   52 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../elasticache.DescribeCacheClusters_1.json  |   48 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../elasticmapreduce.DescribeCluster_1.json   |   88 ++
 .../elasticmapreduce.ListClusters_1.json      |   42 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/glue.GetJobs_1.json         |   48 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/glue.GetJobs_1.json           |   45 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/lambda.ListFunctions_1.json |   40 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/lambda.ListFunctions_1.json |   35 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   35 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/lambda.ListFunctions_1.json |   30 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/lambda.GetFunction_1.json   |   41 +
 .../placebo-green/lambda.ListFunctions_1.json |   30 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.GetFunction_1.json     |   38 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    4 +
 .../placebo-green/ecs.DescribeClusters_1.json |   43 +
 .../placebo-green/ecs.ListClusters_1.json     |    9 +
 .../placebo-red/ecs.DescribeClusters_1.json   |   32 +
 .../placebo-red/ecs.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../fsx.DescribeFileSystems_1.json            |  143 +++
 .../fsx.DescribeFileSystems_1.json            |   64 +
 .../red_policy_test.py                        |    5 +
 .../fsx.DescribeFileSystems_1.json            |   82 ++
 .../fsx.DescribeFileSystems_1.json            |   77 ++
 .../red_policy_test.py                        |    6 +
 .../fsx.DescribeFileSystems_1.json            |   68 ++
 .../fsx.DescribeFileSystems_1.json            |   66 ++
 .../red_policy_test.py                        |    6 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   60 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   60 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 .../apigateway.GetRestApis_1.json             |   33 +
 .../placebo-red/apigateway.GetRestApis_1.json |   33 +
 .../red_policy_test.py                        |    5 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   79 ++
 ...toscaling.DescribeAutoScalingGroups_1.json |   77 ++
 .../red_policy_test.py                        |    5 +
 ...caling.DescribeLaunchConfigurations_1.json |   40 +
 ...caling.DescribeLaunchConfigurations_1.json |   35 +
 .../red_policy_test.py                        |    5 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |   11 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   64 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...cing.DescribeLoadBalancerAttributes_1.json |   27 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   68 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../cloudformation.DescribeStacks_1.json      |   49 +
 .../cloudformation.DescribeStacks_1.json      |   49 +
 .../red_policy_test.py                        |    6 +
 .../cloudfront.ListDistributions_1.json       |  144 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  144 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../logs.DescribeLogGroups_1.json             |   16 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |    5 +
 .../placebo-red/kms.ListAliases_1.json        |    8 +
 .../placebo-red/logs.DescribeLogGroups_1.json |   15 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    4 +
 .../codebuild.BatchGetProjects_1.json         |   99 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codebuild.BatchGetProjects_1.json         |   99 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../codebuild.BatchGetProjects_1.json         |   95 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codebuild.BatchGetProjects_1.json         |   93 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../codebuild.BatchGetProjects_1.json         |   96 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codebuild.BatchGetProjects_1.json         |   93 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    6 +
 .../codebuild.BatchGetProjects_1.json         |   96 ++
 .../codebuild.ListProjects_1.json             |    9 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codebuild.BatchGetProjects_1.json         |   96 ++
 .../placebo-red/codebuild.ListProjects_1.json |    9 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../codedeploy.GetDeploymentGroup_1.json      |   95 ++
 .../codedeploy.ListApplications_1.json        |    9 +
 .../codedeploy.ListDeploymentGroups_1.json    |   10 +
 .../codedeploy.ListTagsForResource_1.json     |   16 +
 .../codedeploy.GetDeploymentGroup_1.json      |   38 +
 .../codedeploy.ListApplications_1.json        |    9 +
 .../codedeploy.ListDeploymentGroups_1.json    |   10 +
 .../codedeploy.ListTagsForResource_1.json     |   16 +
 .../red_policy_test.py                        |    6 +
 .../codedeploy.GetDeploymentGroup_1.json      |   23 +
 .../codedeploy.ListApplications_1.json        |    9 +
 .../codedeploy.ListDeploymentGroups_1.json    |   10 +
 .../codedeploy.ListTagsForResource_1.json     |   16 +
 .../codedeploy.GetDeploymentGroup_1.json      |   23 +
 .../codedeploy.ListApplications_1.json        |    9 +
 .../codedeploy.ListDeploymentGroups_1.json    |   10 +
 .../codedeploy.ListTagsForResource_1.json     |   16 +
 .../red_policy_test.py                        |    6 +
 .../codepipeline.GetPipeline_1.json           |  126 ++
 .../codepipeline.ListPipelines_1.json         |   32 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../codepipeline.GetPipeline_1.json           |  122 ++
 .../codepipeline.ListPipelines_1.json         |   32 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../logs.DescribeLogGroups_1.json             |   17 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/logs.DescribeLogGroups_1.json |   16 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  194 ++++
 .../placebo-red/ec2.DescribeInstances_1.json  |  194 ++++
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeInstances_1.json              |  194 ++++
 .../placebo-red/ec2.DescribeInstances_1.json  |  194 ++++
 .../red_policy_test.py                        |    5 +
 .../ec2.DescribeTransitGateways_1.json        |   45 +
 .../ec2.DescribeTransitGateways_1.json        |   45 +
 .../red_policy_test.py                        |    5 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.GetLifecyclePolicy_1.json         |   19 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../api.ecr.DescribeRepositories_1.json       |   31 +
 .../api.ecr.GetLifecyclePolicy_1.json         |   11 +
 .../api.ecr.ListTagsForResource_1.json        |   16 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/ecs.DescribeServices_1.json |  234 ++++
 .../placebo-green/ecs.ListClusters_1.json     |    9 +
 .../placebo-green/ecs.ListServices_1.json     |    9 +
 .../placebo-red/ecs.DescribeServices_1.json   |  164 +++
 .../placebo-red/ecs.ListClusters_1.json       |    9 +
 .../placebo-red/ecs.ListServices_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 .../ecs.DescribeTaskDefinition_1.json         |   68 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   71 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    5 +
 .../ecs.DescribeTaskDefinition_1.json         |   68 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   65 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/eks.DescribeCluster_1.json  |   69 ++
 .../placebo-green/eks.ListClusters_1.json     |    9 +
 .../placebo-red/eks.DescribeCluster_1.json    |   69 ++
 .../placebo-red/eks.ListClusters_1.json       |    9 +
 .../red_policy_test.py                        |    5 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   43 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   38 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/iam.GetGroup_1.json         |   41 +
 .../placebo-green/iam.ListGroups_1.json       |   25 +
 .../placebo-red/iam.GetGroup_1.json           |   24 +
 .../placebo-red/iam.ListGroups_1.json         |   25 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/lambda.ListFunctions_1.json |   40 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   39 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    7 +
 .../es.DescribeElasticsearchDomains_1.json    |   87 ++
 .../placebo-green/es.ListDomainNames_1.json   |   12 +
 .../placebo-green/es.ListTags_1.json          |   16 +
 .../es.DescribeElasticsearchDomains_1.json    |   86 ++
 .../placebo-red/es.ListDomainNames_1.json     |   12 +
 .../placebo-red/es.ListTags_1.json            |   16 +
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBClusters_1.json             |   93 ++
 .../placebo-red/rds.DescribeDBClusters_1.json |   93 ++
 .../red_policy_test.py                        |    5 +
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../rds.DescribeDBInstances_1.json            |  144 +++
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../red_policy_test.py                        |    5 +
 .../redshift.DescribeClusters_1.json          |   95 ++
 .../redshift.DescribeClusters_1.json          |   94 ++
 .../red_policy_test.py                        |    5 +
 .../sns.GetTopicAttributes_1.json             |   23 +
 .../placebo-green/sns.ListTopics_1.json       |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/sns.GetTopicAttributes_1.json |   21 +
 .../placebo-red/sns.ListTopics_1.json         |   11 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../airflow.GetEnvironment_1.json             |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../placebo-red/airflow.GetEnvironment_1.json |   86 ++
 .../airflow.ListEnvironments_1.json           |    9 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/dax.DescribeClusters_1.json |   61 +
 .../placebo-green/dax.ListTags_1.json         |   16 +
 .../placebo-red/dax.DescribeClusters_1.json   |   61 +
 .../placebo-red/dax.ListTags_1.json           |   16 +
 .../red_policy_test.py                        |    5 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   65 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   66 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   46 +
 .../elasticloadbalancing.DescribeTags_1.json  |   21 +
 .../red_policy_test.py                        |    5 +
 .../acm.DescribeCertificate_1.json            |   84 ++
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../acm.DescribeCertificate_1.json            |   84 ++
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-green/iam.GetUser_1.json          |   32 +
 .../placebo-green/iam.ListUsers_1.json        |   25 +
 .../iam.GenerateCredentialReport_1.json       |    8 +
 .../iam.GetCredentialReport_1.json            |   18 +
 .../placebo-red/iam.GetUser_1.json            |   32 +
 .../placebo-red/iam.ListUsers_1.json          |   25 +
 .../red_policy_test.py                        |    5 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../securityhub.DescribeHub_1.json            |    9 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../securityhub.DescribeHub_1.json            |   12 +
 .../red_policy_test.py                        |    4 +
 .../placebo-green/s3.GetBucketAcl_1.json      |   20 +
 .../s3.GetBucketLifecycleConfiguration_1.json |   11 +
 .../placebo-green/s3.GetBucketLocation_1.json |    6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |    6 +
 ....GetBucketNotificationConfiguration_1.json |   25 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |   11 +
 .../s3.GetBucketReplication_1.json            |   11 +
 .../placebo-green/s3.GetBucketTagging_1.json  |   16 +
 .../s3.GetBucketVersioning_1.json             |    6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |   11 +
 .../placebo-green/s3.ListBuckets_1.json       |   25 +
 .../placebo-red/s3.GetBucketAcl_1.json        |   20 +
 .../s3.GetBucketLifecycleConfiguration_1.json |   11 +
 .../placebo-red/s3.GetBucketLocation_1.json   |    6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |    6 +
 ....GetBucketNotificationConfiguration_1.json |    6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |   11 +
 .../s3.GetBucketReplication_1.json            |   11 +
 .../placebo-red/s3.GetBucketTagging_1.json    |   16 +
 .../placebo-red/s3.GetBucketVersioning_1.json |    6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |   11 +
 .../placebo-red/s3.ListBuckets_1.json         |   25 +
 .../red_policy_test.py                        |    8 +
 .../ec2.DescribeVpnConnections_1.json         |   87 ++
 .../ec2.DescribeVpnConnections_1.json         |   87 ++
 .../red_policy_test.py                        |    6 +
 ...caling.DescribeLaunchConfigurations_1.json |   40 +
 ...caling.DescribeLaunchConfigurations_1.json |   40 +
 .../red_policy_test.py                        |    5 +
 .../ecs.DescribeTaskDefinition_1.json         |   65 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   62 +
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    5 +
 .../ecs.DescribeTaskDefinition_1.json         |   66 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   74 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    7 +
 .../placebo-green/kms.DescribeKey_1.json      |   33 +
 .../placebo-green/kms.ListAliases_1.json      |   34 +
 .../placebo-green/kms.ListKeys_1.json         |   13 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/kms.DescribeKey_1.json        |   43 +
 .../placebo-red/kms.ListAliases_1.json        |    8 +
 .../placebo-red/kms.ListKeys_1.json           |   13 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../placebo-green/waf.GetWebACL_1.json        |   25 +
 .../placebo-green/waf.GetWebACL_2.json        |   25 +
 .../placebo-green/waf.ListWebACLs_1.json      |   16 +
 .../placebo-red/waf.GetWebACL_1.json          |   16 +
 .../placebo-red/waf.ListWebACLs_1.json        |   12 +
 .../red_policy_test.py                        |    8 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-green/acm.ListCertificates_1.json |   12 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../acm.DescribeCertificate_1.json            |   49 +
 .../placebo-red/acm.ListCertificates_1.json   |   12 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../cloudfront.ListDistributions_1.json       |  210 ++++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  210 ++++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 .../ec2.GetEbsEncryptionByDefault_1.json      |    7 +
 .../iam.ListAccountAliases_1.json             |   10 +
 .../ec2.GetEbsEncryptionByDefault_1.json      |    7 +
 .../placebo-red/iam.ListAccountAliases_1.json |   10 +
 .../red_policy_test.py                        |    5 +
 .../green_policy_test.py                      |    7 +
 .../acm.DescribeCertificate_1.json            |   76 ++
 .../placebo-green/acm.ListCertificates_1.json |   11 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../acm.DescribeCertificate_1.json            |   76 ++
 .../placebo-red/acm.ListCertificates_1.json   |   11 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |   13 +
 .../placebo-green/ec2.DescribeKeyPairs_1.json |   24 +
 .../placebo-red/ec2.DescribeKeyPairs_1.json   |   15 +
 .../red_policy_test.py                        |    5 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   48 +
 ...toscaling.DescribeAutoScalingGroups_1.json |   96 ++
 .../red_policy_test.py                        |    6 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   73 ++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 ...loadbalancing.DescribeLoadBalancers_1.json |   73 ++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/lambda.ListFunctions_1.json |   30 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/lambda.ListFunctions_1.json   |   30 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    6 +
 .../ecs.DescribeTaskDefinition_1.json         |   71 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../ecs.DescribeTaskDefinition_1.json         |   71 ++
 .../ecs.ListTaskDefinitions_1.json            |    9 +
 .../red_policy_test.py                        |    6 +
 .../cloudfront.ListDistributions_1.json       |  143 +++
 .../placebo-green/s3.ListBuckets_1.json       |   25 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  143 +++
 .../placebo-red/s3.ListBuckets_1.json         |   25 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |   10 +
 .../cloudfront.ListDistributions_1.json       |  145 +++
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../cloudfront.ListDistributions_1.json       |  144 +++
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    6 +
 .../placebo-green/glue.GetJobs_1.json         |   47 +
 .../placebo-green/tagging.GetResources_1.json |   22 +
 .../placebo-red/glue.GetJobs_1.json           |   47 +
 .../placebo-red/tagging.GetResources_1.json   |   22 +
 .../red_policy_test.py                        |    5 +
 2337 files changed, 89729 insertions(+)
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red_policy_test.py
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green_policy_test.py
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeFlowLogs_1.json
 create mode 100644 tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeFlowLogs_1.json
 create mode 100644 tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red_policy_test.py
 create mode 100644 tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-083-rds_high-availability_zone/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-083-rds_high-availability_zone/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-083-rds_high-availability_zone/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-083-rds_high-availability_zone/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-083-rds_high-availability_zone/red_policy_test.py
 create mode 100644 tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green_policy_test.py
 create mode 100644 tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-green/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-red/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red_policy_test.py
 create mode 100644 tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green_policy_test.py
 create mode 100644 tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-green/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-red/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red_policy_test.py
 create mode 100644 tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red_policy_test.py
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-092-remove_weak_ciphers_for_clb/red_policy_test.py
 create mode 100644 tests/ecc-aws-093-clb_uses_https/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-093-clb_uses_https/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-093-clb_uses_https/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-093-clb_uses_https/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-093-clb_uses_https/red_policy_test.py
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/red_policy_test.py
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/green_policy_test.py
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-096-credentials_unused_for_45_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListAttachedUserPolicies_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetPolicy_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListAttachedUserPolicies_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red_policy_test.py
 create mode 100644 tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-098-iam_password_policy_password_reuse/red_policy_test.py
 create mode 100644 tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-099-instance_without_any_tag/red_policy_test.py
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-101-clb_access_logging_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstanceAttribute_1.json
 create mode 100644 tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstanceAttribute_1.json
 create mode 100644 tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-103-instance_without_termination_protection/red_policy_test.py
 create mode 100644 tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-105-rds_instance_with_no_backups/red_policy_test.py
 create mode 100644 tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-109-prevent_0-65535_ingress_and_all/red_policy_test.py
 create mode 100644 tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/red_policy_test.py
 create mode 100644 tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/red_policy_test.py
 create mode 100644 tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/red_policy_test.py
 create mode 100644 tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/red_policy_test.py
 create mode 100644 tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/red_policy_test.py
 create mode 100644 tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/red_policy_test.py
 create mode 100644 tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/red_policy_test.py
 create mode 100644 tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red_policy_test.py
 create mode 100644 tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/red_policy_test.py
 create mode 100644 tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/red_policy_test.py
 create mode 100644 tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/red_policy_test.py
 create mode 100644 tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/red_policy_test.py
 create mode 100644 tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-124-eks_cluster_version_latest/red_policy_test.py
 create mode 100644 tests/ecc-aws-140-rds_without_tag_information/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-140-rds_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-140-rds_without_tag_information/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-140-rds_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-140-rds_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/red_policy_test.py
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-169-ensure_no_root_account_access_key_exists/red_policy_test.py
 create mode 100644 tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/red_policy_test.py
 create mode 100644 tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-171-iam_password_policy_one_symbol/red_policy_test.py
 create mode 100644 tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-172-iam_password_policy_one_number/red_policy_test.py
 create mode 100644 tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-173-iam_password_min_length_ge_14/red_policy_test.py
 create mode 100644 tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.GetAccountPasswordPolicy_1.json
 create mode 100644 tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red_policy_test.py
 create mode 100644 tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-176-cloudtrail_log_validation_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red_policy_test.py
 create mode 100644 tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red_policy_test.py
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorders_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeDeliveryChannels_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorders_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeDeliveryChannels_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-183-config_enabled_all_regions/red_policy_test.py
 create mode 100644 tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red_policy_test.py
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.GetKeyRotationStatus_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.GetKeyRotationStatus_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-185-kms_key_rotation_is_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-186-security_group_ingress_is_restricted_22/red_policy_test.py
 create mode 100644 tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-187-security_group_ingress_is_restricted_3389/red_policy_test.py
 create mode 100644 tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red_policy_test.py
 create mode 100644 tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red_policy_test.py
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_2.json
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-191-eks_cluster_protected_endpoint_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/batch.DescribeComputeEnvironments_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeNetworkInterfaces_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroupReferences_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListRules_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListTargetsByRule_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/batch.DescribeComputeEnvironments_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeNetworkInterfaces_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroupReferences_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListRules_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListTargetsByRule_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-196-unused_ec2_security_groups/red_policy_test.py
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-197-codebuild_project_source_repo_url_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-198-autoscaling_group_health_checks/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-198-autoscaling_group_health_checks/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-198-autoscaling_group_health_checks/red_policy_test.py
 create mode 100644 tests/ecc-aws-199-unused_eip_should_be_removed/placebo-green/ec2.DescribeAddresses_1.json
 create mode 100644 tests/ecc-aws-199-unused_eip_should_be_removed/placebo-red/ec2.DescribeAddresses_1.json
 create mode 100644 tests/ecc-aws-199-unused_eip_should_be_removed/red_policy_test.py
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/red_policy_test.py
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red_policy_test.py
 create mode 100644 tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshotAttribute_1.json
 create mode 100644 tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshotAttribute_1.json
 create mode 100644 tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red_policy_test.py
 create mode 100644 tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-210-cloud_front_waf_integration/red_policy_test.py
 create mode 100644 tests/ecc-aws-212-lambda_in_vpc/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-212-lambda_in_vpc/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-212-lambda_in_vpc/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-212-lambda_in_vpc/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-212-lambda_in_vpc/red_policy_test.py
 create mode 100644 tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-215-redshift_cluster_prohibit_public_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red_policy_test.py
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshotAttributes_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshotAttributes_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-219-rds_snapshot_prohibit_public_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ssm.ListResourceComplianceSummaries_1.json
 create mode 100644 tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ssm.ListResourceComplianceSummaries_1.json
 create mode 100644 tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/red_policy_test.py
 create mode 100644 tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImageAttribute_1.json
 create mode 100644 tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImageAttribute_1.json
 create mode 100644 tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-222-ami_public_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/red_policy_test.py
 create mode 100644 tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-green/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-red/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red_policy_test.py
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red_policy_test.py
 create mode 100644 tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-240-acm_has_certificates_single_domain_names/red_policy_test.py
 create mode 100644 tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-241-acm_has_no_unused_certificates/red_policy_test.py
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-242-cloudfront_distribution_access_logging/red_policy_test.py
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/red_policy_test.py
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListResourcesForWebACL_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/waf-regional.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-245-alb_is_protected_by_waf_regional/red_policy_test.py
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUserPolicies_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUserPolicies_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red_policy_test.py
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red_policy_test.py
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-249-expired_certificates_are_removed_from_acm/red_policy_test.py
 create mode 100644 tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-250-rest_api_gateway_is_set_to_private/red_policy_test.py
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetMethod_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetResources_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetMethod_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetResources_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-251-api_key_is_required_on_method_request/red_policy_test.py
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red_policy_test.py
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red_policy_test.py
 create mode 100644 tests/ecc-aws-255-restrict_outbound_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-255-restrict_outbound_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-255-restrict_outbound_traffic/red_policy_test.py
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-257-efs_is_encrypted/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-257-efs_is_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-257-efs_is_encrypted/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-257-efs_is_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-257-efs_is_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_2.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red_policy_test.py
 create mode 100644 tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-260-redshift_instances_are_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-261-rds_cluster_storage_is_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/green_policy_test.py
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-262-expired_route53_domain_names/red_policy_test.py
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-263-enable_elb_access_logs/red_policy_test.py
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeListeners_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_2.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-264-update_security_policy_of_network_load_balancer/red_policy_test.py
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetDetector_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetMasterAccount_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.ListDetectors_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/guardduty.ListDetectors_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-267-guardduty_service_is_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
 create mode 100644 tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/access-analyzer.ListAnalyzers_1.json
 create mode 100644 tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/access-analyzer.ListAnalyzers_1.json
 create mode 100644 tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-276-iam_access_analyzer_is_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListAccessKeys_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListAccessKeys_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red_policy_test.py
 create mode 100644 tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green_policy_test.py
 create mode 100644 tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-green/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-red/iam.ListServerCertificates_1.json
 create mode 100644 tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red_policy_test.py
 create mode 100644 tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-green/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-red/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-289-ebs_volume_without_encrypt/red_policy_test.py
 create mode 100644 tests/ecc-aws-291-rds_public_access_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-291-rds_public_access_disabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-291-rds_public_access_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-291-rds_public_access_disabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-291-rds_public_access_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red_policy_test.py
 create mode 100644 tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red_policy_test.py
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-294-clb_connection_draining_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red_policy_test.py
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red_policy_test.py
 create mode 100644 tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red_policy_test.py
 create mode 100644 tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red_policy_test.py
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
 create mode 100644 tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.DescribeServices_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListServices_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.DescribeServices_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListServices_1.json
 create mode 100644 tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red_policy_test.py
 create mode 100644 tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red_policy_test.py
 create mode 100644 tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red_policy_test.py
 create mode 100644 tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red_policy_test.py
 create mode 100644 tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red_policy_test.py
 create mode 100644 tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red_policy_test.py
 create mode 100644 tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red_policy_test.py
 create mode 100644 tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red_policy_test.py
 create mode 100644 tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red_policy_test.py
 create mode 100644 tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red_policy_test.py
 create mode 100644 tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-319-rds_instances_storage_is_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-323-rest_api_aws_x_ray_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-324-cloudfront_default_root_object_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-326-cloudfront_origin_failover_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-327-dms_replication_not_public/red_policy_test.py
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeContinuousBackups_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeContinuousBackups_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-329-dynamodb_tables_pitr_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-330-dynamodb_dax_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-331-ec2_stopped_instance/green_policy_test.py
 create mode 100644 tests/ecc-aws-331-ec2_stopped_instance/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-331-ec2_stopped_instance/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-331-ec2_stopped_instance/red_policy_test.py
 create mode 100644 tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-332-ec2_instance_no_public_ip/red_policy_test.py
 create mode 100644 tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcEndpoints_1.json
 create mode 100644 tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcEndpoints_1.json
 create mode 100644 tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-333-ec2_service_use_vpc_endpoints/red_policy_test.py
 create mode 100644 tests/ecc-aws-334-vpc_unused_network_acl/placebo-green/ec2.DescribeNetworkAcls_1.json
 create mode 100644 tests/ecc-aws-334-vpc_unused_network_acl/placebo-red/ec2.DescribeNetworkAcls_1.json
 create mode 100644 tests/ecc-aws-334-vpc_unused_network_acl/red_policy_test.py
 create mode 100644 tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red_policy_test.py
 create mode 100644 tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red_policy_test.py
 create mode 100644 tests/ecc-aws-337-efs_in_backup_plan/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-337-efs_in_backup_plan/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-337-efs_in_backup_plan/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-337-efs_in_backup_plan/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-337-efs_in_backup_plan/red_policy_test.py
 create mode 100644 tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
 create mode 100644 tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
 create mode 100644 tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-339-alb_drop_invalid_http_header/red_policy_test.py
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-341-elb_deletion_protection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeListeners_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeListeners_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-342-alb_http_to_https_redirection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-343-emr_master_nodes_no_public_ip/red_policy_test.py
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-348-rds_instance_deletion_protection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-349-rds_oracle_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-350-rds_postgresql_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-351-rds_mysql_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-353-rds_sql_server_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-354-rds_aurora_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-357-rds_instance_iam_authentication_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-358-rds_cluster_iam_authentication_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-360-rds_cluster_multi_az_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-368-sns_kms_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ssm.DescribeInstanceInformation_1.json
 create mode 100644 tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ssm.DescribeInstanceInformation_1.json
 create mode 100644 tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/red_policy_test.py
 create mode 100644 tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ssm.ListResourceComplianceSummaries_1.json
 create mode 100644 tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ssm.ListResourceComplianceSummaries_1.json
 create mode 100644 tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-372-ec2_instance_imdsv2_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-373-eks_control_plane_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red_policy_test.py
 create mode 100644 tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-375-eks_secrets_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-376-ecr_immutable_image_tags/red_policy_test.py
 create mode 100644 tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red_policy_test.py
 create mode 100644 tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-385-postgresql_log_connections_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red_policy_test.py
 create mode 100644 tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-393-postgresql_log_duration_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red_policy_test.py
 create mode 100644 tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-398-rest_api_gateway_cache_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red_policy_test.py
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red_policy_test.py
 create mode 100644 tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-402-glue_job_bookmarks_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-green/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-red/glue.GetSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-404-glue_s3_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-405-emr_kerberos_authentication_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-407-emr_clusters_in_vpc/red_policy_test.py
 create mode 100644 tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-408-emr_logging_to_s3_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-green/ec2.DescribeInternetGateways_1.json
 create mode 100644 tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-red/ec2.DescribeInternetGateways_1.json
 create mode 100644 tests/ecc-aws-409-vpc_unused_internet_gateway/red_policy_test.py
 create mode 100644 tests/ecc-aws-411-unused_virtual_private_gateways/placebo-green/ec2.DescribeVpnGateways_1.json
 create mode 100644 tests/ecc-aws-411-unused_virtual_private_gateways/placebo-red/ec2.DescribeVpnGateways_1.json
 create mode 100644 tests/ecc-aws-411-unused_virtual_private_gateways/red_policy_test.py
 create mode 100644 tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/red_policy_test.py
 create mode 100644 tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-414-elasticache_automatic_backups/red_policy_test.py
 create mode 100644 tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-415-elasticache_encrypted_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/elasticache.DescribeReplicationGroups_1.json
 create mode 100644 tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/elasticache.DescribeReplicationGroups_1.json
 create mode 100644 tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/elasticache.DescribeReplicationGroups_1.json
 create mode 100644 tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/elasticache.DescribeReplicationGroups_1.json
 create mode 100644 tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-418-elasticache_redis_multi_az_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-419-elasticache_redis_auth_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-420-elasticache_latest_version/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-420-elasticache_latest_version/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-420-elasticache_latest_version/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-420-elasticache_latest_version/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-420-elasticache_latest_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-425-elasticsearch_slow_logs_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green_policy_test.py
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-430-autoscaling_group_cooldown_period/red_policy_test.py
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-431-elasticsearch_enforces_https/red_policy_test.py
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-432-elasticsearch_latest_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-433-autoscaling_group_has_associated_elb/red_policy_test.py
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/xray.GetEncryptionConfig_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/xray.GetEncryptionConfig_1.json
 create mode 100644 tests/ecc-aws-434-xray-encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/green_policy_test.py
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspacesConnectionStatus_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspacesConnectionStatus_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-435-workspaces_unused_instances/red_policy_test.py
 create mode 100644 tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-436-autoscaling_group_utilize_multi_az/red_policy_test.py
 create mode 100644 tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-437-workspaces_instances_are_healthy/red_policy_test.py
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeLaunchTemplateVersions_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetHealth_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeLaunchTemplateVersions_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetGroups_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetHealth_1.json
 create mode 100644 tests/ecc-aws-438-autoscaling_group_has_valid_configuration/red_policy_test.py
 create mode 100644 tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-439-workspaces_storage_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.GetBackupPlan_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListBackupPlans_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListTags_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.GetBackupPlan_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListBackupPlans_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListTags_1.json
 create mode 100644 tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/backup.ListBackupVaults_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_2.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/backup.ListBackupVaults_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red_policy_test.py
 create mode 100644 tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red_policy_test.py
 create mode 100644 tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-445-rds_mysql_instances_latest_major_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red_policy_test.py
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-449-sqs_not_open_to_everyone/red_policy_test.py
 create mode 100644 tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.GetEventSelectors_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.GetEventSelectors_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-452-cloudtrail_logs_management_events/red_policy_test.py
 create mode 100644 tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/events.ListEventBuses_1.json
 create mode 100644 tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/events.ListEventBuses_1.json
 create mode 100644 tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-453-event_bus_is_exposed_to_everyone/red_policy_test.py
 create mode 100644 tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.GetVaultAccessPolicy_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListTagsForVault_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListVaults_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.GetVaultAccessPolicy_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListTagsForVault_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListVaults_1.json
 create mode 100644 tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red_policy_test.py
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorders_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeDeliveryChannels_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorders_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeDeliveryChannels_1.json
 create mode 100644 tests/ecc-aws-459-config_delivery_failed/red_policy_test.py
 create mode 100644 tests/ecc-aws-461-dms_latest_version/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-461-dms_latest_version/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-461-dms_latest_version/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-461-dms_latest_version/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-461-dms_latest_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-469-dms_auto_minor_version_upgrade/red_policy_test.py
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-473-oracle_global_names_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-474-oracle_remote_listener_flag_empty/red_policy_test.py
 create mode 100644 tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red_policy_test.py
 create mode 100644 tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red_policy_test.py
 create mode 100644 tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red_policy_test.py
 create mode 100644 tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-479-oracle_sql92_security_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-480-oracle_trace_files_public/red_policy_test.py
 create mode 100644 tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-481-oracle_resource_limit_flag_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-482-dms_multi_az_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-green/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-red/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-488-ebs_snapshot_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-489-unused_ebs_volumes/placebo-green/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-489-unused_ebs_volumes/placebo-red/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-489-unused_ebs_volumes/red_policy_test.py
 create mode 100644 tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-490-unused_ec2_access_keys/red_policy_test.py
 create mode 100644 tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red_policy_test.py
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/green_policy_test.py
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/workspaces.DescribeWorkspaceImages_1.json
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/workspaces.DescribeWorkspaceImages_1.json
 create mode 100644 tests/ecc-aws-493-workspaces_images_not_older_than_90_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
 create mode 100644 tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
 create mode 100644 tests/ecc-aws-494-workspaces_web_access_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.DescribeDeliveryStream_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.ListDeliveryStreams_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.DescribeDeliveryStream_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.ListDeliveryStreams_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red_policy_test.py
 create mode 100644 tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-497-lambda_active_tracing_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.DescribeEndpointConfig_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListEndpointConfigs_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.DescribeEndpointConfig_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListEndpointConfigs_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-501-sagemaker_instance_root_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-503-mq_broker_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.DescribeModel_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListModels_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.DescribeModel_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListModels_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-504-sagemaker_network_isolation_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-506-mq_broker_not_publicly_accessible/red_policy_test.py
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/green_policy_test.py
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-507-route53_domain_expires_in_30_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red_policy_test.py
 create mode 100644 tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListHostedZones_1.json
 create mode 100644 tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListResourceRecordSets_1.json
 create mode 100644 tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListHostedZones_1.json
 create mode 100644 tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListResourceRecordSets_1.json
 create mode 100644 tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-green/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-red/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-512-msk_encryption_in_transit_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListHostedZones_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListQueryLoggingConfigs_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListTagsForResources_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListHostedZones_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListQueryLoggingConfigs_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListTagsForResources_1.json
 create mode 100644 tests/ecc-aws-513-route53_query_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-514-msk_logging_enabled/placebo-green/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-514-msk_logging_enabled/placebo-red/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-514-msk_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-515-rds_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-516-sns_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
 create mode 100644 tests/ecc-aws-517-redshift_user_activity_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-519-redshift_not_using_default_port/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-519-redshift_not_using_default_port/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-519-redshift_not_using_default_port/red_policy_test.py
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusterParameters_1.json
 create mode 100644 tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-521-redshift_parameter_group_require_ssl/red_policy_test.py
 create mode 100644 tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListDomains_1.json
 create mode 100644 tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
 create mode 100644 tests/ecc-aws-522-route53_transfer_lock_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetStages_1.json
 create mode 100644 tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
 create mode 100644 tests/ecc-aws-532-glue_connection_passwords_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-537-fsx_lustre_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-538-ds_directory_not_open_to_large_scope/red_policy_test.py
 create mode 100644 tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red_policy_test.py
 create mode 100644 tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
 create mode 100644 tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
 create mode 100644 tests/ecc-aws-542-workspaces_maintenance_mode_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.GetEventSelectors_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.GetEventSelectors_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-547-cloudtrail_logs_data_events/red_policy_test.py
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_2.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/workspaces.DescribeWorkspaces_1.json
 create mode 100644 tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-550-ami_without_tag_information/placebo-green/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-550-ami_without_tag_information/placebo-red/ec2.DescribeImages_1.json
 create mode 100644 tests/ecc-aws-550-ami_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-551-ebs_without_tag_information/placebo-green/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-551-ebs_without_tag_information/placebo-red/ec2.DescribeVolumes_1.json
 create mode 100644 tests/ecc-aws-551-ebs_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-green/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-red/ec2.DescribeSnapshots_1.json
 create mode 100644 tests/ecc-aws-552-ebs_snapshot_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-553-eip_without_tag_information/placebo-green/ec2.DescribeAddresses_1.json
 create mode 100644 tests/ecc-aws-553-eip_without_tag_information/placebo-red/ec2.DescribeAddresses_1.json
 create mode 100644 tests/ecc-aws-553-eip_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-555-eni_without_tag_information/placebo-green/ec2.DescribeNetworkInterfaces_1.json
 create mode 100644 tests/ecc-aws-555-eni_without_tag_information/placebo-red/ec2.DescribeNetworkInterfaces_1.json
 create mode 100644 tests/ecc-aws-555-eni_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-green/ec2.DescribeInternetGateways_1.json
 create mode 100644 tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-red/ec2.DescribeInternetGateways_1.json
 create mode 100644 tests/ecc-aws-556-internet_gateway_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-green/ec2.DescribeNatGateways_1.json
 create mode 100644 tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-red/ec2.DescribeNatGateways_1.json
 create mode 100644 tests/ecc-aws-557-nat_gateway_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-558-network_acl_without_tag_information/placebo-green/ec2.DescribeNetworkAcls_1.json
 create mode 100644 tests/ecc-aws-558-network_acl_without_tag_information/placebo-red/ec2.DescribeNetworkAcls_1.json
 create mode 100644 tests/ecc-aws-558-network_acl_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-559-route_table_without_tag_information/placebo-green/ec2.DescribeRouteTables_1.json
 create mode 100644 tests/ecc-aws-559-route_table_without_tag_information/placebo-red/ec2.DescribeRouteTables_1.json
 create mode 100644 tests/ecc-aws-559-route_table_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-560-security_group_without_tag_information/placebo-green/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-560-security_group_without_tag_information/placebo-red/ec2.DescribeSecurityGroups_1.json
 create mode 100644 tests/ecc-aws-560-security_group_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-561-subnet_without_tag_information/placebo-green/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-561-subnet_without_tag_information/placebo-red/ec2.DescribeSubnets_1.json
 create mode 100644 tests/ecc-aws-561-subnet_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-562-transit_gateway_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGatewayAttachments_1.json
 create mode 100644 tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGatewayAttachments_1.json
 create mode 100644 tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-564-peering_connection_without_tag_information/placebo-green/ec2.DescribeVpcPeeringConnections_1.json
 create mode 100644 tests/ecc-aws-564-peering_connection_without_tag_information/placebo-red/ec2.DescribeVpcPeeringConnections_1.json
 create mode 100644 tests/ecc-aws-564-peering_connection_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-565-vpc_without_tag_information/placebo-green/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-565-vpc_without_tag_information/placebo-red/ec2.DescribeVpcs_1.json
 create mode 100644 tests/ecc-aws-565-vpc_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-green/ec2.DescribeVpcEndpoints_1.json
 create mode 100644 tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-red/ec2.DescribeVpcEndpoints_1.json
 create mode 100644 tests/ecc-aws-566-vpc_endpoint_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-567-acm_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.DescribeFlow_1.json
 create mode 100644 tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.ListFlows_1.json
 create mode 100644 tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.DescribeFlow_1.json
 create mode 100644 tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.ListFlows_1.json
 create mode 100644 tests/ecc-aws-568-app_flow_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-569-auto_scaling_group_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-green/cloudformation.DescribeStacks_1.json
 create mode 100644 tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-red/cloudformation.DescribeStacks_1.json
 create mode 100644 tests/ecc-aws-574-cloudformation_stacks_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-575-cloudfront_distributions_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-578-cloudtrail_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-580-codebuild_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-582-dax_clusters_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicies_1.json
 create mode 100644 tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicy_1.json
 create mode 100644 tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicies_1.json
 create mode 100644 tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicy_1.json
 create mode 100644 tests/ecc-aws-583-dlm_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.DescribeReplicationInstances_1.json
 create mode 100644 tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-584-dms_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-585-ecs_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-586-eks_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-587-efs_without_tag_information/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-587-efs_without_tag_information/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-587-efs_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-588-elasticache_clusters_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
 create mode 100644 tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
 create mode 100644 tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-590-beanstalk_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-591-elb_without_tag_information/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-591-elb_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-591-elb_without_tag_information/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-591-elb_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-591-elb_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-592-emr_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-593-elasticsearch_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-596-fsx_without_tag_information/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-596-fsx_without_tag_information/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-596-fsx_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-green/fsx.DescribeBackups_1.json
 create mode 100644 tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-red/fsx.DescribeBackups_1.json
 create mode 100644 tests/ecc-aws-597-fsx_backup_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListTagsForVault_1.json
 create mode 100644 tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListVaults_1.json
 create mode 100644 tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListTagsForVault_1.json
 create mode 100644 tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListVaults_1.json
 create mode 100644 tests/ecc-aws-599-glacier_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-600-glue_job_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-608-iam_user_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.GetRole_1.json
 create mode 100644 tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.ListRoles_1.json
 create mode 100644 tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.GetRole_1.json
 create mode 100644 tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.ListRoles_1.json
 create mode 100644 tests/ecc-aws-609-iam_role_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-green/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-red/kafka.ListClustersV2_1.json
 create mode 100644 tests/ecc-aws-611-msk_clusters_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-613-kinesis_data_stream_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-615-kms_key_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-616-lambda_functions_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-green/lightsail.GetInstances_1.json
 create mode 100644 tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-red/lightsail.GetInstances_1.json
 create mode 100644 tests/ecc-aws-617-lightsail_instance_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-619-mq_brokers_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-620-mwaa_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-624-qldb_ledgers_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-625-rds_cluster_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-green/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-red/rds.DescribeDBSnapshots_1.json
 create mode 100644 tests/ecc-aws-626-rds_snapshot_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-627-redshift_clusters_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListNotebookInstances_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListTags_1.json
 create mode 100644 tests/ecc-aws-630-sagemaker_instances_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-632-sns_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.GetQueueAttributes_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.ListQueues_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-633-sqs_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-638-mq_broker_active_deployment_mode/red_policy_test.py
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_2.json
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-639-mq_broker_latest_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.DescribeBroker_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.ListBrokers_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.DescribeStream_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.ListStreams_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-643-qldb_permission_mode_is_standard/red_policy_test.py
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.DescribeLedger_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.ListLedgers_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-644-qldb_deletion_protection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-654-mwaa_task_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-656-mwaa_worker_logs_set_correctly/red_policy_test.py
 create mode 100644 tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-664-elasticache_redis_logs_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
 create mode 100644 tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-665-elasticache_notifications_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-669-emr_termination_protection_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-680-lambda_latest_runtime_environment_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.GetFunction_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.GetFunction_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-681-lambda_concurrency_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-690-ecs_exec_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
 create mode 100644 tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-696-alb_desync_mode_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-green/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-red/apigateway.GetRestApis_1.json
 create mode 100644 tests/ecc-aws-697-api_gw_endpoint_type_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red_policy_test.py
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-707-clb_desync_mode_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-708-clb-multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-708-clb-multiple_az/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-708-clb-multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-708-clb-multiple_az/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-708-clb-multiple_az/red_policy_test.py
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-green/cloudformation.DescribeStacks_1.json
 create mode 100644 tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-red/cloudformation.DescribeStacks_1.json
 create mode 100644 tests/ecc-aws-710-cloudformation_stack_drift_detection_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-712-cloudfront_sni_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-717-codebuild_project_artifact_encryption/red_policy_test.py
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-718-codebuild_project_environment_privileged_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-719-codebuild_project_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.BatchGetProjects_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.ListProjects_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/red_policy_test.py
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListApplications_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListApplications_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListApplications_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListApplications_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.GetPipeline_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.ListPipelines_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.GetPipeline_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.ListPipelines_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red_policy_test.py
 create mode 100644 tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/logs.DescribeLogGroups_1.json
 create mode 100644 tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-green/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-red/ec2.DescribeInstances_1.json
 create mode 100644 tests/ecc-aws-739-ec2_token_hop_limit_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
 create mode 100644 tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.GetLifecyclePolicy_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.DescribeRepositories_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.GetLifecyclePolicy_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.ListTagsForResource_1.json
 create mode 100644 tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/red_policy_test.py
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListServices_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListClusters_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListServices_1.json
 create mode 100644 tests/ecc-aws-744-ecs_fargate_latest_platform_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/red_policy_test.py
 create mode 100644 tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-746-ecs_task_definition_pid_mode_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.ListClusters_1.json
 create mode 100644 tests/ecc-aws-751-eks_cluster_oldest_supported_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-755-elbv2_multiple_az/red_policy_test.py
 create mode 100644 tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.GetGroup_1.json
 create mode 100644 tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.ListGroups_1.json
 create mode 100644 tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.GetGroup_1.json
 create mode 100644 tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.ListGroups_1.json
 create mode 100644 tests/ecc-aws-760-iam_group_has_users_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-762-lambda_vpc_multi_az_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListDomainNames_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListTags_1.json
 create mode 100644 tests/ecc-aws-769-opensearch_access_control_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-771-rds_cluster_default_admin_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-773-rds_instance_default_admin_check/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-773-rds_instance_default_admin_check/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-773-rds_instance_default_admin_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-776-redshift_default_admin_check/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-776-redshift_default_admin_check/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-776-redshift_default_admin_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-777-redshift_default_db_name_check/placebo-green/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-777-redshift_default_db_name_check/placebo-red/redshift.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-777-redshift_default_db_name_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.GetTopicAttributes_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.ListTopics_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.GetEnvironment_1.json
 create mode 100644 tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.ListEnvironments_1.json
 create mode 100644 tests/ecc-aws-787-mwaa_latest_version/red_policy_test.py
 create mode 100644 tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.DescribeClusters_1.json
 create mode 100644 tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.ListTags_1.json
 create mode 100644 tests/ecc-aws-800-dax_ecnrypted_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-808-clb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-808-clb_internet_facing/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-808-clb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-808-clb_internet_facing/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-808-clb_internet_facing/red_policy_test.py
 create mode 100644 tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeTags_1.json
 create mode 100644 tests/ecc-aws-809-elb_internet_facing/red_policy_test.py
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red_policy_test.py
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetCredentialReport_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetUser_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.ListUsers_1.json
 create mode 100644 tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red_policy_test.py
 create mode 100644 tests/ecc-aws-897-security_hub_enabled/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-897-security_hub_enabled/placebo-green/securityhub.DescribeHub_1.json
 create mode 100644 tests/ecc-aws-897-security_hub_enabled/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-897-security_hub_enabled/placebo-red/securityhub.DescribeHub_1.json
 create mode 100644 tests/ecc-aws-897-security_hub_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-899-s3_event_notifications_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-green/ec2.DescribeVpnConnections_1.json
 create mode 100644 tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-red/ec2.DescribeVpnConnections_1.json
 create mode 100644 tests/ecc-aws-902-vpc_vpn_2_tunnels_up/red_policy_test.py
 create mode 100644 tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
 create mode 100644 tests/ecc-aws-904-autoscaling_launch_config_hop_limit/red_policy_test.py
 create mode 100644 tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-906-ecs_containers_readonly_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-907-ecs_no_environment_secrets/red_policy_test.py
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.DescribeKey_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListKeys_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red_policy_test.py
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_1.json
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_2.json
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.GetWebACL_1.json
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-917-waf_global_webacl_not_empty/red_policy_test.py
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-938-cloudfront_encryption_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/ec2.GetEbsEncryptionByDefault_1.json
 create mode 100644 tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/ec2.GetEbsEncryptionByDefault_1.json
 create mode 100644 tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/iam.ListAccountAliases_1.json
 create mode 100644 tests/ecc-aws-939-ebs_default_encryption_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green_policy_test.py
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.DescribeCertificate_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.ListCertificates_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red_policy_test.py
 create mode 100644 tests/ecc-aws-949-key_pair_without_tag_information/placebo-green/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-949-key_pair_without_tag_information/placebo-red/ec2.DescribeKeyPairs_1.json
 create mode 100644 tests/ecc-aws-949-key_pair_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-950-autoscaling_launch_template/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-950-autoscaling_launch_template/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
 create mode 100644 tests/ecc-aws-950-autoscaling_launch_template/red_policy_test.py
 create mode 100644 tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
 create mode 100644 tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-951-clb_acm_certificate_required/red_policy_test.py
 create mode 100644 tests/ecc-aws-953-lambda_function_settings_check/placebo-green/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-953-lambda_function_settings_check/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-953-lambda_function_settings_check/placebo-red/lambda.ListFunctions_1.json
 create mode 100644 tests/ecc-aws-953-lambda_function_settings_check/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-953-lambda_function_settings_check/red_policy_test.py
 create mode 100644 tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
 create mode 100644 tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.ListTaskDefinitions_1.json
 create mode 100644 tests/ecc-aws-955-ecs_containers_nonprivileged/red_policy_test.py
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red_policy_test.py
 create mode 100644 tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/cloudfront.ListDistributions_1.json
 create mode 100644 tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-961-cloudfront_origin_access_control_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-962-glue_job_latest_version/placebo-green/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-962-glue_job_latest_version/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-962-glue_job_latest_version/placebo-red/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-962-glue_job_latest_version/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-962-glue_job_latest_version/red_policy_test.py

diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..f0e2a941a
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUSER,arn:aws:iam::121212121212:user/USER,2021-02-24T14:12:36+00:00,true,2021-04-19T08:05:08+00:00,2021-02-24T14:23:48+00:00,N/A,true,true,2021-04-08T07:30:10+00:00,2021-04-19T09:18:00+00:00,us-east-1,ec2,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 19,
+            "hour": 9,
+            "minute": 29,
+            "second": 2,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..914165ad7
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "USER",
+            "UserId": "ASASSSASASASSASASS",
+            "Arn": "arn:aws:iam::121212121212:user/USER",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 2,
+                "day": 24,
+                "hour": 14,
+                "minute": 12,
+                "second": 36,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 4,
+                "day": 19,
+                "hour": 8,
+                "minute": 5,
+                "second": 8,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..584928af1
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "USER",
+                "UserId": "ASASSSASASASSASASS",
+                "Arn": "arn:aws:iam::121212121212:user/USER",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 24,
+                    "hour": 14,
+                    "minute": 12,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 4,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 5,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..c0e1343e5
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUser,arn:aws:iam::121212121212:user/User,2021-02-25T09:26:50+00:00,true,2021-02-25T19:59:04+00:00,2021-02-25T19:59:26+00:00,N/A,false,true,2021-02-26T07:27:09+00:00,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 19,
+            "hour": 9,
+            "minute": 29,
+            "second": 2,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..ef8044be3
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "User",
+            "UserId": "ASASASASASASSASASA",
+            "Arn": "arn:aws:iam::121212121212:user/User",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 2,
+                "day": 25,
+                "hour": 9,
+                "minute": 26,
+                "second": 50,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 2,
+                "day": 25,
+                "hour": 19,
+                "minute": 59,
+                "second": 4,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..3d78d2305
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "User",
+                "UserId": "ASASASASASASSASASA",
+                "Arn": "arn:aws:iam::121212121212:user/User",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 9,
+                    "minute": 26,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 19,
+                    "minute": 59,
+                    "second": 4,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red_policy_test.py b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red_policy_test.py
new file mode 100644
index 000000000..b4a76c9da
--- /dev/null
+++ b/tests/ecc-aws-002-ensure_mfa_is_enabled_for_all_iam_users_with_console_password/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['c7n:credential-report']['password_enabled'])
+        base_test.assertFalse(resources[0]['c7n:credential-report']['mfa_active'])
+
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green_policy_test.py b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green_policy_test.py
new file mode 100644
index 000000000..8fb881c70
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2021, 6, 30
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..63da62f35
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUSER,arn:aws:iam::121212121212:user/USER,2020-02-24T14:12:36+00:00,true,2021-04-19T08:05:08+00:00,2021-02-24T14:23:48+00:00,N/A,false,true,2021-04-08T07:30:10+00:00,2021-04-19T09:18:00+00:00,us-east-1,ec2,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 19,
+            "hour": 9,
+            "minute": 29,
+            "second": 2,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..8d6f5c0b7
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "USER",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::121212121212:user/USER",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2020,
+                "month": 2,
+                "day": 24,
+                "hour": 14,
+                "minute": 12,
+                "second": 36,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 4,
+                "day": 19,
+                "hour": 8,
+                "minute": 5,
+                "second": 8,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..735f2e635
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "USER",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::121212121212:user/USER",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 24,
+                    "hour": 14,
+                    "minute": 12,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 4,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 5,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..ed93ee146
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUSER,arn:aws:iam::121212121212:user/USER,2020-02-24T14:12:36+00:00,true,2021-04-19T08:05:08+00:00,2021-02-24T14:23:48+00:00,N/A,false,true,2021-01-08T07:30:10+00:00,2021-04-19T09:18:00+00:00,us-east-1,ec2,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 19,
+            "hour": 9,
+            "minute": 29,
+            "second": 2,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..8d6f5c0b7
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "USER",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::121212121212:user/USER",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2020,
+                "month": 2,
+                "day": 24,
+                "hour": 14,
+                "minute": 12,
+                "second": 36,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 4,
+                "day": 19,
+                "hour": 8,
+                "minute": 5,
+                "second": 8,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..735f2e635
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "USER",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::121212121212:user/USER",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 24,
+                    "hour": 14,
+                    "minute": 12,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 4,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 5,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red_policy_test.py b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red_policy_test.py
new file mode 100644
index 000000000..de6b17b2c
--- /dev/null
+++ b/tests/ecc-aws-013-ensure_access_keys_are_rotated_every_90_days/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:credential-report']['access_keys'][0]['last_rotated'], '2021-01-08T07:30:10+00:00')
+        base_test.assertTrue(resources[0]['c7n:credential-report']['access_keys'][0]['active'])
diff --git a/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeFlowLogs_1.json b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeFlowLogs_1.json
new file mode 100644
index 000000000..f58af19f1
--- /dev/null
+++ b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeFlowLogs_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "FlowLogs": [
+            {
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 4,
+                    "day": 3,
+                    "hour": 17,
+                    "minute": 16,
+                    "second": 55,
+                    "microsecond": 495000
+                },
+                "DeliverLogsPermissionArn": "arn:aws:iam::111111111111:role/AdminAccessC7Nrole",
+                "DeliverLogsStatus": "SUCCESS",
+                "FlowLogId": "fl-0913a01b9bab4f91f",
+                "FlowLogStatus": "ACTIVE",
+                "LogGroupName": "/aws/sagemaker/NotebookInstances",
+                "ResourceId": "vpc-ad9744d0",
+                "TrafficType": "ACCEPT",
+                "LogDestinationType": "cloud-watch-logs",
+                "LogFormat": "${version} ${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport} ${protocol} ${packets} ${bytes} ${start} ${end} ${action} ${log-status}",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "033-test"
+                    }
+                ],
+                "MaxAggregationInterval": 600
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeVpcs_1.json b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..3e2d68124
--- /dev/null
+++ b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-green/ec2.DescribeVpcs_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "172.31.0.0/16",
+                "DhcpOptionsId": "dopt-bc2559c6",
+                "State": "available",
+                "VpcId": "vpc-ad9744d0",
+                "OwnerId": "111111111111",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-c5cf63aa",
+                        "CidrBlock": "172.31.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeFlowLogs_1.json b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeFlowLogs_1.json
new file mode 100644
index 000000000..eeb65125b
--- /dev/null
+++ b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeFlowLogs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "FlowLogs": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeVpcs_1.json b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..8ccd169d4
--- /dev/null
+++ b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/placebo-red/ec2.DescribeVpcs_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "172.31.0.0/16",
+                "DhcpOptionsId": "dopt-12312412",
+                "State": "available",
+                "VpcId": "vpc-124124",
+                "OwnerId": "123124124",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-123123412",
+                        "CidrBlock": "172.31.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red_policy_test.py b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red_policy_test.py
new file mode 100644
index 000000000..4304638c2
--- /dev/null
+++ b/tests/ecc-aws-033-ensure_vpc_flow_logging_enabled_for_every_vpc/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+         base_test.assertEqual(len(resources), 1)
+         client = local_session.client('ec2')
+         logs = client.describe_flow_logs().get('FlowLogs', ())
+         base_test.assertEqual(len(logs), 0)
diff --git a/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..134f880e4
--- /dev/null
+++ b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "green-rds-082",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "guest",
+                "DBName": "green082",
+                "Endpoint": {
+                    "Address": "green-rds-082.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ZAZAZAZAZAZAXX"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 35,
+                    "second": 17,
+                    "microsecond": 993000
+                },
+                "PreferredBackupWindow": "06:37-07:07",
+                "BackupRetentionPeriod": 7,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-12121221",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-ad9744d0",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:03:20-thu:03:50",
+                "PendingModifiedValues": {},
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 10,
+                    "minute": 15,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "MultiAZ": true,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "SecondaryAvailabilityZone": "us-east-1d",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-1231231812121121212313123211",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:121212121212:db:green-rds-082",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..a8a2e3e2f
--- /dev/null
+++ b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,119 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "red-rds-082",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "guest",
+                "DBName": "red082",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "09:44-10:14",
+                "BackupRetentionPeriod": 5,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-12121221",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-ad9744d0",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12121221",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:05:39-sun:06:09",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****"
+                },
+                "MultiAZ": true,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-adsadadawdwadaawdawdawdawd",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:1212122112121:db:red-rds-082",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red_policy_test.py b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red_policy_test.py
new file mode 100644
index 000000000..29211e54c
--- /dev/null
+++ b/tests/ecc-aws-082-rds_retention_backup_is_at_least_7_days/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(resources[0]['BackupRetentionPeriod'], 7)
+        
diff --git a/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..61920ea58
--- /dev/null
+++ b/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,133 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "green-rds-083",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "guest",
+                "DBName": "green083",
+                "Endpoint": {
+                    "Address": "green-rds-083.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "12312313dasdasd"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 35,
+                    "second": 30,
+                    "microsecond": 574000
+                },
+                "PreferredBackupWindow": "04:49-05:19",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-12312318",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-ad9744d0",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312318",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:03:54-wed:04:24",
+                "PendingModifiedValues": {},
+                "MultiAZ": true,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "SecondaryAvailabilityZone": "us-east-1c",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-3RNDK4ZWHWSH7ZOSBZKHVQTOTQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:123123181212:db:green-rds-083",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-083-rds_high-availability_zone/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..0e666a892
--- /dev/null
+++ b/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "red-rds-083",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "guest",
+                "DBName": "red083",
+                "Endpoint": {
+                    "Address": "red-rds-083.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "12312313dasdasd"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 19,
+                    "second": 16,
+                    "microsecond": 126000
+                },
+                "PreferredBackupWindow": "03:06-03:36",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-12312313",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12312313",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-12312313",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:36-sun:10:06",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-XSNISEVWRSQLM3TFPX3J7ORIYA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:121212121212:db:red-rds-083",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-083-rds_high-availability_zone/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-083-rds_high-availability_zone/red_policy_test.py b/tests/ecc-aws-083-rds_high-availability_zone/red_policy_test.py
new file mode 100644
index 000000000..1cceb3173
--- /dev/null
+++ b/tests/ecc-aws-083-rds_high-availability_zone/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['MultiAZ'])
+        
diff --git a/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green_policy_test.py b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green_policy_test.py
new file mode 100644
index 000000000..60ca82bb2
--- /dev/null
+++ b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2021, 5, 20
diff --git a/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-green/iam.ListServerCertificates_1.json b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-green/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..4501c2750
--- /dev/null
+++ b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-green/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "c7n_086_cert_green",
+                "ServerCertificateId": "1231231812121213132123",
+                "Arn": "arn:aws:iam::123123181212:server-certificate/c7n_086_cert_green",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 13,
+                    "minute": 31,
+                    "second": 16,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 31,
+                    "second": 6,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-red/iam.ListServerCertificates_1.json b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-red/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..087f41bf9
--- /dev/null
+++ b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/placebo-red/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "c7n_086_cert_red",
+                "ServerCertificateId": "12312318121212313123123",
+                "Arn": "arn:aws:iam::123123181212:server-certificate/c7n_086_cert_red",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 13,
+                    "minute": 32,
+                    "second": 32,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 18,
+                    "hour": 13,
+                    "minute": 32,
+                    "second": 22,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red_policy_test.py b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red_policy_test.py
new file mode 100644
index 000000000..6f7558815
--- /dev/null
+++ b/tests/ecc-aws-086_iam_ssl_or_tls_certificates_expire_in_one_month/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(str(resources[0]['Expiration']), '2021-06-18 13:32:22+00:00')
+        
diff --git a/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green_policy_test.py b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green_policy_test.py
new file mode 100644
index 000000000..3add6deb6
--- /dev/null
+++ b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2021, 6, 13
diff --git a/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-green/iam.ListServerCertificates_1.json b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-green/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..2182782cc
--- /dev/null
+++ b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-green/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "c7n_087_cert_green",
+                "ServerCertificateId": "1231231812121231231313",
+                "Arn": "arn:aws:iam::123123181212:server-certificate/c7n_087_cert_green",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 14,
+                    "minute": 26,
+                    "second": 14,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 26,
+                    "second": 5,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-red/iam.ListServerCertificates_1.json b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-red/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..3e90cec93
--- /dev/null
+++ b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/placebo-red/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "c7n_087_cert_red",
+                "ServerCertificateId": "1231231812121231231313",
+                "Arn": "arn:aws:iam::123123181212:server-certificate/c7n_087_cert_red",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 14,
+                    "minute": 27,
+                    "second": 49,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 14,
+                    "minute": 27,
+                    "second": 40,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red_policy_test.py b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red_policy_test.py
new file mode 100644
index 000000000..2ddf43c15
--- /dev/null
+++ b/tests/ecc-aws-087_iam_ssl_or_tls_certificates_expire_in_one_week/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(str(resources[0]['Expiration']), '7')
+        
diff --git a/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..edb36ca68
--- /dev/null
+++ b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 3,
+            "Items": [
+                {
+                    "Id": "E28B4JR279GP2T",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E28B4JR279GP2T",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 6,
+                        "day": 8,
+                        "hour": 14,
+                        "minute": 1,
+                        "second": 10,
+                        "microsecond": 954000
+                    },
+                    "DomainName": "dlv3l9jn24lqw.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myS3Origin",
+                                "DomainName": "bucket-090-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myS3Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": false,
+                        "ACMCertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/c4f84bbd-146b-41c2-a668-fcd87fd85d19",
+                        "SSLSupportMethod": "sni-only",
+                        "MinimumProtocolVersion": "TLSv1.2_2021",
+                        "Certificate": "arn:aws:acm:us-east-1:111111111111:certificate/c4f84bbd-146b-41c2-a668-fcd87fd85d19",
+                        "CertificateSource": "acm"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "US",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9c951f5ec
--- /dev/null
+++ b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E28B4JR279GP2T",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..3589fd5d7
--- /dev/null
+++ b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,140 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "EEEEEEEEEEEEEE",
+                    "ARN": "arn:aws:cloudfront::666666666666:distribution/EEEEEEEEEEEEEEE",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 5,
+                        "day": 24,
+                        "hour": 12,
+                        "minute": 39,
+                        "second": 36,
+                        "microsecond": 180000
+                    },
+                    "DomainName": "DOMAINNAME.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myS3Origin",
+                                "DomainName": "NAME.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myS3Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "ACMCertificateArn": "arn:aws:acm:us-east-1:666666666666:certificate/CERTIFICATE-NAME",
+                        "SSLSupportMethod": "sni-only",
+                        "MinimumProtocolVersion": "TLSv1.1_2016",
+                        "Certificate": "arn:aws:acm:us-east-1:666666666666:certificate/CERTIFICATE-NAME",
+                        "CertificateSource": "acm"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "CA",
+                                "DE",
+                                "US"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..bd289fac6
--- /dev/null
+++ b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::666666666666:distribution/EEEEEEEEEEEEEEE",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red_policy_test.py b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red_policy_test.py
new file mode 100644
index 000000000..5ecf689ee
--- /dev/null
+++ b/tests/ecc-aws-090-use_secure_ciphers_in_cloudfront_distribution/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotRegexpMatches(resources[0]['ViewerCertificate']['MinimumProtocolVersion'],"TLSv1\.2_*") 
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
new file mode 100644
index 000000000..0fe3d8429
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
@@ -0,0 +1,390 @@
+{
+    "status_code": 200,
+    "data": {
+        "PolicyDescriptions": [
+            {
+                "PolicyName": "lb-092-green-policy",
+                "PolicyTypeName": "SSLNegotiationPolicyType",
+                "PolicyAttributeDescriptions": [
+                    {
+                        "AttributeName": "Reference-Security-Policy",
+                        "AttributeValue": "ELBSecurityPolicy-TLS-1-2-2017-01"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "Protocol-SSLv3",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1.1",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1.2",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "Server-Defined-Cipher-Order",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES256-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-RSA-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-DSS-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-DSS-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-RSA-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "IDEA-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC3-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-AES256-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-3DES-EDE-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC3-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-AES128-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-EDH-RSA-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-EDH-DSS-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-ADH-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC2-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-ADH-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC4-MD5",
+                        "AttributeValue": "false"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..2de99e916
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,74 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-092green",
+                "DNSName": "elb-http-092green-1212121112212.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-092green-1212121112212.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "1212121112212",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTPS",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:1212121112212:certificate/1212121112212"
+                        },
+                        "PolicyNames": [
+                            "lb-092-green-policy"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "lb-092-green-policy",
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1e"
+                ],
+                "Subnets": [
+                    "subnet-1212121112212"
+                ],
+                "VPCId": "vpc-1212121112212",
+                "Instances": [
+                    {
+                        "InstanceId": "i-1212121112212"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "1212121112212",
+                    "GroupName": "default_elb_1212121112212"
+                },
+                "SecurityGroups": [
+                    "sg-1212121112212"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 27,
+                    "hour": 10,
+                    "minute": 36,
+                    "second": 0,
+                    "microsecond": 790000
+                },
+                "Scheme": "internet-facing"
+            } 
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..2ccda4808
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:1212121112212:loadbalancer/elb-http-092green",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-092green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
new file mode 100644
index 000000000..4b2136ca3
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancerPolicies_1.json
@@ -0,0 +1,390 @@
+{
+    "status_code": 200,
+    "data": {
+        "PolicyDescriptions": [
+            {
+                "PolicyName": "ELBSecurityPolicy-2016-08",
+                "PolicyTypeName": "SSLNegotiationPolicyType",
+                "PolicyAttributeDescriptions": [
+                    {
+                        "AttributeName": "Reference-Security-Policy",
+                        "AttributeValue": "ELBSecurityPolicy-2016-08"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "Protocol-SSLv3",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1.1",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "Protocol-TLSv1.2",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "Server-Defined-Cipher-Order",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES128-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES128-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-AES256-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-AES256-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES128-GCM-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES128-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES128-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES256-GCM-SHA384",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES256-SHA256",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "AES256-SHA",
+                        "AttributeValue": "true"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-RSA-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-RSA-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ECDHE-ECDSA-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-DSS-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-GCM-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES128-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-GCM-SHA384",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-AES256-SHA256",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-CAMELLIA128-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-CAMELLIA256-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "ADH-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-DSS-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DHE-RSA-SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-DSS-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EDH-RSA-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "IDEA-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "SEED-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC3-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-AES256-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-3DES-EDE-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC3-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC3-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-AES128-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "PSK-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "KRB5-DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-EDH-RSA-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-EDH-DSS-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-ADH-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC2-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-DES-CBC-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC2-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-DES-CBC-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-ADH-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-RC4-MD5",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC4-SHA",
+                        "AttributeValue": "false"
+                    },
+                    {
+                        "AttributeName": "EXP-KRB5-RC4-MD5",
+                        "AttributeValue": "false"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..7eb355c90
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,73 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-092-red",
+                "DNSName": "elb-http-092-red-1212121112212.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-092-red-1212121112212.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTPS",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:1212121112212:certificate/1212121112212"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1e"
+                ],
+                "Subnets": [
+                    "subnet-1212121112212"
+                ],
+                "VPCId": "vpc-1212121112212",
+                "Instances": [
+                    {
+                        "InstanceId": "i-1212121112212"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "1212121112212",
+                    "GroupName": "default_elb_1212121112212"
+                },
+                "SecurityGroups": [
+                    "sg-01212121112212"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 27,
+                    "hour": 10,
+                    "minute": 36,
+                    "second": 22,
+                    "microsecond": 480000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..e3d20c639
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:1212121112212:loadbalancer/elb-http-092-red",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-092-red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-092-remove_weak_ciphers_for_clb/red_policy_test.py b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/red_policy_test.py
new file mode 100644
index 000000000..9e2687a38
--- /dev/null
+++ b/tests/ecc-aws-092-remove_weak_ciphers_for_clb/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Protocol-TLSv1.2', resources[0]['ProhibitedPolicies'])
+
+        
diff --git a/tests/ecc-aws-093-clb_uses_https/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-093-clb_uses_https/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..686d3aa53
--- /dev/null
+++ b/tests/ecc-aws-093-clb_uses_https/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-093green",
+                "DNSName": "elb-http-093green-123123423.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-093green-123123423.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTPS",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:12312342342342:certificate/cc0123123-31212-123213-8323-12312342342342"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [
+                    {
+                        "InstanceId": "i-312412re432123"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "12312342342342",
+                    "GroupName": "default_elb_12e12e12e-e21e-312e-82e16-12312342342342"
+                },
+                "SecurityGroups": [
+                    "sg-05b8537b16a8b2114"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 16,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 9,
+                    "microsecond": 360000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-093-clb_uses_https/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-093-clb_uses_https/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8d11b8448
--- /dev/null
+++ b/tests/ecc-aws-093-clb_uses_https/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:123123423:loadbalancer/elb-http-093green",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-093green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-093-clb_uses_https/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-093-clb_uses_https/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..d7ff2cdd1
--- /dev/null
+++ b/tests/ecc-aws-093-clb_uses_https/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,72 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-093",
+                "DNSName": "elb-http-093-123123423.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-093-123123423.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-123123423",
+                    "subnet-123123423",
+                    "subnet-123123423"
+                ],
+                "VPCId": "vpc-123123423",
+                "Instances": [
+                    {
+                        "InstanceId": "i-3e23423r2f23f223f2"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "3e23423r2f23f",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-3e23423r2f23f"
+                },
+                "SecurityGroups": [
+                    "sg-3e23423r2f23f"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 59,
+                    "second": 15,
+                    "microsecond": 430000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-093-clb_uses_https/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-093-clb_uses_https/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..30d162e2e
--- /dev/null
+++ b/tests/ecc-aws-093-clb_uses_https/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:3e23423r2f23f:loadbalancer/elb-http-093",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-093"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-093-clb_uses_https/red_policy_test.py b/tests/ecc-aws-093-clb_uses_https/red_policy_test.py
new file mode 100644
index 000000000..e3bc8a524
--- /dev/null
+++ b/tests/ecc-aws-093-clb_uses_https/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['ListenerDescriptions'][0]['Listener']['Protocol'], 'HTTP') 
+
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..fdf53e7ab
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,true,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 28,
+            "hour": 7,
+            "minute": 58,
+            "second": 5,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..9620645d4
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,false,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 28,
+            "hour": 7,
+            "minute": 58,
+            "second": 5,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/red_policy_test.py b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/red_policy_test.py
new file mode 100644
index 000000000..d13e3c3f7
--- /dev/null
+++ b/tests/ecc-aws-094-ensure_mfa_is_enabled_for_the_root_account/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:credential-report']['mfa_active'])
+        
+        
+        
+
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/green_policy_test.py b/tests/ecc-aws-096-credentials_unused_for_45_days/green_policy_test.py
new file mode 100644
index 000000000..85e1d3e45
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2021, 4, 1
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..650c81ffd
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUSER,arn:aws:iam::121212121212:user/USER,2021-02-25T09:26:50+00:00,true,2021-02-25T19:59:04+00:00,2021-02-25T19:59:26+00:00,N/A,false,true,2021-02-26T07:27:09+00:00,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 26,
+            "hour": 7,
+            "minute": 58,
+            "second": 5,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..668c01857
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "USER",
+            "UserId": "ASASASASASASASASAS",
+            "Arn": "arn:aws:iam::121212121212:user/USER",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 2,
+                "day": 25,
+                "hour": 9,
+                "minute": 26,
+                "second": 50,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 2,
+                "day": 25,
+                "hour": 19,
+                "minute": 59,
+                "second": 4,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..514985f58
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "USER",
+                "UserId": "ASASASASASASASASAS",
+                "Arn": "arn:aws:iam::121212121212:user/USER",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 9,
+                    "minute": 26,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 19,
+                    "minute": 59,
+                    "second": 4,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..8e5914961
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\nUSER,arn:aws:iam::121212121212:user/USER,2020-02-25T09:26:50+00:00,true,2020-02-25T09:26:50+00:00,2020-02-25T09:59:26+00:00,2020-02-26T07:27:09+00:00,false,true,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,false,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,2020-02-26T07:27:09+00:00,false,2020-02-26T07:27:09+00:00,false,2020-02-26T07:27:09+00:00",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 26,
+            "hour": 7,
+            "minute": 58,
+            "second": 5,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..e163660fc
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "USER",
+            "UserId": "ASASASASASASASASAS",
+            "Arn": "arn:aws:iam::121212121212:user/USER",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2020,
+                "month": 2,
+                "day": 25,
+                "hour": 9,
+                "minute": 26,
+                "second": 50,
+                "microsecond": 0
+            },
+            "PasswordLastUsed": {
+                "__class__": "datetime",
+                "year": 2020,
+                "month": 2,
+                "day": 25,
+                "hour": 19,
+                "minute": 59,
+                "second": 4,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..ee9d34fbf
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "USER",
+                "UserId": "ASASASASASASASASAS",
+                "Arn": "arn:aws:iam::121212121212:user/USER",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2020,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 9,
+                    "minute": 26,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "PasswordLastUsed": {
+                    "__class__": "datetime",
+                    "year": 2020,
+                    "month": 2,
+                    "day": 25,
+                    "hour": 19,
+                    "minute": 59,
+                    "second": 4,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-096-credentials_unused_for_45_days/red_policy_test.py b/tests/ecc-aws-096-credentials_unused_for_45_days/red_policy_test.py
new file mode 100644
index 000000000..8616c8f39
--- /dev/null
+++ b/tests/ecc-aws-096-credentials_unused_for_45_days/red_policy_test.py
@@ -0,0 +1,11 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:credential-report']['password_last_used'], '2020-02-25T09:26:50+00:00')
+        base_test.assertEqual(resources[0]['c7n:credential-report']['password_last_changed'], '2020-02-25T09:59:26+00:00')
+        base_test.assertEqual(resources[0]['c7n:credential-report']['access_keys'][0]['last_used_date'], '2020-02-26T07:27:09+00:00')
+        base_test.assertEqual(resources[0]['c7n:credential-report']['access_keys'][0]['last_rotated'], '2020-02-26T07:27:09+00:00')
+        
+        
+
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..4d000a849
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "user_with_group",
+            "UserId": "AIDAXPHGII4ANM7PMPIN2",
+            "Arn": "arn:aws:iam::121212121212:user/user_with_group",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 5,
+                "day": 13,
+                "hour": 10,
+                "minute": 26,
+                "second": 58,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListAttachedUserPolicies_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListAttachedUserPolicies_1.json
new file mode 100644
index 000000000..98435d62d
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListAttachedUserPolicies_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "AttachedPolicies": [],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..764e5202d
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "user_with_group",
+                "UserId": "AIDAXPHGII4ANM7PMPIN2",
+                "Arn": "arn:aws:iam::121212121212:user/user_with_group",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 13,
+                    "hour": 10,
+                    "minute": 26,
+                    "second": 58,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetPolicy_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetPolicy_1.json
new file mode 100644
index 000000000..443d06eac
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetPolicy_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "Policy": {
+            "PolicyName": "Ep_097_policy_red",
+            "PolicyId": "ANPAXPHGII4AP3O6FBT4C",
+            "Arn": "arn:aws:iam::121212121212:policy/Ep_097_policy_red",
+            "Path": "/",
+            "DefaultVersionId": "v1",
+            "AttachmentCount": 1,
+            "PermissionsBoundaryUsageCount": 0,
+            "IsAttachable": true,
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 5,
+                "day": 13,
+                "hour": 10,
+                "minute": 28,
+                "second": 46,
+                "microsecond": 0
+            },
+            "UpdateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 5,
+                "day": 13,
+                "hour": 10,
+                "minute": 28,
+                "second": 46,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..c36ddc3dc
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "user_with_policy",
+            "UserId": "AIDAXPHGII4AF6VSTOHXG",
+            "Arn": "arn:aws:iam::121212121212:user/user_with_policy",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 5,
+                "day": 13,
+                "hour": 10,
+                "minute": 28,
+                "second": 46,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListAttachedUserPolicies_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListAttachedUserPolicies_1.json
new file mode 100644
index 000000000..de00cbac4
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListAttachedUserPolicies_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "AttachedPolicies": [
+            {
+                "PolicyName": "Ep_097_policy_red",
+                "PolicyArn": "arn:aws:iam::121212121212:policy/Ep_097_policy_red"
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..2ebcd4335
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "user_with_policy",
+                "UserId": "AIDAXPHGII4AF6VSTOHXG",
+                "Arn": "arn:aws:iam::121212121212:user/user_with_policy",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 13,
+                    "hour": 10,
+                    "minute": 28,
+                    "second": 46,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red_policy_test.py b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red_policy_test.py
new file mode 100644
index 000000000..07e14726e
--- /dev/null
+++ b/tests/ecc-aws-097-iam_users_receive_permissions_only_through_groups/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['c7n:Policies'][0]['PolicyName'])
+        
diff --git a/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..602e69eab
--- /dev/null
+++ b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false,
+            "PasswordReusePrevention": 3
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-098-iam_password_policy_password_reuse/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-098-iam_password_policy_password_reuse/red_policy_test.py b/tests/ecc-aws-098-iam_password_policy_password_reuse/red_policy_test.py
new file mode 100644
index 000000000..e3aed673d
--- /dev/null
+++ b/tests/ecc-aws-098-iam_password_policy_password_reuse/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(resources[0]['c7n:password_policy']['PasswordReusePrevention'], 24)
+        
diff --git a/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..4e87c1f7d
--- /dev/null
+++ b/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,165 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-123w22123e1212",
+                        "InstanceId": "i-wqqqqqq222222",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "Myc7nKey",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 6,
+                            "day": 16,
+                            "hour": 16,
+                            "minute": 6,
+                            "second": 27,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-1221322222.ec2.internal",
+                        "PrivateIpAddress": "123123123123",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-06-16 16:06:33 GMT)",
+                        "SubnetId": "subnet-2222222",
+                        "VpcId": "vpc-11111111",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 47,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-qweq16666612we3"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::121212121212:instance-profile/AdminAccessC7Nrole",
+                            "Id": "AIPAXPHGII4ALRDRWJFOJ"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 46,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-qwe122313123123123",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-6",
+                                        "GroupId": "sg-0102102020102102"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:36:43:a5:72:11",
+                                "NetworkInterfaceId": "eni-1221322222111111",
+                                "OwnerId": "121212121212",
+                                "PrivateDnsName": "ip-1221322222.ec2.internal",
+                                "PrivateIpAddress": "123123123123",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-1221322222.ec2.internal",
+                                        "PrivateIpAddress": "123123123123"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-2222222",
+                                "VpcId": "vpc-11111111",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-6",
+                                "GroupId": "sg-0102102020102102"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "y-test"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "121212121212",
+                "ReservationId": "r-01010100101010101"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeTags_1.json b/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeTags_1.json
new file mode 100644
index 000000000..1d5a693ac
--- /dev/null
+++ b/tests/ecc-aws-099-instance_without_any_tag/placebo-green/ec2.DescribeTags_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "Name",
+                "ResourceId": "i-016107113ecc0a1be",
+                "ResourceType": "instance",
+                "Value": "y-test"
+            },
+            {
+                "Key": "Name",
+                "ResourceId": "i-04941cc4762c5000f",
+                "ResourceType": "instance",
+                "Value": "YO"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..afec45170
--- /dev/null
+++ b/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,155 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0505050513333333",
+                        "InstanceId": "i-0505050512121213",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "Myc7nKey",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 6,
+                            "day": 24,
+                            "hour": 18,
+                            "minute": 11,
+                            "second": 52,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1e",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-050505051212.ec2.internal",
+                        "PrivateIpAddress": "050505051212",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-06-24 18:34:25 GMT)",
+                        "SubnetId": "subnet-05050505",
+                        "VpcId": "vpc-0404040",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 6,
+                                        "day": 24,
+                                        "hour": 18,
+                                        "minute": 11,
+                                        "second": 53,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-04040404004040404"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 6,
+                                        "day": 24,
+                                        "hour": 18,
+                                        "minute": 11,
+                                        "second": 52,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-030303030303030303",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-8",
+                                        "GroupId": "sg-02020202002020202"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "06:d6:2c:58:1b:2b",
+                                "NetworkInterfaceId": "eni-0103230cb46d023ee",
+                                "OwnerId": "121212121212",
+                                "PrivateDnsName": "ip-050505051212.ec2.internal",
+                                "PrivateIpAddress": "050505051212",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-050505051212.ec2.internal",
+                                        "PrivateIpAddress": "050505051212"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-05050505",
+                                "VpcId": "vpc-0404040",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-8",
+                                "GroupId": "sg-02020202002020202"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "121212121212",
+                "ReservationId": "r-00101010100101010"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeTags_1.json b/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeTags_1.json
new file mode 100644
index 000000000..77ee7ce56
--- /dev/null
+++ b/tests/ecc-aws-099-instance_without_any_tag/placebo-red/ec2.DescribeTags_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "Name",
+                "ResourceId": "i-12121212513333333",
+                "ResourceType": "instance",
+                "Value": "y-test"
+            },
+            {
+                "Key": "Name",
+                "ResourceId": "i-eee21212513333333",
+                "ResourceType": "instance",
+                "Value": "YO"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-099-instance_without_any_tag/red_policy_test.py b/tests/ecc-aws-099-instance_without_any_tag/red_policy_test.py
new file mode 100644
index 000000000..1df15dfba
--- /dev/null
+++ b/tests/ecc-aws-099-instance_without_any_tag/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertTrue(resources[0]['c7n:MatchedFilters'])
+         
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..ebd15dc25
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": true
+            },
+            "ConnectionDraining": {
+                "Enabled": true,
+                "Timeout": 400
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..0e9246fa7
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-093green",
+                "DNSName": "elb-http-093green-2059365125.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-093green-2059365125.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTPS",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:111111111111:certificate/10cb326e-ca29-42ec-9f2a-de17e4ef9284"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [
+                    {
+                        "InstanceId": "i-0ea9215571b93725b"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 18,
+                    "hour": 15,
+                    "minute": 19,
+                    "second": 40,
+                    "microsecond": 90000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8caab2568
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-http-093green",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-093green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..e2ff5a1fc
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": true,
+                "Timeout": 400
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..0e9246fa7
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-http-093green",
+                "DNSName": "elb-http-093green-2059365125.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-http-093green-2059365125.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTPS",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:111111111111:certificate/10cb326e-ca29-42ec-9f2a-de17e4ef9284"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [
+                    {
+                        "InstanceId": "i-0ea9215571b93725b"
+                    }
+                ],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 18,
+                    "hour": 15,
+                    "minute": 19,
+                    "second": 40,
+                    "microsecond": 90000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8caab2568
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-http-093green",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "elb-http-093green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-101-clb_access_logging_disabled/red_policy_test.py b/tests/ecc-aws-101-clb_access_logging_disabled/red_policy_test.py
new file mode 100644
index 000000000..f79d347ad
--- /dev/null
+++ b/tests/ecc-aws-101-clb_access_logging_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Attributes']['AccessLog']['Enabled'])
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..b11d96abb
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:123123181212:sqs_green_102",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1621872710",
+            "LastModifiedTimestamp": "1621872710",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"First\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"sqs:SendMessage\",\"Resource\":\"arn:aws:sqs:us-east-1:123123181212:sqs_green_102\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "KmsMasterKeyId": "alias/aws/sqs",
+            "KmsDataKeyReusePeriodSeconds": "300"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.ListQueues_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.ListQueues_1.json
new file mode 100644
index 000000000..fc10d15f4
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/123123181212/sqs_green_102"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f00ccde88
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:123123181212:sqs_green_102",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "sqs_green_102"
+                    }
+                ]
+            }
+
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..937f8b22b
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:123123181212:sqs_red_102",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1621873032",
+            "LastModifiedTimestamp": "1621873032",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"First\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"sqs:SendMessage\",\"Resource\":\"arn:aws:sqs:us-east-1:123123181212:sqs_red_102\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.ListQueues_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.ListQueues_1.json
new file mode 100644
index 000000000..46981cb7f
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/1212121212112/sqs_red_102"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..95c9662ca
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:123123181212:sqs_red_102",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "sqs_red_102"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/red_policy_test.py b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/red_policy_test.py
new file mode 100644
index 000000000..fd2d7e198
--- /dev/null
+++ b/tests/ecc-aws-102-ensures_sqs_encryption_is_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsMasterKeyId', resources[0])
+
+        
diff --git a/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstanceAttribute_1.json b/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstanceAttribute_1.json
new file mode 100644
index 000000000..0c71ca602
--- /dev/null
+++ b/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstanceAttribute_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "DisableApiTermination": {
+            "Value": true
+        },
+        "InstanceId": "i-06051041cd032fbc5",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..3cb94bce5
--- /dev/null
+++ b/tests/ecc-aws-103-instance_without_termination_protection/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,493 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-038f1ca1bd58a5790",
+                        "InstanceId": "i-04f640aab808aec60",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "test_pair",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 3,
+                            "day": 11,
+                            "hour": 15,
+                            "minute": 27,
+                            "second": 39,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1e",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-63-37.ec2.internal",
+                        "PrivateIpAddress": "172.31.63.37",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-03-12 10:42:36 GMT)",
+                        "SubnetId": "subnet-5264af63",
+                        "VpcId": "vpc-ad9744d0",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 11,
+                                        "hour": 15,
+                                        "minute": 27,
+                                        "second": 40,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0cae195f50a24a02b"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/Test-role",
+                            "Id": "AIPAXPHGII4AI377WBB3S"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 11,
+                                        "hour": 15,
+                                        "minute": 27,
+                                        "second": 39,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-00ddfd59ee3f147ab",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-5",
+                                        "GroupId": "sg-0ba3d9d5cf918bb83"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "06:f8:33:4b:cb:03",
+                                "NetworkInterfaceId": "eni-0776518c2445a5b45",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-63-37.ec2.internal",
+                                "PrivateIpAddress": "172.31.63.37",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-63-37.ec2.internal",
+                                        "PrivateIpAddress": "172.31.63.37"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-5264af63",
+                                "VpcId": "vpc-ad9744d0",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-5",
+                                "GroupId": "sg-0ba3d9d5cf918bb83"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "test"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0204977a8ccf3bb3c"
+            },
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-013f17f36f8b1fefb",
+                        "InstanceId": "i-016107113ecc0a1be",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "Myc7nKey",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 3,
+                            "day": 19,
+                            "hour": 8,
+                            "minute": 36,
+                            "second": 16,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                        "PrivateIpAddress": "172.31.80.145",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                        "PublicIpAddress": "54.173.185.110",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-ad9744d0",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 47,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-06838041f02d9ef5b"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/AdminAccessC7Nrole",
+                            "Id": "AIPAXPHGII4ALRDRWJFOJ"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                                    "PublicIp": "54.173.185.110"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 46,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0ce88ce6c56468e9d",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-6",
+                                        "GroupId": "sg-0688a78d1438afcb5"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:36:43:a5:72:11",
+                                "NetworkInterfaceId": "eni-00c4674be015ae6e9",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                                "PrivateIpAddress": "172.31.80.145",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                                            "PublicIp": "54.173.185.110"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                                        "PrivateIpAddress": "172.31.80.145"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-ad9744d0",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-6",
+                                "GroupId": "sg-0688a78d1438afcb5"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "y-test"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0d43f1d6a7ff6d838"
+            },
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-013f17f36f8b1fefb",
+                        "InstanceId": "i-06051041cd032fbc5",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "YO",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 3,
+                            "day": 19,
+                            "hour": 9,
+                            "minute": 28,
+                            "second": 55,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-94-13.ec2.internal",
+                        "PrivateIpAddress": "172.31.94.13",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-52-91-98-87.compute-1.amazonaws.com",
+                        "PublicIpAddress": "52.91.98.87",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-ad9744d0",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 16,
+                                        "minute": 1,
+                                        "second": 18,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0e14ee8c776ba0dac"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/AdminAccessC7Nrole",
+                            "Id": "AIPAXPHGII4ALRDRWJFOJ"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-52-91-98-87.compute-1.amazonaws.com",
+                                    "PublicIp": "52.91.98.87"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 16,
+                                        "minute": 1,
+                                        "second": 16,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0ea26f482bfe189ed",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-4",
+                                        "GroupId": "sg-0c61c998565efca6a"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:94:a2:b5:62:65",
+                                "NetworkInterfaceId": "eni-023396f338e8ce820",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-94-13.ec2.internal",
+                                "PrivateIpAddress": "172.31.94.13",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-52-91-98-87.compute-1.amazonaws.com",
+                                            "PublicIp": "52.91.98.87"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-94-13.ec2.internal",
+                                        "PrivateIpAddress": "172.31.94.13"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-ad9744d0",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-4",
+                                "GroupId": "sg-0c61c998565efca6a"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "YO"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-034c03ca97f03d928"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstanceAttribute_1.json b/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstanceAttribute_1.json
new file mode 100644
index 000000000..ed83bd674
--- /dev/null
+++ b/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstanceAttribute_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "DisableApiTermination": {
+            "Value": false
+        },
+        "InstanceId": "i-016107113ecc0a1be",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..9ee61ee46
--- /dev/null
+++ b/tests/ecc-aws-103-instance_without_termination_protection/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,172 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-013f17f36f8b1fefb",
+                        "InstanceId": "i-123123123123",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "Myc7nKey",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 3,
+                            "day": 19,
+                            "hour": 8,
+                            "minute": 36,
+                            "second": 16,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                        "PrivateIpAddress": "172.31.80.145",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                        "PublicIpAddress": "54.173.185.110",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-ad9744d0",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 47,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-06838041f02d9ef5b"
+                                }
+                            }
+                        ],
+                        "ClientToken": "",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::123123123123:instance-profile/AdminAccessC7Nrole",
+                            "Id": "AIPAXPHGII4ALRDRWJFOJ"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                                    "PublicIp": "54.173.185.110"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 3,
+                                        "day": 15,
+                                        "hour": 11,
+                                        "minute": 17,
+                                        "second": 46,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0ce88ce6c56468e9d",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "launch-wizard-6",
+                                        "GroupId": "sg-0688a78d1438afcb5"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:36:43:a5:72:11",
+                                "NetworkInterfaceId": "eni-00c4674be015ae6e9",
+                                "OwnerId": "123123123123",
+                                "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                                "PrivateIpAddress": "172.31.80.145",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-54-173-185-110.compute-1.amazonaws.com",
+                                            "PublicIp": "54.173.185.110"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-80-145.ec2.internal",
+                                        "PrivateIpAddress": "172.31.80.145"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-ad9744d0",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "launch-wizard-6",
+                                "GroupId": "sg-0688a78d1438afcb5"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "y-test"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "123123123123",
+                "ReservationId": "r-0d43f1d6a7ff6d838"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-103-instance_without_termination_protection/red_policy_test.py b/tests/ecc-aws-103-instance_without_termination_protection/red_policy_test.py
new file mode 100644
index 000000000..c1485912b
--- /dev/null
+++ b/tests/ecc-aws-103-instance_without_termination_protection/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        client = local_session.client('ec2')
+        attributes = client.describe_instance_attribute(
+            Attribute='disableApiTermination', InstanceId=resources[0]['InstanceId'])
+        base_test.assertFalse(attributes['DisableApiTermination']['Value'])
diff --git a/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..5825e3008
--- /dev/null
+++ b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,142 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-2",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "c7ngreen",
+                "Endpoint": {
+                    "Address": "terraform-2.c.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ID"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 12,
+                    "minute": 8,
+                    "second": 44,
+                    "microsecond": 282000
+                },
+                "PreferredBackupWindow": "07:50-08:20",
+                "BackupRetentionPeriod": 2,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-ID",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-ID",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:09:20-mon:09:50",
+                "PendingModifiedValues": {},
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 12,
+                    "minute": 50,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "MultiAZ": false,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ID",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:666666666:db:terraform-2",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..406ad8430
--- /dev/null
+++ b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-2",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "c7nred",
+                "Endpoint": {
+                    "Address": "terraform-2.c11111111111.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ZONE"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 13,
+                    "minute": 1,
+                    "second": 12,
+                    "microsecond": 221000
+                },
+                "PreferredBackupWindow": "09:49-10:19",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-ID",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-ID",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:01-sun:09:31",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ID",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:6666666666666:db:terraform-2",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-105-rds_instance_with_no_backups/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-105-rds_instance_with_no_backups/red_policy_test.py b/tests/ecc-aws-105-rds_instance_with_no_backups/red_policy_test.py
new file mode 100644
index 000000000..edab315ba
--- /dev/null
+++ b/tests/ecc-aws-105-rds_instance_with_no_backups/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['BackupRetentionPeriod'], 0) 
\ No newline at end of file
diff --git a/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..8aee1ff11
--- /dev/null
+++ b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-c7n",
+                "GroupName": "test-c7n",
+                "IpPermissions": [
+                    {
+                        "FromPort": 21,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.2/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 21,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-01c1e44a433d03d17",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..a4cb4924f
--- /dev/null
+++ b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "c7n-test2",
+                "GroupName": "c7n-test2",
+                "IpPermissions": [
+                    {
+                        "FromPort": 0,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.3/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 65535,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-01c1e44a433d03d17",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            },
+            {
+                "Description": "c7n-test",
+                "GroupName": "c7n-test",
+                "IpPermissions": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-0ebf9083850c47100",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/red_policy_test.py b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/red_policy_test.py
new file mode 100644
index 000000000..4fdc8573e
--- /dev/null
+++ b/tests/ecc-aws-109-prevent_0-65535_ingress_and_all/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 2)
+        resource0 = list(filter(lambda r: r['GroupName'] == 'c7n-test', resources))[0]
+        resource1 = list(filter(lambda r: r['GroupName'] == 'c7n-test2', resources))[0]
+        base_test.assertEqual(resource0['IpPermissions'][0]['IpProtocol'], '-1')
+        base_test.assertEqual(resource1['IpPermissions'][0]['FromPort'], 0)
+        base_test.assertEqual(resource1['IpPermissions'][0]['ToPort'], 65535)
\ No newline at end of file
diff --git a/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..f6a1024f0
--- /dev/null
+++ b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-dns",
+                "GroupName": "test-green-dns",
+                "IpPermissions": [
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "012345678912",
+                "GroupId": "sg-0d12c3b12345e1234",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..957c8cba5
--- /dev/null
+++ b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-dns",
+                "GroupName": "test-dns",
+                "IpPermissions": [
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-123412b1225fc12de",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/red_policy_test.py b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/red_policy_test.py
new file mode 100644
index 000000000..868b6d0b1
--- /dev/null
+++ b/tests/ecc-aws-110-security_group_ingress_is_restricted_traffic_to_dns_port_53/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 53)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..d60dc1169
--- /dev/null
+++ b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-ftp",
+                "GroupName": "test-green-ftp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 21,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.2/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 21,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-123412b1225fc12de",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..09d9b42e6
--- /dev/null
+++ b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-ftp",
+                "GroupName": "test-red-ftp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 21,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 21,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-123412b1225fc12de",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/red_policy_test.py b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/red_policy_test.py
new file mode 100644
index 000000000..303591356
--- /dev/null
+++ b/tests/ecc-aws-111-security_group_ingress_is_restricted_traffic_to_ftp_port_21/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 21)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..ab0e0060f
--- /dev/null
+++ b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-http",
+                "GroupName": "test-green-http",
+                "IpPermissions": [
+                    {
+                        "FromPort": 80,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.2.2/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 80,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-123412b1225fc12de",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..42190e72b
--- /dev/null
+++ b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-http",
+                "GroupName": "test-red-http",
+                "IpPermissions": [
+                    {
+                        "FromPort": 80,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 80,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789112",
+                "GroupId": "sg-123412b1225fc12de",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad1234d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/red_policy_test.py b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/red_policy_test.py
new file mode 100644
index 000000000..0e5abfd1c
--- /dev/null
+++ b/tests/ecc-aws-112-security_group_ingress_is_restricted_traffic_to_http_port_80/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 80)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..70fe34011
--- /dev/null
+++ b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-microsoft-ds",
+                "GroupName": "test-green-microsoft-ds",
+                "IpPermissions": [
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 455,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..6844dfbad
--- /dev/null
+++ b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-microsoft-ds",
+                "GroupName": "test-red-microsoft-ds",
+                "IpPermissions": [
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 445,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/red_policy_test.py b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/red_policy_test.py
new file mode 100644
index 000000000..b47ca7cd7
--- /dev/null
+++ b/tests/ecc-aws-113-security_group_ingress_is_restricted_traffic_to_microsoft_ds_port_445/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 445)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..0f12a12c5
--- /dev/null
+++ b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-mongodb",
+                "GroupName": "test-green-mongodb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 27017,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 27017,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..3c858b333
--- /dev/null
+++ b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-mongodb",
+                "GroupName": "test-red-mongodb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 27017,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 27017,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/red_policy_test.py b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/red_policy_test.py
new file mode 100644
index 000000000..a7d4f995b
--- /dev/null
+++ b/tests/ecc-aws-114-security_group_ingress_is_restricted_traffic_to_mongodb_port_27017/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 27017)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..b5074b374
--- /dev/null
+++ b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-mysqldb",
+                "GroupName": "test-green-mysqldb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 3306,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3306,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..cc728d227
--- /dev/null
+++ b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-mysqldb",
+                "GroupName": "test-red-mysqldb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 3306,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3306,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/red_policy_test.py b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/red_policy_test.py
new file mode 100644
index 000000000..822dc05fb
--- /dev/null
+++ b/tests/ecc-aws-115-security_group_ingress_is_restricted_traffic_to_mysql_db_port_3306/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 3306)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..f5e35a97b
--- /dev/null
+++ b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-netbios",
+                "GroupName": "test-green-netbios",
+                "IpPermissions": [
+                    {
+                        "FromPort": 139,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 139,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..fe4adcd0e
--- /dev/null
+++ b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-netbios",
+                "GroupName": "test-red-netbios",
+                "IpPermissions": [
+                    {
+                        "FromPort": 139,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 139,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/red_policy_test.py b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/red_policy_test.py
new file mode 100644
index 000000000..bddbbf544
--- /dev/null
+++ b/tests/ecc-aws-116-security_group_ingress_is_restricted_traffic_to_netbios_ssn_port_139/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 139)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..763997ba2
--- /dev/null
+++ b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-oracledb",
+                "GroupName": "test-green-oracledb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 1521,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1521,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..ef5b6441e
--- /dev/null
+++ b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-oracledb",
+                "GroupName": "test-red-oracledb",
+                "IpPermissions": [
+                    {
+                        "FromPort": 1521,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1521,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red_policy_test.py b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red_policy_test.py
new file mode 100644
index 000000000..52c9eae41
--- /dev/null
+++ b/tests/ecc-aws-117-security_group_ingress_is_restricted_traffic_to_oracle_db_port_1521/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 1521)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..603b4da1c
--- /dev/null
+++ b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-pop3",
+                "GroupName": "test-green-pop3",
+                "IpPermissions": [
+                    {
+                        "FromPort": 110,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 110,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..55b9d3883
--- /dev/null
+++ b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-pop3",
+                "GroupName": "test-red-pop3",
+                "IpPermissions": [
+                    {
+                        "FromPort": 110,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 110,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/red_policy_test.py b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/red_policy_test.py
new file mode 100644
index 000000000..beea788e4
--- /dev/null
+++ b/tests/ecc-aws-118-security_group_ingress_is_restricted_traffic_to_pop3_port_110/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 110)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..5685cced1
--- /dev/null
+++ b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-postgresql",
+                "GroupName": "test-green-postgresql",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5432,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5432,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..2347e6ad1
--- /dev/null
+++ b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-postgresql",
+                "GroupName": "test-red-postgresql",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5432,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5432,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/red_policy_test.py b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/red_policy_test.py
new file mode 100644
index 000000000..f79d6806e
--- /dev/null
+++ b/tests/ecc-aws-119-security_group_ingress_is_restricted_traffic_to_postgresql_port_5432/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 5432)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..c3ff48593
--- /dev/null
+++ b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-smtp",
+                "GroupName": "test-green-smtp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 25,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 25,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..a2b1be130
--- /dev/null
+++ b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-smtp",
+                "GroupName": "test-red-smtp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 25,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 25,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/red_policy_test.py b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/red_policy_test.py
new file mode 100644
index 000000000..9753a5ea9
--- /dev/null
+++ b/tests/ecc-aws-120-security_group_ingress_is_restricted_traffic_to_smtp_port_25/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 25)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..057ee4eba
--- /dev/null
+++ b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-telnet",
+                "GroupName": "test-green-telnet",
+                "IpPermissions": [
+                    {
+                        "FromPort": 23,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 23,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..e269941cc
--- /dev/null
+++ b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-telnet",
+                "GroupName": "test-red-telnet",
+                "IpPermissions": [
+                    {
+                        "FromPort": 23,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 23,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/red_policy_test.py b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/red_policy_test.py
new file mode 100644
index 000000000..a5651da53
--- /dev/null
+++ b/tests/ecc-aws-121-security_group_ingress_is_restricted_traffic_to_telnet_port_23/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 23)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..47077fc05
--- /dev/null
+++ b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "124_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/124_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 3,
+                "hour": 12,
+                "minute": 38,
+                "second": 52,
+                "microsecond": 301000
+            },
+            "version": "1.25",
+            "endpoint": "https://EBA9B2668266C38EDBEA015961C6418E.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-124-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0adea3057b44e517f",
+                    "subnet-03f7910951f939116"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-03b08a133e31e01d6",
+                "vpcId": "vpc-0a02e1e6e5c8ed921",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/EBA9B2668266C38EDBEA015961C6418E"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ERXdNekV3TkRVMU1Wb1hEVE15TVRJek1URXdORFUxTVZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlV0CmhZKzFSc1djRGdKTmlxZXdPWFNCWWc5UHpUdDdFSXc4YmtlNy9HTnNvbkZRbm9rdG9jZDNmeXFtMzFab0tnOUoKZjZGMkh4L0UvY0U3Q2dRUUVRS2p1cEIzY3B3aVpIUDhZSDlOQU5zelJzSWpicmFzTDdIcnZmemtzVFJhQWhyUgp4a3FTK29GV1JyZmZOVTNzeWFOTERTVW5HSGRYZG9McytadVpzditib041ckRTcjNsd0lnS0QwWWdOWnFUNnYwCnhzdktFN3dXQUZFaGRKUUw0anhJZ2Y0QTB5QmdvYVdBby9tSTJsajJPMWg2N3RwUHVpRlROcTRkRUZZMEY0cmsKaGJCcHF0YVphNWtJTXpsWUZsanVMWkdldjEvOUFsVHB4ZWNKV2N2Qk9lczZwZWtLUGZlWXorQXlBYjBlNjVnSwowN3g3Tm1YM3NvSFIzSlVhSGFrQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFN2s4aUdreW41RGtVOWNEc1R5YXA0cVk1NHhNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBR3lZV2V5aXozdUphdUNKamJ5ZgpPRTk5MU5oT1BDQ3ZPL3krYms4RWxzNitUZDB6Z3VGN2wzZFpuY0xmWXVqOXZhOTlYc1BKMzFxcU5CYkRNaTZHCjNXdFNObU10a1pLM0JUSldVQjdxV25WWnlCTGhUcTMyaXF0WkEyMDN5VXNmSzVWcjVQcjJDd0FKN1hiVTA1WG4KeTZhKzgxK0pCenh4bWRLa2d4SVk5SG9aa3NQdklyOUZYL2wxY2cyL3NLbUFacHBkSlVsYysreGpGQ0RzNUtCagpTKzNRYjBUMm9WWENIcjZ0QW1hWWI2eWtkc1l3cUc5M040MGNkU0hsYVhVTk51UFZQd0xtSHhQQXpYcERkUmxHCk9IUGpHRm8vUkI5Rlh1THlxdU1qc2RwUnZFZVZTSk5SeXZDUHZWSXdhc016TXkzN2ptR29wdy90a1BzZWNqUUwKS1E4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-124-eks_cluster_version_latest",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..0ee660f0b
--- /dev/null
+++ b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "124_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..75020531f
--- /dev/null
+++ b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "124_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/124_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 26,
+                "hour": 12,
+                "minute": 14,
+                "second": 21,
+                "microsecond": 252000
+            },
+            "version": "1.20",
+            "endpoint": "https://0C64300B4146E659D096274B98D6253B.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-124-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0a1bb01a946265bc5",
+                    "subnet-09854814e8d54f3b3"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-06d0cbf3bb5008586",
+                "vpcId": "vpc-04b4cc6bce2d937bf",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/0C64300B4146E659D096274B98D6253B"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EZ3lOakE1TWpBMU5sb1hEVE15TURneU16QTVNakExTmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTFVhClE2L2wzcXpOUUxUYUF4U04wZDA1bllsY0Y4QS9OYkE1Z09tMEFMQTg1SUQ2OHhURWJGeG5wNDBSOThyTmYyNUEKbnVrTWc0YW1Mbk1iOXlMOVlTZ2x1OFpNYmFZSWFMUmdidHZhYzliTjhyMmVTZW5aUFhRN3U2ZFFyVTBnWEZtVApaQjVQZmVwVHJtd1F3a3Z2SHNtTnpiamF3RlY5OU5vMHV1eTFJSm4vdGdlMmNNWWxKNFZ6bTFlOGFZRkw2bUZLCkt3UnRsQkxCbFVPMUhYOGNValBGbkUzMmVqOVVWQ0tWWmVKZisyZWw3bVBCN1hCaTJzSThSNlhnZEVUdXQ3MUkKZlZZOTJzWnQwWTdhMkxST2xUUEVnc3k5UGMwMDgzckdUOFc1c0RlalZJWjFzaHVSdUtmZUc1MG14czloNlhFSAoyOFVxY3FTZlBzTHJEZjVzbXgwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPTHY5c3dhU3JLWXU2YUJsR1FvN2lZeVBzUmFNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBbDNkTCs4MFhqZkg0Rks2cGQ3SmVWUVBhU2p4MjNJZGhWcVJVbVM5cjVsRExoNmI5bQpaK295TkxoNzAxZjkvK3BzZCthUGlsTHo4U0UwVVFpMFpJRjVmT1J5UHpvWURsbG53WHN1dFZvRFU3TC9aUDN5ClcvQlRHVnV6K3ZaOE05cFQ2bnJDSEI3M1dISlVyZ3Irb2JFeG5Sc3h5WWhvTDErUVd5bElFaUNHZi8zTDNadE4Kc3hmOTk4MG9uSHBEZ2REdzFjUSsrYzBEdHNLYlJyclduMzVqTzYySnFkcVREcjJLTVNZMlpSUTdDOFYvb0R4Wgp0REZmcE5pOTR1RTE3ZnRhQVdVeW4yRGg1QzU5SFo4RWlKdENSQ0prc1RhUnNFNzZkaGRDb0twZmxwbWcxd243CkxLb0dhZzA2TFE0QXpPTHhVRjZsRE9yM0g5WW1hMzBkS2ZlRwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.8",
+            "tags": {
+                "CustodianRule": "ecc-aws-124-eks_cluster_version_latest",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..a042c9d80
--- /dev/null
+++ b/tests/ecc-aws-124-eks_cluster_version_latest/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "124_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-124-eks_cluster_version_latest/red_policy_test.py b/tests/ecc-aws-124-eks_cluster_version_latest/red_policy_test.py
new file mode 100644
index 000000000..de2df8989
--- /dev/null
+++ b/tests/ecc-aws-124-eks_cluster_version_latest/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(resources[0]['version'], '1.24')
\ No newline at end of file
diff --git a/tests/ecc-aws-140-rds_without_tag_information/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-140-rds_without_tag_information/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..fba651fda
--- /dev/null
+++ b/tests/ecc-aws-140-rds_without_tag_information/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,137 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-21",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "custodiangreen",
+                "Endpoint": {
+                    "Address": "terraform-21.cccccccc.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ID"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 27,
+                    "hour": 11,
+                    "minute": 44,
+                    "second": 9,
+                    "microsecond": 670000
+                },
+                "PreferredBackupWindow": "07:25-07:55",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:08:51-sat:09:21",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:6:db:terraform-2",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "c7n",
+                        "Value": "green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-140-rds_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-140-rds_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..4ca09306d
--- /dev/null
+++ b/tests/ecc-aws-140-rds_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:6:db:terraform-2",
+                "Tags": [
+                    {
+                        "Key": "c7n",
+                        "Value": "green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-140-rds_without_tag_information/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-140-rds_without_tag_information/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..f0a69d747
--- /dev/null
+++ b/tests/ecc-aws-140-rds_without_tag_information/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-2",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "custodianred",
+                "Endpoint": {
+                    "Address": "terraform-2.c.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ID"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 27,
+                    "hour": 10,
+                    "minute": 41,
+                    "second": 44,
+                    "microsecond": 356000
+                },
+                "PreferredBackupWindow": "09:52-10:22",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "ID",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "ID",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:37-fri:09:07",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:66666666666:db:terraform-2",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-140-rds_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-140-rds_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-140-rds_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-140-rds_without_tag_information/red_policy_test.py b/tests/ecc-aws-140-rds_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..60a33f9ac
--- /dev/null
+++ b/tests/ecc-aws-140-rds_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Tags'], []) 
\ No newline at end of file
diff --git a/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..f43ef78d3
--- /dev/null
+++ b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/red_policy_test.py b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/red_policy_test.py
new file mode 100644
index 000000000..e12611970
--- /dev/null
+++ b/tests/ecc-aws-168-iam_password_policy_one_uppercase_letter/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:password_policy']['RequireUppercaseCharacters'])
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..6a14f0cf2
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121321312312:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,false,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 28,
+            "hour": 12,
+            "minute": 0,
+            "second": 9,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..e191f1988
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "Test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..77e016b79
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121321312312:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,false,true,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 4,
+            "day": 28,
+            "hour": 12,
+            "minute": 0,
+            "second": 9,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..e191f1988
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "Test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/red_policy_test.py b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/red_policy_test.py
new file mode 100644
index 000000000..820a045fa
--- /dev/null
+++ b/tests/ecc-aws-169-ensure_no_root_account_access_key_exists/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['c7n:credential-report']['access_keys'][0]['active'])
+        
diff --git a/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..f43ef78d3
--- /dev/null
+++ b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/red_policy_test.py b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/red_policy_test.py
new file mode 100644
index 000000000..aa4747b8e
--- /dev/null
+++ b/tests/ecc-aws-170-iam_password_policy_one_lowercase_letter/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:password_policy']['RequireLowercaseCharacters'])
diff --git a/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..f43ef78d3
--- /dev/null
+++ b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-171-iam_password_policy_one_symbol/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-171-iam_password_policy_one_symbol/red_policy_test.py b/tests/ecc-aws-171-iam_password_policy_one_symbol/red_policy_test.py
new file mode 100644
index 000000000..819796dce
--- /dev/null
+++ b/tests/ecc-aws-171-iam_password_policy_one_symbol/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:password_policy']['RequireSymbols'])
diff --git a/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..f43ef78d3
--- /dev/null
+++ b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-172-iam_password_policy_one_number/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-172-iam_password_policy_one_number/red_policy_test.py b/tests/ecc-aws-172-iam_password_policy_one_number/red_policy_test.py
new file mode 100644
index 000000000..20c2246ff
--- /dev/null
+++ b/tests/ecc-aws-172-iam_password_policy_one_number/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:password_policy']['RequireNumbers'])
diff --git a/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..f43ef78d3
--- /dev/null
+++ b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..80cee0e1a
--- /dev/null
+++ b/tests/ecc-aws-173-iam_password_min_length_ge_14/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "your_account"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-173-iam_password_min_length_ge_14/red_policy_test.py b/tests/ecc-aws-173-iam_password_min_length_ge_14/red_policy_test.py
new file mode 100644
index 000000000..52b8f7d03
--- /dev/null
+++ b/tests/ecc-aws-173-iam_password_min_length_ge_14/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(resources[0]['c7n:password_policy']['MinimumPasswordLength'], 14)
diff --git a/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..452b117d4
--- /dev/null
+++ b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 14,
+            "RequireSymbols": true,
+            "RequireNumbers": true,
+            "RequireUppercaseCharacters": true,
+            "RequireLowercaseCharacters": true,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 90,
+            "PasswordReusePrevention": 24
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.GetAccountPasswordPolicy_1.json b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.GetAccountPasswordPolicy_1.json
new file mode 100644
index 000000000..1eebafbfd
--- /dev/null
+++ b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.GetAccountPasswordPolicy_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "PasswordPolicy": {
+            "MinimumPasswordLength": 6,
+            "RequireSymbols": false,
+            "RequireNumbers": false,
+            "RequireUppercaseCharacters": false,
+            "RequireLowercaseCharacters": false,
+            "AllowUsersToChangePassword": true,
+            "ExpirePasswords": true,
+            "MaxPasswordAge": 180
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red_policy_test.py b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red_policy_test.py
new file mode 100644
index 000000000..af2ca603b
--- /dev/null
+++ b/tests/ecc-aws-174-iam_password_policy_passwd_expires_le_90/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertGreater(resources[0]['c7n:password_policy']['MaxPasswordAge'], 90)
+      
\ No newline at end of file
diff --git a/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..4aadf6081
--- /dev/null
+++ b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "c7n-green-trail-176",
+                "S3BucketName": "c7n-green-bucket-176",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:123213123123:trail/c7n-green-trail-176",
+                "LogFileValidationEnabled": true,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+            
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..94a49c507
--- /dev/null
+++ b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "c7n-red-trail-176",
+                "S3BucketName": "c7n-red-bucket-176",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/c7n-red-trail-176",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+           
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-176-cloudtrail_log_validation_enabled/red_policy_test.py b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/red_policy_test.py
new file mode 100644
index 000000000..9502fcb6a
--- /dev/null
+++ b/tests/ecc-aws-176-cloudtrail_log_validation_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LogFileValidationEnabled'])
+
diff --git a/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..d500d61f6
--- /dev/null
+++ b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "c7n-green-trail-179",
+                "S3BucketName": "c7n-green-bucket-179",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:123123123123:trail/c7n-green-trail-179",
+                "LogFileValidationEnabled": false,
+                "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:123123123123:log-group:179-trail_log_group:*",
+                "CloudWatchLogsRoleArn": "arn:aws:iam::123123123123:role/179-cloud_watch_log_role",
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..c9b44f30a
--- /dev/null
+++ b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "c7n-red-trail-179",
+                "S3BucketName": "c7n-red-bucket-179",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:12313123141:trail/c7n-red-trail-179",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red_policy_test.py b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red_policy_test.py
new file mode 100644
index 000000000..48d5ad47d
--- /dev/null
+++ b/tests/ecc-aws-179-cloudtrail_integrated_with_cloudwatch/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('CloudWatchLogsLogGroupArn', resources[0])
diff --git a/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..c77278111
--- /dev/null
+++ b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,171 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-12345678998765432",
+                        "InstanceId": "i-12345678998765432",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 5,
+                            "day": 13,
+                            "hour": 10,
+                            "minute": 29,
+                            "second": 53,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1d",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-27-158.ec2.internal",
+                        "PrivateIpAddress": "172.31.27.158",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-184-72-75-250.compute-1.amazonaws.com",
+                        "PublicIpAddress": "184.72.75.250",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-12345678",
+                        "VpcId": "vpc-12345678",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 5,
+                                        "day": 13,
+                                        "hour": 10,
+                                        "minute": 29,
+                                        "second": 54,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-01234567899876543"
+                                }
+                            }
+                        ],
+                        "ClientToken": "12345678-1234-4321-1234-123456789987",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::123456789123:instance-profile/c7n_019_profile",
+                            "Id": "ASDF1234ASDF1234ASDF1"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-184-72-75-250.compute-1.amazonaws.com",
+                                    "PublicIp": "184.72.75.250"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 5,
+                                        "day": 13,
+                                        "hour": 10,
+                                        "minute": 29,
+                                        "second": 53,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-01234567890123456",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-12345678"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0a:12:9f:a6:7f:61",
+                                "NetworkInterfaceId": "eni-12345678912345678",
+                                "OwnerId": "123456789123",
+                                "PrivateDnsName": "ip-172-31-27-158.ec2.internal",
+                                "PrivateIpAddress": "172.31.27.158",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-184-72-75-250.compute-1.amazonaws.com",
+                                            "PublicIp": "184.72.75.250"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-27-158.ec2.internal",
+                                        "PrivateIpAddress": "172.31.27.158"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-12345678",
+                                "VpcId": "vpc-12345678",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-12345678"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "181-green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "ReservationId": "r-12345678912345678"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..248bdb4e6
--- /dev/null
+++ b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,161 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-12345678998765432",
+                        "InstanceId": "i-12345678998765432",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 5,
+                            "day": 5,
+                            "hour": 12,
+                            "minute": 2,
+                            "second": 12,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1e",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-56-179.ec2.internal",
+                        "PrivateIpAddress": "172.31.56.179",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-35-153-231-115.compute-1.amazonaws.com",
+                        "PublicIpAddress": "35.153.231.115",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-12345687",
+                        "VpcId": "vpc-12345687",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/sda1",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 5,
+                                        "day": 5,
+                                        "hour": 12,
+                                        "minute": 2,
+                                        "second": 13,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "012345678901234567890"
+                                }
+                            }
+                        ],
+                        "ClientToken": "12345678-3210-1230-4654-987654321123",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-35-153-231-115.compute-1.amazonaws.com",
+                                    "PublicIp": "35.153.231.115"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 5,
+                                        "day": 5,
+                                        "hour": 12,
+                                        "minute": 2,
+                                        "second": 12,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-01234567899876543",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-a5befc90"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "06:f5:5f:d7:f5:d3",
+                                "NetworkInterfaceId": "eni-01234567899876543",
+                                "OwnerId": "123456789123",
+                                "PrivateDnsName": "ip-172-31-56-179.ec2.internal",
+                                "PrivateIpAddress": "172.31.56.179",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-35-153-231-115.compute-1.amazonaws.com",
+                                            "PublicIp": "35.153.231.115"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-56-179.ec2.internal",
+                                        "PrivateIpAddress": "172.31.56.179"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-12345678",
+                                "VpcId": "vpc-12345678",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/sda1",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-12345678"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "ReservationId": "r-01234567890123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeTags_1.json b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeTags_1.json
new file mode 100644
index 000000000..32a2f8299
--- /dev/null
+++ b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/placebo-red/ec2.DescribeTags_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "Name",
+                "ResourceId": "i-12345678998765432",
+                "ResourceType": "instance",
+                "Value": "red-181"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red_policy_test.py b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red_policy_test.py
new file mode 100644
index 000000000..fe66d76d2
--- /dev/null
+++ b/tests/ecc-aws-181-ensure_iam_instance_roles_are_used_for_resource_access_from_instance/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("IamInstanceProfile", resources[0])
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorderStatus_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
new file mode 100644
index 000000000..186651446
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecordersStatus": [
+            {
+                "name": "183_configuration_recorder_green",
+                "lastStartTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 36,
+                    "second": 19,
+                    "microsecond": 844000
+                },
+                "lastStopTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 33,
+                    "second": 38,
+                    "microsecond": 520000
+                },
+                "recording": true,
+                "lastStatus": "SUCCESS",
+                "lastStatusChangeTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 36,
+                    "second": 30,
+                    "microsecond": 970000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorders_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorders_1.json
new file mode 100644
index 000000000..a413ea6c2
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeConfigurationRecorders_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecorders": [
+            {
+                "name": "183_configuration_recorder_green",
+                "roleARN": "arn:aws:iam::111111111111:role/183_role_green",
+                "recordingGroup": {
+                    "allSupported": true,
+                    "includeGlobalResourceTypes": true,
+                    "resourceTypes": []
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeDeliveryChannels_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeDeliveryChannels_1.json
new file mode 100644
index 000000000..179386863
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/config.DescribeDeliveryChannels_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryChannels": [
+            {
+                "name": "183_delivery_channel_green",
+                "s3BucketName": "bucket-183-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorderStatus_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
new file mode 100644
index 000000000..5a2c42852
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecordersStatus": [
+            {
+                "name": "183_configuration_recorder_red1",
+                "recording": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorders_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorders_1.json
new file mode 100644
index 000000000..985c382b0
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeConfigurationRecorders_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecorders": [
+            {
+                "name": "183_configuration_recorder_red1",
+                "roleARN": "arn:aws:iam::111111111111:role/183_role_red1",
+                "recordingGroup": {
+                    "allSupported": false,
+                    "includeGlobalResourceTypes": false,
+                    "resourceTypes": [
+                        "AWS::RDS::DBInstance"
+                    ]
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeDeliveryChannels_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeDeliveryChannels_1.json
new file mode 100644
index 000000000..45c2ffc93
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/config.DescribeDeliveryChannels_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryChannels": [
+            {
+                "name": "183_delivery_channel_red1",
+                "s3BucketName": "bucket-183-red1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-183-config_enabled_all_regions/red_policy_test.py b/tests/ecc-aws-183-config_enabled_all_regions/red_policy_test.py
new file mode 100644
index 000000000..8a0b3a26a
--- /dev/null
+++ b/tests/ecc-aws-183-config_enabled_all_regions/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:config_recorders'][0]['recordingGroup']['allSupported'])
+        base_test.assertFalse(resources[0]['c7n:config_recorders'][0]['recordingGroup']['includeGlobalResourceTypes'])
+        config_client = local_session.client("config")
+        config_status = config_client.describe_configuration_recorder_status()
+        base_test.assertFalse(config_status['ConfigurationRecordersStatus'][0]['recording'])
diff --git a/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..93e4d2968
--- /dev/null
+++ b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "green-184",
+                "S3BucketName": "green-184",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:12312424124124:trail/green-184",
+                "LogFileValidationEnabled": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:123123121412412:key/78ae0647-cb54-41b2-a70e-12434214124124",
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..6a9ab25f7
--- /dev/null
+++ b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudtrail:us-east-1:12312414124124124:trail/green-184",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "green-184"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..1239e49c2
--- /dev/null
+++ b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "red-184",
+                "S3BucketName": "red-184",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:123124124124124:trail/red-184",
+                "LogFileValidationEnabled": true,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d6f6e1cf7
--- /dev/null
+++ b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudtrail:us-east-1:12313124124:trail/red-184",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "red-184"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red_policy_test.py b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red_policy_test.py
new file mode 100644
index 000000000..47209cad2
--- /dev/null
+++ b/tests/ecc-aws-184-cloudtrail_logs_encrypted_using_KMS_CMKs/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsKeyId', resources[0])
+
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..c08706056
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "123232411231",
+            "KeyId": "12323241-v1233-2rwe-2132-123dqwdqw",
+            "Arn": "arn:aws:kms:us-east-1:123232411231:key/12323241-v1233-2rwe-2132-123dqwdqw",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 3,
+                "day": 12,
+                "hour": 12,
+                "minute": 22,
+                "second": 58,
+                "microsecond": 680000
+            },
+            "Enabled": true,
+            "Description": "Default master key that protects my ACM private keys when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.GetKeyRotationStatus_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.GetKeyRotationStatus_1.json
new file mode 100644
index 000000000..ab016eb5b
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.GetKeyRotationStatus_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyRotationEnabled": true,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..3cf646ac6
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/acm",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/acm",
+                "TargetKeyId": "02b8c36d-b033-49f0-83eb-7549c0434474"
+            },
+            {
+                "AliasName": "alias/aws/backup",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/backup",
+                "TargetKeyId": "86cac66f-e240-46a4-a5c6-527c91f61644"
+            },
+            {
+                "AliasName": "alias/aws/dynamodb",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/dynamodb"
+            },
+            {
+                "AliasName": "alias/aws/ebs",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/ebs",
+                "TargetKeyId": "d790d044-f208-4947-a2d3-8622db8d40b4"
+            },
+            {
+                "AliasName": "alias/aws/elasticfilesystem",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/elasticfilesystem",
+                "TargetKeyId": "f1222765-672a-4ed9-9390-5dad09bbfd84"
+            },
+            {
+                "AliasName": "alias/aws/es",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/es"
+            },
+            {
+                "AliasName": "alias/aws/glue",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/glue"
+            },
+            {
+                "AliasName": "alias/aws/kinesisvideo",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/kinesisvideo"
+            },
+            {
+                "AliasName": "alias/aws/rds",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/rds",
+                "TargetKeyId": "7662e8d8-3711-4c8c-ba73-fe609ad50611"
+            },
+            {
+                "AliasName": "alias/aws/redshift",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/redshift",
+                "TargetKeyId": "233a5859-037b-4ac0-8b3f-8bec79bb3941"
+            },
+            {
+                "AliasName": "alias/aws/s3",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/s3"
+            },
+            {
+                "AliasName": "alias/aws/sns",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/sns",
+                "TargetKeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff"
+            },
+            {
+                "AliasName": "alias/aws/ssm",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/ssm"
+            },
+            {
+                "AliasName": "alias/aws/xray",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/aws/xray"
+            },
+            {
+                "AliasName": "alias/k-185",
+                "AliasArn": "arn:aws:kms:us-east-1:123232411231:alias/k-185",
+                "TargetKeyId": "1a9fbddb-b1fe-4f16-af76-90db24e533e5"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListKeys_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListKeys_1.json
new file mode 100644
index 000000000..bfb514b2c
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/kms.ListKeys_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "02b8c36d-b033-49f0-83eb-7549c0434474",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/02b8c36d-b033-49f0-83eb-7549c0434474"
+            },
+            {
+                "KeyId": "1a9fbddb-b1fe-4f16-af76-90db24e533e5",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/1a9fbddb-b1fe-4f16-af76-90db24e533e5"
+            },
+            {
+                "KeyId": "233a5859-037b-4ac0-8b3f-8bec79bb3941",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/233a5859-037b-4ac0-8b3f-8bec79bb3941"
+            },
+            {
+                "KeyId": "7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/7662e8d8-3711-4c8c-ba73-fe609ad50611"
+            },
+            {
+                "KeyId": "86cac66f-e240-46a4-a5c6-527c91f61644",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/86cac66f-e240-46a4-a5c6-527c91f61644"
+            },
+            {
+                "KeyId": "a0750fae-9ba5-4a58-bf11-5dc46975c1d8",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/a0750fae-9ba5-4a58-bf11-5dc46975c1d8"
+            },
+            {
+                "KeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/c92b312b-4c0a-44c7-bc0b-381f8aba9bff"
+            },
+            {
+                "KeyId": "d790d044-f208-4947-a2d3-8622db8d40b4",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/d790d044-f208-4947-a2d3-8622db8d40b4"
+            },
+            {
+                "KeyId": "f1222765-672a-4ed9-9390-5dad09bbfd84",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/f1222765-672a-4ed9-9390-5dad09bbfd84"
+            },
+            {
+                "KeyId": "f164cf7a-36c8-4755-b0fd-187e3912a1ae",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/f164cf7a-36c8-4755-b0fd-187e3912a1ae"
+            },
+            {
+                "KeyId": "ffc3c982-57f6-4c8f-90ab-2eae2654a24e",
+                "KeyArn": "arn:aws:kms:us-east-1:123232411231:key/ffc3c982-57f6-4c8f-90ab-2eae2654a24e"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..458e03631
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:123232411231:key/1a9fbddb-b1fe-4f16-af76-90db24e533e5",
+                "Tags": [
+                    {
+                        "Key": "Policy_key",
+                        "Value": "185"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:123232411231:key/ffc3c982-57f6-4c8f-90ab-2eae2654a24e",
+                "Tags": [
+                    {
+                        "Key": "Policy_key",
+                        "Value": "185"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:123232411231:key/a0750fae-9ba5-4a58-bf11-5dc46975c1d8",
+                "Tags": [
+                    {
+                        "Key": "Policy_key",
+                        "Value": "185"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..648634a6d
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "25068679-b2bd-4a0b-a8d3-3775e7c458dc",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/25068679-b2bd-4a0b-a8d3-3775e7c458dc",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 25,
+                "hour": 19,
+                "minute": 37,
+                "second": 38,
+                "microsecond": 857000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.GetKeyRotationStatus_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.GetKeyRotationStatus_1.json
new file mode 100644
index 000000000..62cd03c24
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.GetKeyRotationStatus_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyRotationEnabled": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..23750cd40
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/k-185",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-185",
+                "TargetKeyId": "25068679-b2bd-4a0b-a8d3-3775e7c458dc",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 25,
+                    "hour": 19,
+                    "minute": 37,
+                    "second": 50,
+                    "microsecond": 76000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 25,
+                    "hour": 19,
+                    "minute": 37,
+                    "second": 50,
+                    "microsecond": 76000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListKeys_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListKeys_1.json
new file mode 100644
index 000000000..087291a01
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/kms.ListKeys_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "25068679-b2bd-4a0b-a8d3-3775e7c458dc",
+                "KeyArn": "arn:aws:kms:us-east-1:111111111111:key/25068679-b2bd-4a0b-a8d3-3775e7c458dc"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..68b86a23d
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/25068679-b2bd-4a0b-a8d3-3775e7c458dc",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-185-kms_key_rotation_is_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-185-kms_key_rotation_is_enabled/red_policy_test.py b/tests/ecc-aws-185-kms_key_rotation_is_enabled/red_policy_test.py
new file mode 100644
index 000000000..048419c41
--- /dev/null
+++ b/tests/ecc-aws-185-kms_key_rotation_is_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+   def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['KeyRotationEnabled']['KeyRotationEnabled'])
diff --git a/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..4133f686e
--- /dev/null
+++ b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-ssh",
+                "GroupName": "test-green-ssh",
+                "IpPermissions": [
+                    {
+                        "FromPort": 22,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 22,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..d5ace1ee4
--- /dev/null
+++ b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-ssh",
+                "GroupName": "test-red-ssh",
+                "IpPermissions": [
+                    {
+                        "FromPort": 22,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 22,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-186-security_group_ingress_is_restricted_22/red_policy_test.py b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/red_policy_test.py
new file mode 100644
index 000000000..55aa7f0e8
--- /dev/null
+++ b/tests/ecc-aws-186-security_group_ingress_is_restricted_22/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 22)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..1d2462f27
--- /dev/null
+++ b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-green-rdp",
+                "GroupName": "test-green-rdp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 3389,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "192.168.1.1/32"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3389,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..0358e677c
--- /dev/null
+++ b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "test-red-rdp",
+                "GroupName": "test-red-rdp",
+                "IpPermissions": [
+                    {
+                        "FromPort": 3389,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3389,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "123456789123",
+                "GroupId": "sg-123456abcdef",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "VpcId": "vpc-ad123456"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/red_policy_test.py b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/red_policy_test.py
new file mode 100644
index 000000000..b190c392b
--- /dev/null
+++ b/tests/ecc-aws-187-security_group_ingress_is_restricted_3389/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 3389)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..ea7e3435e
--- /dev/null
+++ b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "default VPC security group",
+                "GroupName": "default",
+                "IpPermissions": [],
+                "OwnerId": "123456789876",
+                "GroupId": "sg-123456789abcdef12",
+                "IpPermissionsEgress": [],
+                "VpcId": "vpc-abcdef98765432112"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..a3ae72348
--- /dev/null
+++ b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "default VPC security group",
+                "GroupName": "default",
+                "IpPermissions": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-123456789abcdef12",
+                                "UserId": "123456789876"
+                            }
+                        ]
+                    }
+                ],
+                "OwnerId": "123456789876",
+                "GroupId": "sg-123456789abcdef12",
+                "IpPermissionsEgress": [],
+                "VpcId": "vpc-abcdef98765432112"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red_policy_test.py b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red_policy_test.py
new file mode 100644
index 000000000..07781683b
--- /dev/null
+++ b/tests/ecc-aws-188-default_security_group_every_vpc_restricts_all_traffic/red_policy_test.py
@@ -0,0 +1,16 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        security_group = resources[0]
+        base_test.assertEqual(security_group["GroupName"], "default")
+
+        try:
+            base_test.assertNotEqual(len(security_group["IpPermissions"]), 0)
+        except:
+            pass
+
+        try:
+            base_test.assertNotEqual(len(security_group["IpPermissionsEgress"]), 0)
+        except:
+            pass
diff --git a/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..ef9e33d65
--- /dev/null
+++ b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,148 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 2,
+            "Items": [
+                {
+                    "Id": "1212121112212",
+                    "ARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 1,
+                        "hour": 5,
+                        "minute": 41,
+                        "second": 21,
+                        "microsecond": 667000
+                    },
+                    "DomainName": "1212121112212.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "1212121112212.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "https-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "https-only",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "CA",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..cfa389fe6
--- /dev/null
+++ b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..790eb2b20
--- /dev/null
+++ b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,148 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 2,
+            "Items": [
+                {
+                    "Id": "1212121112212",
+                    "ARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 1,
+                        "hour": 5,
+                        "minute": 46,
+                        "second": 59,
+                        "microsecond": 915000
+                    },
+                    "DomainName": "1212121112212.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "1212121112212.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "http-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "CA",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..cfa389fe6
--- /dev/null
+++ b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red_policy_test.py b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red_policy_test.py
new file mode 100644
index 000000000..b63d330cc
--- /dev/null
+++ b/tests/ecc-aws-190-encrypted_connection_between_cloudfront_origin/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Origins']['Items'][0]['CustomOriginConfig']['OriginProtocolPolicy'], 'http-only')
+        base_test.assertEqual(resources[0]['DefaultCacheBehavior']['ViewerProtocolPolicy'], 'allow-all')
+
+        
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..2d98cb0cc
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "green-cluster-191-public",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/green-cluster-191-public",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 1,
+                "hour": 12,
+                "minute": 25,
+                "second": 23,
+                "microsecond": 863000
+            },
+            "version": "1.19",
+            "endpoint": "https://ENDPOINT.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-green-191",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-ID",
+                    "subnet-ID"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-ID",
+                "vpcId": "vpc-ID",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": true,
+                "publicAccessCidrs": [
+                    "11.2.3.4/32"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/ENDPOINT"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXdNVEE1TXpJeU1Gb1hEVE14TURVek1EQTVNekl5TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTTZ0Cnk3czBJaUZkYWNBK2NjN3Q2MlZyb0hoQTI0dURSR1BIbTNPRHRGbk8vNWdNdUYyQ2Fta3Zzd1NkMHRhVUtzUUEKMEtHTUdzSktvQWw4TC9vRXlQTlN5UW1GdmxRdURZMnNGMlpUU0lRVHNuWURkL3ZBVXpQVEJYNEE4YnVCZTUyMApXa01NU3N4ZHhOT0FJUkxYRTBpTVVxYWUvSjQwSFZvZVR3eXVxSkJ6dGRxSjBBUVI5bkM0bG1oTFY0cWd2aUpZCisvKzhTUGVsWHd5anI4dmFUR1N0V1ZlQ3M3V2Z5cTk5Y0ZwOE1raStvZlJ2RzBrcDRISjZRV1pkR2QwQ1c1bFEKMTU0eThKSW5uaTRHWEo1V2ZWVVVNd3JtaU95WEFMekYyM3U5YlNZbDBrRzBEa29xVFg4TkhFdytRMUlpR2pMbQpaTzFTc1FXZDNHN1hOQ3RBTzM4Q0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZPdkxINGx1YkNaTVdKVnRYeXp23UvaWJCaFRJVWgvVkF6R2JSYk54Ck5TcTVlZ2swcDJtMXdhWitST2VZV3FlV2xKcE5MNVpnVnArRQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.5",
+            "tags": {}
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_2.json b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_2.json
new file mode 100644
index 000000000..05a56a4bb
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.DescribeCluster_2.json
@@ -0,0 +1,63 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "green-cluster-191-private",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/green-cluster-191-private",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 1,
+                "hour": 12,
+                "minute": 25,
+                "second": 23,
+                "microsecond": 897000
+            },
+            "version": "1.19",
+            "endpoint": "https://5.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-green-191",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-ID",
+                    "subnet-ID"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-ID",
+                "vpcId": "vpc-ID",
+                "endpointPublicAccess": false,
+                "endpointPrivateAccess": true,
+                "publicAccessCidrs": []
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/5"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXdNVEE1TXpBMU9Wb1hEVE14TURVek1EQTVNekExT1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBS2hJCnJvOEZpa0VkTDJYYVdBbU56dzZXMXRPMkd5Wk9RYTNudkZOY55hMUZlbDRzc3dqTnV6bFA2MkRrQmxveXJjZjVjREhNSzhBVEVwS3pNdTk4OUxFUU5HCmkydUVXeTNlYUFSTVBORDRtQUFxRzdSK29mcEF2Q1A0ZXBPdm1WRXF0SUVscXJPeUw3aGtaWEVWNk9wRjF5a3MKVWhudndGU1BETEZJbExjYWhmQkttRklZNjRDc3VWQ3o0WmdBNTIxekNoV0VleU03V29CTG0rRjVHSGliZEdtRwpDSStjTFI5cStiai9qZ2lMNC9ZQ0VrdDNCNWVWeXRiTkRtWGlBUXloTFJqQ1huS1JiZ3grWTgxQlhRTHc4NEN4CmNlTXlMcHExeGlZZzdLV3FKQzBPdXFITS9JL3FKVTBGbGtseQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.5",
+            "tags": {}
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..4b3c13907
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "green-cluster-191-public",
+            "green-cluster-191-private"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..f34f1c0ec
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "red-cluster-191-private",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/red-cluster-191-private",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 1,
+                "hour": 12,
+                "minute": 46,
+                "second": 5,
+                "microsecond": 319000
+            },
+            "version": "1.19",
+            "endpoint": "https://ENDPOINT.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-red-191",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-ID",
+                    "subnet-ID"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-ID",
+                "vpcId": "vpc-ID",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": true,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/ENDPOINT"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1EWXdNVEE1TlRJMU4xb1hEVE14TURVek1EQTVOVEkxTjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTE5vCktWWjNFU1hySVk0SFFrWHM2S2xaU2VhWUxPNWVGTzVYcjBQZEp2M3FFTlpVaXpPSjhbVMyL3hwUzRHSjl0K05YZnBFeEJyV3p6R2dzUXNwUzhxTFVQY2tWbGhmMFIwUQpvTWRMdWJyM3FSd1RkWXAwUWEvNWxpdUxNZ0hiTjI2VkVVSWhjU0Q5eGhtUTFtaGVlRnpwWWhJKzgzNU5Mc1dYCmx0ZithREZHNVByczZPL2YveDBDS0xncHJGQldCeFNRellub1ozTXgzKzF0aXVUYm5hOVQvS2M3MTRSQS9jVDMKdGllRnVjMmcyS093a2J2K0s2VlU5K1I2M1ZZWlhkem5BakJlUVJMUHZrNm03N2JmZmorQWRrdkJINDlqNGFZeQpCaE16bWhMemRRK3NiQXpLdkhLOW5iNWxtL3drVVZYVmdLdTRvbWlMV3VxMWJadENoWlpUS2tUQ3UvNVBUc1ZvCmczZkNTUlhGN3MzdGZUbEpPZGdORXJHdEtzVnVnSHhNaVVKUAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.5",
+            "tags": {}
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..6f433ed23
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "red-cluster-191-private"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/red_policy_test.py b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/red_policy_test.py
new file mode 100644
index 000000000..ea45329dc
--- /dev/null
+++ b/tests/ecc-aws-191-eks_cluster_protected_endpoint_access/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['resourcesVpcConfig']['endpointPublicAccess'])
+        base_test.assertEqual(resources[0]['resourcesVpcConfig']['publicAccessCidrs'], ['0.0.0.0/0'])
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..9cde7b1f7
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/batch.DescribeComputeEnvironments_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/batch.DescribeComputeEnvironments_1.json
new file mode 100644
index 000000000..2bb58e653
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/batch.DescribeComputeEnvironments_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "computeEnvironments": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..4021d0a5f
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeNetworkInterfaces_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeNetworkInterfaces_1.json
new file mode 100644
index 000000000..0b964f629
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeNetworkInterfaces_1.json
@@ -0,0 +1,67 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkInterfaces": [
+            {
+                "Association": {
+                    "IpOwnerId": "amazon",
+                    "PublicDnsName": "ec2-100-25-4-177.compute-1.amazonaws.com",
+                    "PublicIp": "100.25.4.177"
+                },
+                "Attachment": {
+                    "AttachTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 3,
+                        "day": 27,
+                        "hour": 14,
+                        "minute": 0,
+                        "second": 31,
+                        "microsecond": 0
+                    },
+                    "AttachmentId": "eni-attach-05b62f98dd97fd7c7",
+                    "DeleteOnTermination": true,
+                    "DeviceIndex": 0,
+                    "NetworkCardIndex": 0,
+                    "InstanceId": "i-09f11280c2c06b354",
+                    "InstanceOwnerId": "111111111111",
+                    "Status": "attached"
+                },
+                "AvailabilityZone": "us-east-1e",
+                "Description": "",
+                "Groups": [
+                    {
+                        "GroupName": "196_security_group_green",
+                        "GroupId": "sg-1234567asdfg"
+                    }
+                ],
+                "InterfaceType": "interface",
+                "Ipv6Addresses": [],
+                "MacAddress": "06:47:d6:12:0a:99",
+                "NetworkInterfaceId": "eni-0d33ff2e01679ca46",
+                "OwnerId": "111111111111",
+                "PrivateDnsName": "ip-172-31-59-71.ec2.internal",
+                "PrivateIpAddress": "172.31.59.71",
+                "PrivateIpAddresses": [
+                    {
+                        "Association": {
+                            "IpOwnerId": "amazon",
+                            "PublicDnsName": "ec2-100-25-4-177.compute-1.amazonaws.com",
+                            "PublicIp": "100.25.4.177"
+                        },
+                        "Primary": true,
+                        "PrivateDnsName": "ip-172-31-59-71.ec2.internal",
+                        "PrivateIpAddress": "172.31.59.71"
+                    }
+                ],
+                "RequesterManaged": false,
+                "SourceDestCheck": true,
+                "Status": "in-use",
+                "SubnetId": "subnet-11111111",
+                "TagSet": [],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroupReferences_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroupReferences_1.json
new file mode 100644
index 000000000..08b12ed02
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroupReferences_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroupReferenceSet": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..3cfadff56
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "196_security_group_green",
+                "IpPermissions": [],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-196-unused_ec2_security_groups"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListRules_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListRules_1.json
new file mode 100644
index 000000000..bb6fe9880
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListRules_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Rules": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListTargetsByRule_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListTargetsByRule_1.json
new file mode 100644
index 000000000..e99443b67
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/events.ListTargetsByRule_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Targets": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..c3b821398
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..9cde7b1f7
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/batch.DescribeComputeEnvironments_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/batch.DescribeComputeEnvironments_1.json
new file mode 100644
index 000000000..2bb58e653
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/batch.DescribeComputeEnvironments_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "computeEnvironments": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..4021d0a5f
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeNetworkInterfaces_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeNetworkInterfaces_1.json
new file mode 100644
index 000000000..a2d6c7a69
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeNetworkInterfaces_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkInterfaces": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroupReferences_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroupReferences_1.json
new file mode 100644
index 000000000..08b12ed02
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroupReferences_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroupReferenceSet": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..46db047cc
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "196_security_group_red",
+                "IpPermissions": [],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-196-unused_ec2_security_groups"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListRules_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListRules_1.json
new file mode 100644
index 000000000..bb6fe9880
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListRules_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Rules": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListTargetsByRule_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListTargetsByRule_1.json
new file mode 100644
index 000000000..e99443b67
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/events.ListTargetsByRule_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Targets": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..c3b821398
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-196-unused_ec2_security_groups/red_policy_test.py b/tests/ecc-aws-196-unused_ec2_security_groups/red_policy_test.py
new file mode 100644
index 000000000..d9899f3bb
--- /dev/null
+++ b/tests/ecc-aws-196-unused_ec2_security_groups/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        client = local_session.client('ec2')
+        attach = client.describe_network_interfaces().get('Attached', ())
+        base_test.assertNotIn('Attached', attach)
+
+        
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..f7b5dfc70
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,137 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "green-codebuild-197-b",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/green-codebuild-197-b",
+                "source": {
+                    "type": "BITBUCKET",
+                    "location": "https://1212121112212@bitbucket.org/1212121112212/197.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/green-iam-role-197",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 42,
+                    "second": 42,
+                    "microsecond": 420000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 42,
+                    "second": 42,
+                    "microsecond": 420000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            },
+            {
+                "name": "green-codebuild-197-a",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/green-codebuild-197-a",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/1212121112212/test.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/green-iam-role-197",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 42,
+                    "second": 34,
+                    "microsecond": 383000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 42,
+                    "second": 34,
+                    "microsecond": 383000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..1ec18a34b
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "green-codebuild-197-b",
+            "green-codebuild-197-a"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..14f2b4844
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "red-codebuild-197-a",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/red-codebuild-197-a",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/1212121112212/test.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "auth": {
+                        "type": "OAUTH",
+                        "resource": "arn:aws:codebuild:us-east-1:1212121112212:token/github"
+                    },
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/red-iam-role-197",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 47,
+                    "second": 2,
+                    "microsecond": 256000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 47,
+                    "second": 2,
+                    "microsecond": 256000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            },
+            {
+                "name": "red-codebuild-197-b",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/red-codebuild-197-b",
+                "source": {
+                    "type": "BITBUCKET",
+                    "location": "https://1212121112212@bitbucket.org/1212121112212/197.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "auth": {
+                        "type": "OAUTH",
+                        "resource": "arn:aws:codebuild:us-east-1:1212121112212:token/bitbucket"
+                    },
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/red-iam-role-197",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 47,
+                    "second": 2,
+                    "microsecond": 247000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 47,
+                    "second": 2,
+                    "microsecond": 247000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..405ca9b5d
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "red-codebuild-197-a",
+            "red-codebuild-197-b"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-197-codebuild_project_source_repo_url_check/red_policy_test.py b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/red_policy_test.py
new file mode 100644
index 000000000..5c7d6567a
--- /dev/null
+++ b/tests/ecc-aws-197-codebuild_project_source_repo_url_check/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 2)
+        base_test.assertEqual(resources[0]['source']['auth']['type'] , 'OAUTH')
+        base_test.assertEqual(resources[1]['source']['auth']['type'] , 'OAUTH')
+
+
+        
diff --git a/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..b672af61e
--- /dev/null
+++ b/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "tf-asg",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:a:autoScalingGroupName/tf-asg",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "ID",
+                    "LaunchTemplateName": "c7n_198_name",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "ELB",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "ID",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "ID",
+                            "LaunchTemplateName": "c7n_198_name",
+                            "Version": "2"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 55,
+                    "second": 53,
+                    "microsecond": 989000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..7f38afca0
--- /dev/null
+++ b/tests/ecc-aws-198-autoscaling_group_health_checks/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "tf-asg",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:a:autoScalingGroupName/tf-asg",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "ID",
+                    "LaunchTemplateName": "c7n_198_name_red",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "ID",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "ID",
+                            "LaunchTemplateName": "c7n_198_name_red",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 28,
+                    "hour": 12,
+                    "minute": 8,
+                    "second": 57,
+                    "microsecond": 193000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-198-autoscaling_group_health_checks/red_policy_test.py b/tests/ecc-aws-198-autoscaling_group_health_checks/red_policy_test.py
new file mode 100644
index 000000000..1ab32eccf
--- /dev/null
+++ b/tests/ecc-aws-198-autoscaling_group_health_checks/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['HealthCheckType'], 'EKL')
\ No newline at end of file
diff --git a/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-green/ec2.DescribeAddresses_1.json b/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-green/ec2.DescribeAddresses_1.json
new file mode 100644
index 000000000..bceaae4ee
--- /dev/null
+++ b/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-green/ec2.DescribeAddresses_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Addresses": [
+            {
+                "InstanceId": "i-ID",
+                "PublicIp": "50.17.200.36",
+                "AllocationId": "eipalloc-ID",
+                "AssociationId": "eipassoc-ID",
+                "Domain": "vpc",
+                "NetworkInterfaceId": "eni-ID",
+                "NetworkInterfaceOwnerId": "1234",
+                "PrivateIpAddress": "172.31.57.172",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "green ip 199"
+                    }
+                ],
+                "PublicIpv4Pool": "amazon",
+                "NetworkBorderGroup": "us-east-1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-red/ec2.DescribeAddresses_1.json b/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-red/ec2.DescribeAddresses_1.json
new file mode 100644
index 000000000..5445dc805
--- /dev/null
+++ b/tests/ecc-aws-199-unused_eip_should_be_removed/placebo-red/ec2.DescribeAddresses_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Addresses": [
+            {
+                "PublicIp": "54.146.29.222",
+                "AllocationId": "eipalloc-ID",
+                "Domain": "vpc",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "red ip 199"
+                    }
+                ],
+                "PublicIpv4Pool": "amazon",
+                "NetworkBorderGroup": "us-east-1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-199-unused_eip_should_be_removed/red_policy_test.py b/tests/ecc-aws-199-unused_eip_should_be_removed/red_policy_test.py
new file mode 100644
index 000000000..356d90e02
--- /dev/null
+++ b/tests/ecc-aws-199-unused_eip_should_be_removed/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:MatchedFilters'], ['AssociationId'])
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..6687ad6e4
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/green-elasticsearch-200",
+                "DomainName": "green-elasticsearch-200",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/green-elasticsearch-200",
+                "Created": true,
+                "Deleted": false,
+                "Endpoints": {
+                    "vpc": "vpc-green-elasticsearch-200-7mzef5ofvpwwczgdtqpjr7mi75.us-east-1.es.amazonaws.com"
+                },
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"es:*\",\"Resource\":\"arn:aws:es:us-east-1:111111111111:domain/green-elasticsearch-200/*\"}]}",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "VPCOptions": {
+                    "VPCId": "vpc-ID",
+                    "SubnetIds": [
+                        "subnet-ID"
+                    ],
+                    "AvailabilityZones": [
+                        "us-east-1d"
+                    ],
+                    "SecurityGroupIds": [
+                        "sg-ID"
+                    ]
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210426",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 2,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..e0345516b
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "green-elasticsearch-200"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListTags_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-green/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..02f2ff610
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,75 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/red-elasticsearch-200",
+                "DomainName": "red-elasticsearch-200",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/red-elasticsearch-200",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-red-elasticsearch-200-piamp2qju54jqwxyrqu4tfbx4u.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210426",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 2,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..91cb2e8a7
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "red-elasticsearch-200"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListTags_1.json b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/placebo-red/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/red_policy_test.py b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/red_policy_test.py
new file mode 100644
index 000000000..2d15bbf4b
--- /dev/null
+++ b/tests/ecc-aws-200-elasticsearch_service_domains_in_vpc/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("vpc", resources[0] ['Endpoint'])
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..d866c785d
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "1212121112212/green-elasticsearch-201",
+                "DomainName": "green-elasticsearch-201",
+                "ARN": "arn:aws:es:us-east-1:1212121112212:domain/green-elasticsearch-201",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-green-elasticsearch-201-1212121112212.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"es:*\",\"Resource\":\"arn:aws:es:us-east-1:1212121112212:domain/green-elasticsearch-201/*\",\"Condition\":{\"IpAddress\":{\"aws:SourceIp\":\"0.0.0.0/0\"}}}]}",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": true,
+                    "KmsKeyId": "arn:aws:kms:us-east-1:1212121112212:key/1212121112212"
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "1212121112212",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..b60bf6d57
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "green-elasticsearch-201"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListTags_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-green/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..e6bcded5d
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,74 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "1212121112212/red-elasticsearch-201",
+                "DomainName": "red-elasticsearch-201",
+                "ARN": "arn:aws:es:us-east-1:1212121112212:domain/red-elasticsearch-201",
+                "Created": true,
+                "Deleted": false,
+                "Processing": true,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..381989f9c
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "red-elasticsearch-201"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListTags_1.json b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/placebo-red/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red_policy_test.py b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red_policy_test.py
new file mode 100644
index 000000000..47a7d6691
--- /dev/null
+++ b/tests/ecc-aws-201-elasticsearch_service_domains_encryption_at_rest/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EncryptionAtRestOptions']['Enabled'], False)
+
+
+        
diff --git a/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshotAttribute_1.json b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshotAttribute_1.json
new file mode 100644
index 000000000..76bd95133
--- /dev/null
+++ b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshotAttribute_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "CreateVolumePermissions": [],
+        "SnapshotId": "snap-ID",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..bfe386256
--- /dev/null
+++ b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-green/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "",
+                "Encrypted": false,
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-ID",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 4,
+                    "hour": 7,
+                    "minute": 6,
+                    "second": 21,
+                    "microsecond": 27000
+                },
+                "State": "completed",
+                "VolumeId": "vol-ID",
+                "VolumeSize": 10,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "ebs-snapshot-green-203"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshotAttribute_1.json b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshotAttribute_1.json
new file mode 100644
index 000000000..7132a4661
--- /dev/null
+++ b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshotAttribute_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CreateVolumePermissions": [
+            {
+                "Group": "all"
+            }
+        ],
+        "SnapshotId": "snap-06645dbdcfbf5dad6",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..a2440d40a
--- /dev/null
+++ b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/placebo-red/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "",
+                "Encrypted": false,
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-06645dbdcfbf5dad6",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 14,
+                    "hour": 10,
+                    "minute": 17,
+                    "second": 22,
+                    "microsecond": 196000
+                },
+                "State": "completed",
+                "VolumeId": "vol-0c21b345d070a1f91",
+                "VolumeSize": 10,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-203-ebs_snapshots_not_publicly_restorable"
+                    }
+                ],
+                "StorageTier": "standard"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red_policy_test.py b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red_policy_test.py
new file mode 100644
index 000000000..3b2daa583
--- /dev/null
+++ b/tests/ecc-aws-203-ebs_snapshots_not_publicly_restorable/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0], 'c7n:CrossAccountViolations')
+        base_test.assertIn('all', resources[0] ['c7n:CrossAccountViolations'])
\ No newline at end of file
diff --git a/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..30c899a02
--- /dev/null
+++ b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 2,
+            "Items": [
+                {
+                    "Id": "1212121112212",
+                    "ARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 3,
+                        "hour": 12,
+                        "minute": 48,
+                        "second": 27,
+                        "microsecond": 815000
+                    },
+                    "DomainName": "1212121112212.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myGreenS3",
+                                "DomainName": "green-s3-210.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myGreenS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "1212121112212",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..492f18725
--- /dev/null
+++ b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..948e1bb42
--- /dev/null
+++ b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 2,
+            "Items": [
+                {
+                    "Id": "1212121112212s",
+                    "ARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 3,
+                        "hour": 12,
+                        "minute": 51,
+                        "second": 6,
+                        "microsecond": 75000
+                    },
+                    "DomainName": "1212121112212.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "red-s3-210.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..492f18725
--- /dev/null
+++ b/tests/ecc-aws-210-cloud_front_waf_integration/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::1212121112212:distribution/1212121112212",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-210-cloud_front_waf_integration/red_policy_test.py b/tests/ecc-aws-210-cloud_front_waf_integration/red_policy_test.py
new file mode 100644
index 000000000..e7dc16d2d
--- /dev/null
+++ b/tests/ecc-aws-210-cloud_front_waf_integration/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['WebACLId'])
+
+
+        
diff --git a/tests/ecc-aws-212-lambda_in_vpc/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-212-lambda_in_vpc/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..f494cdac9
--- /dev/null
+++ b/tests/ecc-aws-212-lambda_in_vpc/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "c7n_212_green_lambda",
+                "FunctionArn": "arn:aws:lambda:us-east-1:6:function:c7n_212_green_lambda",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::6:role/iam_for_lambda_c7n_212_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2021-06-07T07:15:18.632+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "VpcConfig": {
+                    "SubnetIds": [
+                        "subnet-ID",
+                        "subnet-ID"
+                    ],
+                    "SecurityGroupIds": [
+                        "sg-ID"
+                    ],
+                    "VpcId": "vpc-12345asdfg"
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "a4b16b9a-5351-40ff-af38-ID"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-212-lambda_in_vpc/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-212-lambda_in_vpc/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-212-lambda_in_vpc/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-212-lambda_in_vpc/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-212-lambda_in_vpc/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..954e85ef0
--- /dev/null
+++ b/tests/ecc-aws-212-lambda_in_vpc/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "c7n_212_red_lambda",
+                "FunctionArn": "arn:aws:lambda:us-east-1:6:function:c7n_212_red_lambda",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::6:role/iam_for_lambda_c7n_212_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2021-06-07T07:27:02.545+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "VpcConfig": {
+                    "SubnetIds": [
+                        "subnet-ID"
+                    ],
+                    "SecurityGroupIds": [
+                        "sg-ID"
+                    ],
+                    "VpcId": "vpc-12345asdfg"
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "c4a860a8-2e4d-4359-b71f-ID"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-212-lambda_in_vpc/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-212-lambda_in_vpc/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-212-lambda_in_vpc/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-212-lambda_in_vpc/red_policy_test.py b/tests/ecc-aws-212-lambda_in_vpc/red_policy_test.py
new file mode 100644
index 000000000..fe8068643
--- /dev/null
+++ b/tests/ecc-aws-212-lambda_in_vpc/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0] ['VpcConfig'], 'SubnetIds'[1])
\ No newline at end of file
diff --git a/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..faa1caa7d
--- /dev/null
+++ b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,63 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "green-redshift-215",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "creating",
+                "ClusterAvailabilityStatus": "Modifying",
+                "MasterUsername": "c7n",
+                "DBName": "mydb",
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-1212121112212",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "PreferredMaintenanceWindow": "sun:04:00-sun:04:30",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****"
+                },
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": false,
+                "Encrypted": false,
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED"
+                    }
+                ],
+                "ClusterRevisionNumber": "26742",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 13,
+                    "hour": 4,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..4b8c082da
--- /dev/null
+++ b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,67 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "red-redshift-215",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "creating",
+                "ClusterAvailabilityStatus": "Modifying",
+                "MasterUsername": "c7n",
+                "DBName": "mydb",
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-1212121112212",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "wed:07:30-wed:08:00",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****"
+                },
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa 1212121112212/1212121112212/T/1212121112212/2fugHKzy/1212121112212+1212121112212/d+1212121112212 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "1212121112212",
+                        "PublicIPAddress": "1212121112212"
+                    }
+                ],
+                "ClusterRevisionNumber": "21212121112212",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 9,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/red_policy_test.py b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/red_policy_test.py
new file mode 100644
index 000000000..e2da156a7
--- /dev/null
+++ b/tests/ecc-aws-215-redshift_cluster_prohibit_public_access/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]["PubliclyAccessible"])
+
+
+        
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..6d3f710b0
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "green-codebuild-218",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/green-codebuild-218",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/1212121112212/test.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/green-iam-role-218",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 5,
+                    "minute": 43,
+                    "second": 54,
+                    "microsecond": 782000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 5,
+                    "minute": 43,
+                    "second": 54,
+                    "microsecond": 782000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..13c0e695e
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "green-codebuild-218"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..7f8d7b5fc
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "red-codebuild-218",
+                "arn": "arn:aws:codebuild:us-east-1:1212121112212:project/red-codebuild-218",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/1212121112212/test.git",
+                    "gitCloneDepth": 0,
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "NO_CACHE"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/standard:1.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "AWS_ACCESS_KEY_ID",
+                            "value": "1212121112212",
+                            "type": "PLAINTEXT"
+                        },
+                        {
+                            "name": "AWS_SECRET_ACCESS_KEY",
+                            "value": "1212121112212",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::1212121112212:role/red-iam-role-218",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:1212121112212:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 5,
+                    "minute": 48,
+                    "second": 41,
+                    "microsecond": 347000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 5,
+                    "minute": 48,
+                    "second": 41,
+                    "microsecond": 347000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                }
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..4b2e91c0a
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "red-codebuild-218"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red_policy_test.py b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red_policy_test.py
new file mode 100644
index 000000000..6ffe686a0
--- /dev/null
+++ b/tests/ecc-aws-218-codebuild_environment_variables_contain_text_credentials/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['environment']['environmentVariables'][0]['name'], 'AWS_ACCESS_KEY_ID')
+        
+
+
+        
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshotAttributes_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshotAttributes_1.json
new file mode 100644
index 000000000..bcdcf1bb5
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshotAttributes_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshotAttributesResult": {
+            "DBSnapshotIdentifier": "green-db-snapshot-219",
+            "DBSnapshotAttributes": [
+                {
+                    "AttributeName": "restore",
+                    "AttributeValues": []
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..3e0f08e73
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "green-db-snapshot-219",
+                "DBInstanceIdentifier": "green-db-instance-219",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 9,
+                    "second": 36,
+                    "microsecond": 184000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1b",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 8,
+                    "second": 37,
+                    "microsecond": 968000
+                },
+                "MasterUsername": "c7n",
+                "EngineVersion": "5.7.26",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": false,
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:111111111111:snapshot:green-db-snapshot-219",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-ID",
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshotAttributes_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshotAttributes_1.json
new file mode 100644
index 000000000..fa99eca25
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshotAttributes_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshotAttributesResult": {
+            "DBSnapshotIdentifier": "green-db-snapshot-219",
+            "DBSnapshotAttributes": [
+                {
+                    "AttributeName": "restore",
+                    "AttributeValues": [
+                        "all"
+                    ]
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..3e0f08e73
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "green-db-snapshot-219",
+                "DBInstanceIdentifier": "green-db-instance-219",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 9,
+                    "second": 36,
+                    "microsecond": 184000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1b",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 8,
+                    "second": 37,
+                    "microsecond": 968000
+                },
+                "MasterUsername": "c7n",
+                "EngineVersion": "5.7.26",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": false,
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:111111111111:snapshot:green-db-snapshot-219",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-ID",
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/red_policy_test.py b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/red_policy_test.py
new file mode 100644
index 000000000..b60324e7c
--- /dev/null
+++ b/tests/ecc-aws-219-rds_snapshot_prohibit_public_access/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn('all', resources[0] ['c7n:CrossAccountViolations'])
\ No newline at end of file
diff --git a/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..8bf25778b
--- /dev/null
+++ b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,183 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-04ad2567c9e3d7893",
+                        "InstanceId": "i-009f9ecb592a24a30",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 29,
+                            "hour": 10,
+                            "minute": 40,
+                            "second": 2,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-82-14.ec2.internal",
+                        "PrivateIpAddress": "172.31.82.14",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-3-87-188-114.compute-1.amazonaws.com",
+                        "PublicIpAddress": "3.87.188.114",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-1111aaaa",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 29,
+                                        "hour": 10,
+                                        "minute": 40,
+                                        "second": 3,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0a620e94b9a090521"
+                                }
+                            }
+                        ],
+                        "ClientToken": "21C2BA63-27EC-487D-AA70-EF93D93BF64B",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/221_profile_green",
+                            "Id": "AAAAAAAAA11111"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-3-87-188-114.compute-1.amazonaws.com",
+                                    "PublicIp": "3.87.188.114"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 29,
+                                        "hour": 10,
+                                        "minute": 40,
+                                        "second": 2,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0728431821f3bd107",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "221_security_group_green",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:15:bb:5d:b5:13",
+                                "NetworkInterfaceId": "eni-01b780dd0f4514534",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-82-14.ec2.internal",
+                                "PrivateIpAddress": "172.31.82.14",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-3-87-188-114.compute-1.amazonaws.com",
+                                            "PublicIp": "3.87.188.114"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-82-14.ec2.internal",
+                                        "PrivateIpAddress": "172.31.82.14"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-1111aaaa",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "221_security_group_green",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "221_instance_green"
+                            },
+                            {
+                                "Key": "Patch Group",
+                                "Value": "Patch_Group_221_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-221-ec2_managed_ssm_patch_compliance"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0fe01adfa0667ff9c"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ssm.ListResourceComplianceSummaries_1.json b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ssm.ListResourceComplianceSummaries_1.json
new file mode 100644
index 000000000..053777a8f
--- /dev/null
+++ b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-green/ssm.ListResourceComplianceSummaries_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceComplianceSummaryItems": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..efba60ef3
--- /dev/null
+++ b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,183 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-04ad2567c9e3d7893",
+                        "InstanceId": "i-08fb5b37644f95266",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 29,
+                            "hour": 9,
+                            "minute": 1,
+                            "second": 49,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-91-148.ec2.internal",
+                        "PrivateIpAddress": "172.31.91.148",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-52-71-68-222.compute-1.amazonaws.com",
+                        "PublicIpAddress": "52.71.68.222",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-1111aaaa",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 29,
+                                        "hour": 9,
+                                        "minute": 1,
+                                        "second": 50,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-04bbfd83566522896"
+                                }
+                            }
+                        ],
+                        "ClientToken": "7B5F8D68-B931-4303-819C-A9A9C495BB88",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/221_profile_red",
+                            "Id": "AAAAAAAAA11111"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-52-71-68-222.compute-1.amazonaws.com",
+                                    "PublicIp": "52.71.68.222"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 29,
+                                        "hour": 9,
+                                        "minute": 1,
+                                        "second": 49,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-062714dd55742f17c",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "221_security_group_red",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:c1:6e:d0:75:a5",
+                                "NetworkInterfaceId": "eni-02825ef252c2f7532",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-91-148.ec2.internal",
+                                "PrivateIpAddress": "172.31.91.148",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-52-71-68-222.compute-1.amazonaws.com",
+                                            "PublicIp": "52.71.68.222"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-91-148.ec2.internal",
+                                        "PrivateIpAddress": "172.31.91.148"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-1111aaaa",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "221_security_group_red",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-221-ec2_managed_ssm_patch_compliance"
+                            },
+                            {
+                                "Key": "Patch Group",
+                                "Value": "Patch_Group_221_red"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "221_instance_red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-06c030cc89e31195b"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ssm.ListResourceComplianceSummaries_1.json b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ssm.ListResourceComplianceSummaries_1.json
new file mode 100644
index 000000000..b8427b35e
--- /dev/null
+++ b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/placebo-red/ssm.ListResourceComplianceSummaries_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceComplianceSummaryItems": [
+            {
+                "ComplianceType": "Patch",
+                "ResourceType": "ManagedInstance",
+                "ResourceId": "i-08fb5b37644f95266",
+                "Status": "NON_COMPLIANT",
+                "OverallSeverity": "UNSPECIFIED",
+                "ExecutionSummary": {
+                    "ExecutionTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 29,
+                        "hour": 11,
+                        "minute": 11,
+                        "second": 55,
+                        "microsecond": 0
+                    },
+                    "ExecutionId": "4847e8b2-1985-44c7-bd85-a74f3dc272b1",
+                    "ExecutionType": "Command"
+                },
+                "CompliantSummary": {
+                    "CompliantCount": 448,
+                    "SeveritySummary": {
+                        "CriticalCount": 0,
+                        "HighCount": 0,
+                        "MediumCount": 0,
+                        "LowCount": 0,
+                        "InformationalCount": 0,
+                        "UnspecifiedCount": 448
+                    }
+                },
+                "NonCompliantSummary": {
+                    "NonCompliantCount": 1,
+                    "SeveritySummary": {
+                        "CriticalCount": 0,
+                        "HighCount": 0,
+                        "MediumCount": 0,
+                        "LowCount": 0,
+                        "InformationalCount": 0,
+                        "UnspecifiedCount": 1
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/red_policy_test.py b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/red_policy_test.py
new file mode 100644
index 000000000..b133e58ae
--- /dev/null
+++ b/tests/ecc-aws-221-ec2_managed_ssm_patch_compliance/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:ssm-compliance'][0]['ComplianceType'], 'Patch')
+        base_test.assertEqual(resources[0]['c7n:ssm-compliance'][0]['Status'], 'NON_COMPLIANT')
\ No newline at end of file
diff --git a/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImageAttribute_1.json b/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImageAttribute_1.json
new file mode 100644
index 000000000..0819b3e20
--- /dev/null
+++ b/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImageAttribute_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "ImageId": "ami-ID",
+        "LaunchPermissions": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImages_1.json b/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..5281fa260
--- /dev/null
+++ b/tests/ecc-aws-222-ami_public_access/placebo-green/ec2.DescribeImages_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2021-06-08T08:49:27.000Z",
+                "ImageId": "ami-ID",
+                "ImageLocation": "111111111111/green-ami-222",
+                "ImageType": "machine",
+                "Public": false,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-ID",
+                            "VolumeSize": 10,
+                            "VolumeType": "standard",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "",
+                "EnaSupport": false,
+                "Hypervisor": "xen",
+                "Name": "green-ami-222",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "VirtualizationType": "paravirtual"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImageAttribute_1.json b/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImageAttribute_1.json
new file mode 100644
index 000000000..5595a8c6c
--- /dev/null
+++ b/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImageAttribute_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ImageId": "ami-ID",
+        "LaunchPermissions": [
+            {
+                "Group": "all"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImages_1.json b/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..601a650ad
--- /dev/null
+++ b/tests/ecc-aws-222-ami_public_access/placebo-red/ec2.DescribeImages_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2021-06-08T08:49:27.000Z",
+                "ImageId": "ami-ID",
+                "ImageLocation": "111111111111/green-ami-222",
+                "ImageType": "machine",
+                "Public": true,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-ID",
+                            "VolumeSize": 10,
+                            "VolumeType": "standard",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "",
+                "EnaSupport": false,
+                "Hypervisor": "xen",
+                "Name": "green-ami-222",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "VirtualizationType": "paravirtual"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-222-ami_public_access/red_policy_test.py b/tests/ecc-aws-222-ami_public_access/red_policy_test.py
new file mode 100644
index 000000000..b60324e7c
--- /dev/null
+++ b/tests/ecc-aws-222-ami_public_access/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn('all', resources[0] ['c7n:CrossAccountViolations'])
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..4cba721e2
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/223-sagemaker-notebook-instance-green",
+        "NotebookInstanceName": "223-sagemaker-notebook-instance-green",
+        "NotebookInstanceStatus": "InService",
+        "Url": "223-sagemaker-notebook-instance-green-3nsx.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SubnetId": "subnet-111111111111",
+        "SecurityGroups": [
+            "sg-111111111111"
+        ],
+        "RoleArn": "arn:aws:iam::111111111111:role/223_role_green",
+        "NetworkInterfaceId": "eni-0ae5966c44cf74adb",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 12,
+            "minute": 10,
+            "second": 46,
+            "microsecond": 991000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 12,
+            "minute": 6,
+            "second": 51,
+            "microsecond": 623000
+        },
+        "DirectInternetAccess": "Disabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al2-v2",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..08a8beed6
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "223-sagemaker-notebook-instance-green",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/223-sagemaker-notebook-instance-green",
+                "NotebookInstanceStatus": "InService",
+                "Url": "223-sagemaker-notebook-instance-green-3nsx.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 6,
+                    "second": 51,
+                    "microsecond": 623000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 10,
+                    "second": 46,
+                    "microsecond": 991000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..88370e0fe
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-223-ensure_that_sagemaker_in_vpc"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..5989e3bf5
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/223-sagemaker-notebook-instance-red",
+        "NotebookInstanceName": "223-sagemaker-notebook-instance-red",
+        "NotebookInstanceStatus": "Stopped",
+        "Url": "223-sagemaker-notebook-instance-red-xppl.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/223_role_red",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 12,
+            "minute": 10,
+            "second": 58,
+            "microsecond": 102000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 11,
+            "minute": 43,
+            "second": 18,
+            "microsecond": 812000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al2-v2",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..1ad1ef2fe
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "223-sagemaker-notebook-instance-red",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/223-sagemaker-notebook-instance-red",
+                "NotebookInstanceStatus": "Stopped",
+                "Url": "223-sagemaker-notebook-instance-red-xppl.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 43,
+                    "second": 18,
+                    "microsecond": 812000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 10,
+                    "second": 58,
+                    "microsecond": 102000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..05d5faf61
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-223-ensure_that_sagemaker_in_vpc"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/red_policy_test.py b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/red_policy_test.py
new file mode 100644
index 000000000..0fd1abb81
--- /dev/null
+++ b/tests/ecc-aws-223-ensure_that_sagemaker_in_vpc/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['SecurityGroups'])
+        base_test.assertEqual(resources[0] ['DirectInternetAccess'], 'Enabled')
\ No newline at end of file
diff --git a/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-green/ec2.DescribeSubnets_1.json b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-green/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..6d01ea065
--- /dev/null
+++ b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-green/ec2.DescribeSubnets_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "AvailabilityZoneId": "use1-az4",
+                "AvailableIpAddressCount": 251,
+                "CidrBlock": "10.0.1.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": false,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-ID",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-ARN"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-red/ec2.DescribeSubnets_1.json b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-red/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..d66116a95
--- /dev/null
+++ b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/placebo-red/ec2.DescribeSubnets_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1c",
+                "AvailabilityZoneId": "use1-az1",
+                "AvailableIpAddressCount": 251,
+                "CidrBlock": "10.0.1.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": true,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-ID",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-ARN"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red_policy_test.py b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red_policy_test.py
new file mode 100644
index 000000000..c825208b3
--- /dev/null
+++ b/tests/ecc-aws-231-vpc-subnets_automatic_public_ip_assignment/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0] ['MapPublicIpOnLaunch'])
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..7a03bc0fd
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/green-sagemaker-notebook-instance-232",
+        "NotebookInstanceName": "green-sagemaker-notebook-instance-232",
+        "NotebookInstanceStatus": "InService",
+        "Url": "green-sagemaker-notebook-instance-232.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SubnetId": "subnet-ID",
+        "SecurityGroups": [
+            "sg-GROUP"
+        ],
+        "RoleArn": "arn:aws:iam::111111111111:role/green-iam-role-232",
+        "NetworkInterfaceId": "eni-ID",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 6,
+            "day": 9,
+            "hour": 12,
+            "minute": 37,
+            "second": 57,
+            "microsecond": 963000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 6,
+            "day": 9,
+            "hour": 12,
+            "minute": 34,
+            "second": 25,
+            "microsecond": 3000
+        },
+        "DirectInternetAccess": "Disabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..a7492b355
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "green-sagemaker-notebook-instance-232",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/green-sagemaker-notebook-instance-232",
+                "NotebookInstanceStatus": "InService",
+                "Url": "green-sagemaker-notebook-instance-232.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 9,
+                    "hour": 12,
+                    "minute": 34,
+                    "second": 25,
+                    "microsecond": 3000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 9,
+                    "hour": 12,
+                    "minute": 37,
+                    "second": 57,
+                    "microsecond": 963000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..77560944d
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "Name",
+                "Value": "green-sagemaker-notebook-instance-232"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..9a89eae4d
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/red-sagemaker-notebook-instance-232",
+        "NotebookInstanceName": "red-sagemaker-notebook-instance-232",
+        "NotebookInstanceStatus": "InService",
+        "Url": "red-sagemaker-notebook-instance-232.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SubnetId": "subnet-ID",
+        "SecurityGroups": [
+            "sg-GROUP"
+        ],
+        "RoleArn": "arn:aws:iam::111111111111:role/red-iam-role-232",
+        "NetworkInterfaceId": "eni-ID",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 6,
+            "day": 9,
+            "hour": 12,
+            "minute": 48,
+            "second": 56,
+            "microsecond": 190000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 6,
+            "day": 9,
+            "hour": 12,
+            "minute": 44,
+            "second": 30,
+            "microsecond": 790000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..3e464c682
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "red-sagemaker-notebook-instance-232",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/red-sagemaker-notebook-instance-232",
+                "NotebookInstanceStatus": "InService",
+                "Url": "red-sagemaker-notebook-instance-232.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 9,
+                    "hour": 12,
+                    "minute": 44,
+                    "second": 30,
+                    "microsecond": 790000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 9,
+                    "hour": 12,
+                    "minute": 48,
+                    "second": 56,
+                    "microsecond": 190000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..4f44c7f41
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "Name",
+                "Value": "red-sagemaker-notebook-instance-232"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red_policy_test.py b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red_policy_test.py
new file mode 100644
index 000000000..8de69839c
--- /dev/null
+++ b/tests/ecc-aws-232-sagemaker_does_not_have_direct_internet_access/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['DirectInternetAccess'], 'Enabled')
\ No newline at end of file
diff --git a/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..22d1a582c
--- /dev/null
+++ b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 0
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..5c50d1711
--- /dev/null
+++ b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "AAAAAAAAA11111",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/AAAAAAAAA11111",
+                    "Status": "InProgress",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 14,
+                        "hour": 7,
+                        "minute": 8,
+                        "second": 59,
+                        "microsecond": 566000
+                    },
+                    "DomainName": "domain.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "red-s3-242.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": false,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d0eade82c
--- /dev/null
+++ b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red_policy_test.py b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red_policy_test.py
new file mode 100644
index 000000000..815dc8523
--- /dev/null
+++ b/tests/ecc-aws-237-cloudfront_web_distributions_use_custom_ssl_certificates/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0] ['ViewerCertificate'] ['CloudFrontDefaultCertificate'])
+        base_test.assertEqual(resources[0] ['ViewerCertificate'] ['CertificateSource'], 'cloudfront')
\ No newline at end of file
diff --git a/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..e98a08409
--- /dev/null
+++ b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,138 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "AAAAAAAAA11111",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/AAAAAAAAA11111",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 10,
+                        "hour": 8,
+                        "minute": 48,
+                        "second": 24,
+                        "microsecond": 47000
+                    },
+                    "DomainName": "domain.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "green-s3-238.s3.us-east-2.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "DE",
+                                "US",
+                                "GB",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d0eade82c
--- /dev/null
+++ b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..7f2fbc670
--- /dev/null
+++ b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 2,
+            "Items": [
+                {
+                    "Id": "AAAAAAAAA11111",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/AAAAAAAAA11111",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 10,
+                        "hour": 9,
+                        "minute": 1,
+                        "second": 57,
+                        "microsecond": 703000
+                    },
+                    "DomainName": "domain.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "red-s3-238.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d0eade82c
--- /dev/null
+++ b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red_policy_test.py b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red_policy_test.py
new file mode 100644
index 000000000..b7344b2fc
--- /dev/null
+++ b/tests/ecc-aws-238-cloudfront_web_distributions_with_geo_restriction_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['Restrictions'] ['GeoRestriction'] ['RestrictionType'], 'none')
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..7d68f4363
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/acb38716-1471-4264-bee8-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 10,
+                "hour": 13,
+                "minute": 40,
+                "second": 59,
+                "microsecond": 0
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..5e8d71bc4
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/acb38716-1471-4264-bee8-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..975bb3e9b
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/acb38716-1471-4264-bee8-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..d1bf4433e
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/23fecb4a-37e5-4c86-9aea-ARN",
+            "DomainName": "*.custodian.com",
+            "SubjectAlternativeNames": [
+                "*.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "*.custodian.com",
+                    "ValidationDomain": "*.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=*.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 10,
+                "hour": 13,
+                "minute": 8,
+                "second": 26,
+                "microsecond": 0
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..9ba12f441
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/23fecb4a-37e5-4c86-9aea-ARN",
+                "DomainName": "*.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..bd8285fbb
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/23fecb4a-37e5-4c86-9aea-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-240-acm_has_certificates_single_domain_names/red_policy_test.py b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/red_policy_test.py
new file mode 100644
index 000000000..1956b7888
--- /dev/null
+++ b/tests/ecc-aws-240-acm_has_certificates_single_domain_names/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn('*.', resources[0] ['Subject'])
\ No newline at end of file
diff --git a/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..678076790
--- /dev/null
+++ b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..1745eb4e2
--- /dev/null
+++ b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/0a1ff233-bfcb-488e-ba7c-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 10,
+                "hour": 15,
+                "minute": 24,
+                "second": 58,
+                "microsecond": 0
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..ecdd57ba4
--- /dev/null
+++ b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/0a1ff233-bfcb-488e-ba7c-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..be911dc7c
--- /dev/null
+++ b/tests/ecc-aws-241-acm_has_no_unused_certificates/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/0a1ff233-bfcb-488e-ba7c-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-241-acm_has_no_unused_certificates/red_policy_test.py b/tests/ecc-aws-241-acm_has_no_unused_certificates/red_policy_test.py
new file mode 100644
index 000000000..75d4a3cd4
--- /dev/null
+++ b/tests/ecc-aws-241-acm_has_no_unused_certificates/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0] ['InUseBy'])
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..3a3a28401
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,119 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E2LIIKRZHNIT9Z",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20210611085719874600000001",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "index.html",
+            "Origins": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "mygreenS3",
+                        "DomainName": "green-s3-242.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": "origin-access-identity/cloudfront/IDENTITY"
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 0
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "mygreenS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 7,
+                    "Items": [
+                        "HEAD",
+                        "DELETE",
+                        "POST",
+                        "GET",
+                        "OPTIONS",
+                        "PUT",
+                        "PATCH"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": true,
+                "IncludeCookies": true,
+                "Bucket": "green-s3-242.s3.amazonaws.com",
+                "Prefix": "myprefix"
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "none",
+                    "Quantity": 0
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..e2b94bd1b
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "AAAAAAAAA11111",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/AAAAAAAAA11111",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 11,
+                        "hour": 8,
+                        "minute": 57,
+                        "second": 20,
+                        "microsecond": 744000
+                    },
+                    "DomainName": "domain.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "mygreenS3",
+                                "DomainName": "green-s3-242.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": "origin-access-identity/cloudfront/IDENTITY"
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "mygreenS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d0eade82c
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..d2d598f40
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,119 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E3CK3FM81B1TAG",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20210611090245886500000002",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "index.html",
+            "Origins": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "myRedS3",
+                        "DomainName": "red-s3-242.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": ""
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 0
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "myRedS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 7,
+                    "Items": [
+                        "HEAD",
+                        "DELETE",
+                        "POST",
+                        "GET",
+                        "OPTIONS",
+                        "PUT",
+                        "PATCH"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": false,
+                "IncludeCookies": false,
+                "Bucket": "",
+                "Prefix": ""
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "none",
+                    "Quantity": 0
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..a6fd8d538
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "AAAAAAAAA11111",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/AAAAAAAAA11111",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 6,
+                        "day": 11,
+                        "hour": 9,
+                        "minute": 2,
+                        "second": 46,
+                        "microsecond": 520000
+                    },
+                    "DomainName": "domain.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "red-s3-242.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d0eade82c
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "Custodian"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-242-cloudfront_distribution_access_logging/red_policy_test.py b/tests/ecc-aws-242-cloudfront_distribution_access_logging/red_policy_test.py
new file mode 100644
index 000000000..0d83609d4
--- /dev/null
+++ b/tests/ecc-aws-242-cloudfront_distribution_access_logging/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0] ['c7n:distribution-config'] ['Logging'] ['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..7224c6123
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 13,
+                "minute": 19,
+                "second": 35,
+                "microsecond": 0
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..9d426855e
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d30ad27ae
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..0dc357776
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "VALIDATION_TIMED_OUT",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 13,
+                "minute": 19,
+                "second": 35,
+                "microsecond": 0
+            },
+            "Status": "VALIDATION_TIMED_OUT",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..9d426855e
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d30ad27ae
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/red_policy_test.py b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/red_policy_test.py
new file mode 100644
index 000000000..bf7f21ec7
--- /dev/null
+++ b/tests/ecc-aws-243-invalid_or_failed_certificates_are_removed_from_acm/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['Status'], 'VALIDATION_TIMED_OUT')
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..40c6454b4
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:12121212121121212121212121212121212:loadbalancer/app/green-alb-245/12121212121121212121212121212121212",
+                "DNSName": "green-alb-245-121212121.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "1212121211211212",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 6,
+                    "minute": 21,
+                    "second": 32,
+                    "microsecond": 140000
+                },
+                "LoadBalancerName": "green-alb-245",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-01212121211211212",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-01212121211211212",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-1212121211211212"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..741b2b0cc
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:12121212121121212121212121212121212:loadbalancer/app/green-alb-245/12121212121121212121212121212121212",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "production"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListResourcesForWebACL_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListResourcesForWebACL_1.json
new file mode 100644
index 000000000..27c9c1101
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListResourcesForWebACL_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceArns": [
+            "arn:aws:elasticloadbalancing:us-east-1:12121212121121212121212121212121212:loadbalancer/app/green-alb-245/12121212121121212121212121212121212"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListWebACLs_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListWebACLs_1.json
new file mode 100644
index 000000000..93bbd37db
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-green/waf-regional.ListWebACLs_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "NextMarker": "12121212121121212121212121212121212",
+        "WebACLs": [
+            {
+                "WebACLId": "12121212121121212121212121212121212",
+                "Name": "GreenWAFRegionalACL"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..7d720ccad
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:1212121211211212:loadbalancer/app/red-alb-245/1212121211211212",
+                "DNSName": "red-alb-245-1212121211211212.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "1212121211211212",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 6,
+                    "minute": 25,
+                    "second": 41,
+                    "microsecond": 640000
+                },
+                "LoadBalancerName": "red-alb-245",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-01212121211211212",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-01212121211211212",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-01212121211211212"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..b5fa6e0a5
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:1212121211211212:loadbalancer/app/red-alb-245/1212121211211212",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "production"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/waf-regional.ListWebACLs_1.json b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/waf-regional.ListWebACLs_1.json
new file mode 100644
index 000000000..de02a145a
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/placebo-red/waf-regional.ListWebACLs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACLs": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-245-alb_is_protected_by_waf_regional/red_policy_test.py b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/red_policy_test.py
new file mode 100644
index 000000000..7e6f724e0
--- /dev/null
+++ b/tests/ecc-aws-245-alb_is_protected_by_waf_regional/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        client = local_session.client('waf-regional')
+        WebACLs = client.list_web_acls().get('WebACLs', ())
+        base_test.assertFalse(WebACLs)
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..173105743
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "green247",
+            "UserId": "1212121121212",
+            "Arn": "arn:aws:iam::1212121121212:user/green247",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 11,
+                "minute": 48,
+                "second": 37,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUserPolicies_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUserPolicies_1.json
new file mode 100644
index 000000000..02a3e7bf2
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUserPolicies_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PolicyNames": [],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..703e7afc3
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "green247",
+                "UserId": "1212121121212",
+                "Arn": "arn:aws:iam::1212121121212:user/green247",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 11,
+                    "minute": 48,
+                    "second": 37,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..92c49abf1
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "red247",
+            "UserId": "1212121121212",
+            "Arn": "arn:aws:iam::1212121121212:user/red247",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 11,
+                "minute": 49,
+                "second": 42,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUserPolicies_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUserPolicies_1.json
new file mode 100644
index 000000000..1cffd4e2e
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUserPolicies_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "PolicyNames": [
+            "red247policy"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..ad306260e
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "red247",
+                "UserId": "1212121121212",
+                "Arn": "arn:aws:iam::1212121121212:user/red247",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 11,
+                    "minute": 49,
+                    "second": 42,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red_policy_test.py b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red_policy_test.py
new file mode 100644
index 000000000..0667146c7
--- /dev/null
+++ b/tests/ecc-aws-247-managed_policies_instead_of_inline_iam_policies/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['c7n:InlinePolicies'])
+
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..492c70434
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,98 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "248_security_group2_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 22,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [
+                            {
+                                "CidrIpv6": "::/0"
+                            }
+                        ],
+                        "PrefixListIds": [],
+                        "ToPort": 22,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [
+                            {
+                                "CidrIpv6": "::/0"
+                            }
+                        ],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            },
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "248_security_group1_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 22,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 22,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..fe506f0df
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,71 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "248_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/248_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 7,
+                "hour": 12,
+                "minute": 31,
+                "second": 42,
+                "microsecond": 213000
+            },
+            "version": "1.21",
+            "endpoint": "https://84815A44B645D8A81F3414313B8299F0.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/248_role_green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-06f7eaf99030d4c4a",
+                    "subnet-06f477f2a842ea355"
+                ],
+                "securityGroupIds": [
+                    "sg-08b25ebfdfad4e390",
+                    "sg-01ae3484b4f9cd6f2"
+                ],
+                "clusterSecurityGroupId": "sg-0ae28e513909b75cd",
+                "vpcId": "vpc-08d8ec720296562e8",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/84815A44B645D8A81F3414313B8299F0"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1UQXdOekE1TXpnME5Gb1hEVE14TVRBd05UQTVNemcwTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTVVNCkczSzNaRFFRaFZXL3pNdThWV0xRTm5lNHlLdW1mVzZLakJmVDZCdmR5cXlPeVlMZDJxQmZXRHNLeDlYdkVxUjMKN0ZmZUp0T3RpajRKUFd1K1hWdHM4QUhHdnJoMldkbHJSK1FUZnpNUS9nSDVYTVZ3dHFzVFdWVWY3VGc5UG1tdwo2UFJZZEtreFQ1blprMmJyVnoxY2dUMDh6TjN6OGc0ZDN6cHBPL1JQbUluaG9tdk5QNU16RXF2NEtULzZUa1lPCnl0eXREN3FLdTY1QkJEcVFBUDdYUDJZQk1DMisxQXhKUTNvbEw4NUVldEUzdWxmdEtoUUoxekY0MW9yeFlCUEgKRXVSZi9nOTFFbmNiSXFWbjgrVTd5cHpObWhOYlRFL3E5aElWR0Y3K2VKNUNNeWQ2b2V3MjlNY3VudTN0SGE5cApBQ2lpS2p4NCtheHd1UFJVV2IwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDR0ZUNnQzdDRsZ0kxVzIxUmhreDFWRDhNVXBNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBNFlJcVROeU5pRXE5d0lET0VpQmxwTVhEeFNEUVFWTXpnb3d6UmJkaFZLSDBEUmJTcgplS3RIck93ZzRodkNhcjlOQ05xNVJjWEk1UkljS3JVOGtMR2U1YnVOVHRoUHBtWXRDU0Z1eU41Ym45S2dJZGNqCnhkaXJYOUZoZVpYakFScVR0bFQyUTZrRXVCUlZwYUtSWk9mSzFGaktxc09DOUJmdUtyVnA3aFQxdmJqVmpPUmIKVmpzVWIyVGR3eEROc0RUSy9sSWgrOWN0Rno4WCtSUjIyYno0S1RBQVIvREcvMElyZytZVmtiUkg4dDZDRXo5VQo1R3Q0WER5MlBON01ic3B4UklCS3ZOeGoxZ3lUYnpoUStPaXBDTk1iYlZxQkN6elJ4aTZQbnRZRXdkZEVIWjBlCjQyUnFOUFN2elFGWmZBQjM5aDdZOGd4RGpyN25vN0c3S1VveQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.2",
+            "tags": {
+                "CustodianRule": "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..9be337214
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "248_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..bc77ece9c
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "248_security_group_red",
+                "IpPermissions": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..d0202da38
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,70 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "248_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/248_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 7,
+                "hour": 15,
+                "minute": 2,
+                "second": 38,
+                "microsecond": 13000
+            },
+            "version": "1.21",
+            "endpoint": "https://F52522A12DC304AF56124F1D7F558ABF.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/248_role_red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-02b02c814fda4def8",
+                    "subnet-0b4f0c7654cb8daf6"
+                ],
+                "securityGroupIds": [
+                    "sg-0dea57c02c3960acc"
+                ],
+                "clusterSecurityGroupId": "sg-09274d8bf608494fc",
+                "vpcId": "vpc-0a4ba19e2f204826f",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/F52522A12DC304AF56124F1D7F558ABF"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1UQXdOekV5TURrME0xb1hEVE14TVRBd05URXlNRGswTTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDg4CjMzbExaYjRyZmVoQzhSOVMrWTNHVW5aUlZjMHorb0VLL0RSMTY3R2R4N01HV09kUHU1OHJ3cy9CcHFrcDFNS08KL09FNXZLZ2lZYkVFMVhNckJCMTNWcDRWWjRuenhtMU9VaHdEU0NQNTJPWjNlRkVramRoVkMxbmU2ek16Y2NQagpQWXA1Y3lTZDdRTnhpd1JxSEpLUUtXVlJhSnBwOTV1dFNPUzRCQWhHdzFWcVZVUlY0b3VBS2lMaHVsaW0yVHN2CjhpRlArREY5RUhXbEFMZFp3RzlsVjFMTlA2Nmd6V2tpdEhJQXJGNWNGTk1yRTgvT0xrcUFkZlRRUkJnc1g1VEQKRnFWajVxNkNISm03SnF0K3F4SGxMMHFDeUxBMU1qQ3hCY0RkQmgwV0t1N3YxWENIL1VxWXlneDJwVm1McGZGZApBTHdpM1hiWHJkOTRPZjhGaTNzQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBaCtkUFhGeWgzUCtiMHZhcFpuNTE3cUFyL1VNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFBYXhHeHlaZDFaUG9zd1YxRzczeWlSVXZYVkVXdm9YSTVNMi9qSXhna3NYVXRkWFRSTwpxYytGZVluc1RuTEI3bWFHa0J4YmFCeCsxUDNtQ2ZKZG9rZVZCK21nNzFHcXU1Y2NiczJ5SGRvSEd0MjV1WEsvCk1oVnQxdXR1UkhxV3hxSmI1bXNCbHFQa3JJUERVdkJxcEVocDFTUkNhclQ3YUE5M2oxSll0eU1hSXEzMlZ1dVEKeDdDRTJ6UVJ2NEZSekF6RnNCQThud3NLTnV3OGFNUDZIYU9QOEQ3TVVuU2QyZm1wYjJqcXZGQjRUN3I2OHEwbgpTYVVkVEpqMUZTb0M3RmozcHFsN2VqSytmNkRtdDg1bVZTWURTcVlSM25wdEwyT0RWajQwYkw4eHRVaHQ4aDVIClpueWJ3TUVvSkxURE1kQU9CaW9TeHE1YXlXWXlFZjRxcG5KOAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.2",
+            "tags": {
+                "CustodianRule": "ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..cc70d39f8
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "248_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red_policy_test.py b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red_policy_test.py
new file mode 100644
index 000000000..1bd5da479
--- /dev/null
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        vpc=resources[0]["resourcesVpcConfig"]["vpcId"]
+        ec2_client = local_session.client("ec2")  
+        security_goups = ec2_client.describe_security_groups(GroupIds=resources[0]["resourcesVpcConfig"]["securityGroupIds"])
+        base_test.assertEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["IpRanges"][0]["CidrIp"], "0.0.0.0/0")
+        base_test.assertEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["IpProtocol"], "-1")
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..7224c6123
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 13,
+                "minute": 19,
+                "second": 35,
+                "microsecond": 0
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..9d426855e
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d30ad27ae
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/3738d99d-e674-49f8-a215-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..1f089a7da
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:6:certificate/3738d99d-e674-49f8-a215-ARN",
+            "DomainName": "aws.custodian.com",
+            "SubjectAlternativeNames": [
+                "aws.custodian.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "aws.custodian.com",
+                    "ValidationDomain": "aws.custodian.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_NAME.aws.custodian.com.",
+                        "Type": "CNAME",
+                        "Value": "_VALUE.xrchbtpdjs.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=aws.custodian.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 14,
+                "hour": 13,
+                "minute": 19,
+                "second": 35,
+                "microsecond": 0
+            },
+            "Status": "EXPIRED",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..f649acdb5
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:6:certificate/3738d99d-e674-49f8-a215-ARN",
+                "DomainName": "aws.custodian.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..3f1b3f854
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:6:certificate/3738d99d-e674-49f8-a215-ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/red_policy_test.py b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/red_policy_test.py
new file mode 100644
index 000000000..bd642775e
--- /dev/null
+++ b/tests/ecc-aws-249-expired_certificates_are_removed_from_acm/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['Status'], 'EXPIRED')
\ No newline at end of file
diff --git a/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..72c227ef0
--- /dev/null
+++ b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "123",
+                "name": "GreenAPI250",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 15,
+                    "hour": 8,
+                    "minute": 3,
+                    "second": 35,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "PRIVATE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..bf7ea0ba5
--- /dev/null
+++ b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "1212121121212",
+                "name": "RedAPI250a",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 15,
+                    "hour": 8,
+                    "minute": 13,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/red_policy_test.py b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/red_policy_test.py
new file mode 100644
index 000000000..dd0948673
--- /dev/null
+++ b/tests/ecc-aws-250-rest_api_gateway_is_set_to_private/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['endpointConfiguration']['types'], ['EDGE'])
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetMethod_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetMethod_1.json
new file mode 100644
index 000000000..8ec6e95aa
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetMethod_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "httpMethod": "GET",
+        "authorizationType": "NONE",
+        "apiKeyRequired": true
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetResources_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetResources_1.json
new file mode 100644
index 000000000..a0693536b
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetResources_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "1212121121212",
+                "path": "/"
+            },
+            {
+                "id": "1212121121212",
+                "parentId": "1212121121212",
+                "pathPart": "mydemoresource",
+                "path": "/mydemoresource",
+                "resourceMethods": {
+                    "GET": {}
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..0b6620b9a
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "1212121121212",
+                "name": "GreenAPI251",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 12,
+                    "minute": 24,
+                    "second": 11,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetMethod_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetMethod_1.json
new file mode 100644
index 000000000..0b64c10ce
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetMethod_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "httpMethod": "GET",
+        "authorizationType": "NONE",
+        "apiKeyRequired": false
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetResources_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetResources_1.json
new file mode 100644
index 000000000..08b39aac6
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetResources_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "1212121121212",
+                "path": "/"
+            },
+            {
+                "id": "m9s9cn",
+                "parentId": "1212121121212",
+                "pathPart": "mydemoresource",
+                "path": "/mydemoresource",
+                "resourceMethods": {
+                    "GET": {}
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..0b936e16d
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "1212121121212",
+                "name": "RedAPI251",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 12,
+                    "minute": 24,
+                    "second": 52,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-251-api_key_is_required_on_method_request/red_policy_test.py b/tests/ecc-aws-251-api_key_is_required_on_method_request/red_policy_test.py
new file mode 100644
index 000000000..04f0f507a
--- /dev/null
+++ b/tests/ecc-aws-251-api_key_is_required_on_method_request/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:matched-resource-methods'][0]['apiKeyRequired'], False)
+
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.DescribeStream_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..dfcfe77d1
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.DescribeStream_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "green-kinesis-stream-253",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/green-kinesis-stream-253",
+            "StreamStatus": "ACTIVE",
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211456"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49619231234226791137773785639408256798395577885299572739"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 15,
+                "hour": 13,
+                "minute": 6,
+                "second": 30,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "KMS",
+            "KeyId": "7cf33a04-34e6-43fc-9658-ID"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.ListStreams_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..ef3c0a1dc
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "green-kinesis-stream-253"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..db91c4c41
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/green-kinesis-stream-253",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.DescribeStream_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..6288ac85a
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.DescribeStream_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "red-kinesis-stream-253",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/red-kinesis-stream-253",
+            "StreamStatus": "ACTIVE",
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211456"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49619231434755091962961148928097435506049683167421399043"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 15,
+                "hour": 13,
+                "minute": 15,
+                "second": 52,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "KMS",
+            "KeyId": "alias/aws/kinesis"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.ListStreams_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..356cb70bd
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "red-kinesis-stream-253"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..1c6663682
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/red-kinesis-stream-253",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red_policy_test.py b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red_policy_test.py
new file mode 100644
index 000000000..a68d3898a
--- /dev/null
+++ b/tests/ecc-aws-253-kinesis_streams_encrypted_kms_customer_master_keys/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['KeyId'], 'alias/aws/kinesis')
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.DescribeStream_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..cd5528a97
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.DescribeStream_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "green-kinesis-stream-254",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/green-kinesis-stream-254",
+            "StreamStatus": "ACTIVE",
+            "Shards": [
+                {
+                    "ShardId": "shardId-6",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211456"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49619234690307079025255637622047731820348716252972187651"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 15,
+                "hour": 15,
+                "minute": 47,
+                "second": 56,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "KMS",
+            "KeyId": "a96d43db-f2b2-4a47-8f5b-ID"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.ListStreams_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..353a6b33f
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "green-kinesis-stream-254"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..e532907a0
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/green-kinesis-stream-254",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.DescribeStream_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..3c0415e6f
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.DescribeStream_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "red-kinesis-stream-254",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/red-kinesis-stream-254",
+            "StreamStatus": "ACTIVE",
+            "Shards": [
+                {
+                    "ShardId": "shardId-6",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211456"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49619234775585128664436740515280318494956067075796238339"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 15,
+                "hour": 15,
+                "minute": 51,
+                "second": 55,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "NONE"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.ListStreams_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..663b0ac98
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "red-kinesis-stream-254"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f12b16b3c
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/red-kinesis-stream-254",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "test"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red_policy_test.py b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red_policy_test.py
new file mode 100644
index 000000000..67882362f
--- /dev/null
+++ b/tests/ecc-aws-254-kinesis_server_data_at_rest_has_sse/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['EncryptionType'], 'NONE')
\ No newline at end of file
diff --git a/tests/ecc-aws-255-restrict_outbound_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-255-restrict_outbound_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..626d9d0fc
--- /dev/null
+++ b/tests/ecc-aws-255-restrict_outbound_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,50 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "green-allow-http-255",
+                "IpPermissions": [
+                    {
+                        "FromPort": 80,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16",
+                                "Description": "HTTP from VPC"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 80,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "allow_http"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-255-restrict_outbound_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-255-restrict_outbound_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..86d32d923
--- /dev/null
+++ b/tests/ecc-aws-255-restrict_outbound_traffic/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,50 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "red-allow-http-255",
+                "IpPermissions": [
+                    {
+                        "FromPort": 80,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16",
+                                "Description": "HTTP from VPC"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 80,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "allow_http"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-255-restrict_outbound_traffic/red_policy_test.py b/tests/ecc-aws-255-restrict_outbound_traffic/red_policy_test.py
new file mode 100644
index 000000000..81abdeb26
--- /dev/null
+++ b/tests/ecc-aws-255-restrict_outbound_traffic/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['IpPermissionsEgress'][0] ['IpRanges'][0] ['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.DescribeTable_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..c50d2508b
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.DescribeTable_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "green-dynamodb-table-256",
+            "KeySchema": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 16,
+                "hour": 13,
+                "minute": 30,
+                "second": 59,
+                "microsecond": 325000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 0,
+                "WriteCapacityUnits": 0
+            },
+            "TableSizeBytes": 0,
+            "ItemCount": 0,
+            "TableArn": "arn:aws:dynamodb:us-east-1:111111111111:table/green-dynamodb-table-256",
+            "TableId": "a448b77e-08d5-4a58-8f3b-ID",
+            "BillingModeSummary": {
+                "BillingMode": "PAY_PER_REQUEST",
+                "LastUpdateToPayPerRequestDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 16,
+                    "hour": 13,
+                    "minute": 30,
+                    "second": 59,
+                    "microsecond": 325000
+                }
+            },
+            "StreamSpecification": {
+                "StreamEnabled": true,
+                "StreamViewType": "NEW_AND_OLD_IMAGES"
+            },
+            "LatestStreamLabel": "2021-06-16T10:30:59.325",
+            "LatestStreamArn": "arn:aws:dynamodb:us-east-1:111111111111:table/green-dynamodb-table-256/stream/2021-06-16T10:30:59.325",
+            "SSEDescription": {
+                "Status": "ENABLED",
+                "SSEType": "KMS",
+                "KMSMasterKeyArn": "arn:aws:kms:us-east-1:111111111111:key/2cca3f03-54ca-40ff-9daf-ARN"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.ListTables_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..b34b9bd98
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "green-dynamodb-table-256"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.DescribeTable_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..5f5ea1150
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.DescribeTable_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "RedTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "red-dynamodb-table-256",
+            "KeySchema": [
+                {
+                    "AttributeName": "RedTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 16,
+                "hour": 13,
+                "minute": 49,
+                "second": 36,
+                "microsecond": 954000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 0,
+                "WriteCapacityUnits": 0
+            },
+            "TableSizeBytes": 0,
+            "ItemCount": 0,
+            "TableArn": "arn:aws:dynamodb:us-east-1:111111111111:table/red-dynamodb-table-256",
+            "TableId": "c458852f-d412-44c9-8c2e-ID",
+            "BillingModeSummary": {
+                "BillingMode": "PAY_PER_REQUEST",
+                "LastUpdateToPayPerRequestDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 16,
+                    "hour": 13,
+                    "minute": 49,
+                    "second": 36,
+                    "microsecond": 954000
+                }
+            },
+            "StreamSpecification": {
+                "StreamEnabled": true,
+                "StreamViewType": "NEW_AND_OLD_IMAGES"
+            },
+            "LatestStreamLabel": "2021-06-16T10:49:36.954",
+            "LatestStreamArn": "arn:aws:dynamodb:us-east-1:111111111111:table/red-dynamodb-table-256/stream/2021-06-16T10:49:36.954"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.ListTables_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..03b2e4d16
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "red-dynamodb-table-256"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red_policy_test.py b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red_policy_test.py
new file mode 100644
index 000000000..14bbb6506
--- /dev/null
+++ b/tests/ecc-aws-256-dynamodb_is_encrypted_using_managed_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('SSEDescription.SSEType', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-257-efs_is_encrypted/placebo-green/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-257-efs_is_encrypted/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..09374427b
--- /dev/null
+++ b/tests/ecc-aws-257-efs_is_encrypted/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "green-efs-token-257",
+                "FileSystemId": "fs-5d6cfbe9",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ARN",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 13,
+                    "minute": 40,
+                    "second": 19,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "Name": "green-efs-257",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/0e40d409-d949-4dd4-b719-ID",
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "green-efs-257"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-257-efs_is_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-257-efs_is_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..99244d3b7
--- /dev/null
+++ b/tests/ecc-aws-257-efs_is_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ARN",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "green-efs-257"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-257-efs_is_encrypted/placebo-red/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-257-efs_is_encrypted/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..1efb36aac
--- /dev/null
+++ b/tests/ecc-aws-257-efs_is_encrypted/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "red-efs-token-257",
+                "FileSystemId": "fs-a06afd14",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ARN",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 13,
+                    "minute": 45,
+                    "second": 18,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "Name": "red-efs-257",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": false,
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "red-efs-257"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-257-efs_is_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-257-efs_is_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..bb42ee983
--- /dev/null
+++ b/tests/ecc-aws-257-efs_is_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ARN",
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "red-efs-257"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-257-efs_is_encrypted/red_policy_test.py b/tests/ecc-aws-257-efs_is_encrypted/red_policy_test.py
new file mode 100644
index 000000000..6da73cf80
--- /dev/null
+++ b/tests/ecc-aws-257-efs_is_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0] ['Encrypted'])
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..40a8eec26
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "258_efs_green",
+                "FileSystemId": "fs-94819520",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-94819520",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 14,
+                    "minute": 36,
+                    "second": 15,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/9e5eca23-bf40-4743-955d-0a703b0b115a",
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..bf68a1428
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "9e5eca23-bf40-4743-955d-0a703b0b115a",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/9e5eca23-bf40-4743-955d-0a703b0b115a",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 9,
+                "day": 28,
+                "hour": 14,
+                "minute": 36,
+                "second": 5,
+                "microsecond": 420000
+            },
+            "Enabled": true,
+            "Description": "258_kms_key_green",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..1ebcd0c7e
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/258_kms_key_green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/258_kms_key_green",
+                "TargetKeyId": "9e5eca23-bf40-4743-955d-0a703b0b115a"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..bc88d1f2b
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-94819520",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_2.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_2.json
new file mode 100644
index 000000000..9c9b75068
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-green/tagging.GetResources_2.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/9e5eca23-bf40-4743-955d-0a703b0b115a",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..83e8ccfd9
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "258_efs_red",
+                "FileSystemId": "fs-ae8a9e1a",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ae8a9e1a",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 15,
+                    "minute": 18,
+                    "second": 3,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/f1222765-672a-4ed9-9390-5dad09bbfd84",
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..b6868c311
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "f1222765-672a-4ed9-9390-5dad09bbfd84",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/f1222765-672a-4ed9-9390-5dad09bbfd84",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 3,
+                "day": 12,
+                "hour": 14,
+                "minute": 21,
+                "second": 11,
+                "microsecond": 513000
+            },
+            "Enabled": true,
+            "Description": "Default master key that protects my EFS filesystems when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..d0ce22d1a
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/elasticfilesystem",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/elasticfilesystem",
+                "TargetKeyId": "f1222765-672a-4ed9-9390-5dad09bbfd84"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..514defd13
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-ae8a9e1a",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-258-efs_is_encrypted_using_managed_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red_policy_test.py b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red_policy_test.py
new file mode 100644
index 000000000..bb69a399f
--- /dev/null
+++ b/tests/ecc-aws-258-efs_is_encrypted_using_managed_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0] ["Encrypted"])
+        kms_key_client = local_session.client("kms")
+        key = kms_key_client.describe_key(KeyId=resources[0]["KmsKeyId"])
+        base_test.assertNotEqual(key["KeyMetadata"]["KeyManager"], "CUSTOMER")
diff --git a/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..a111bd65c
--- /dev/null
+++ b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "green-elasticache-redis-259",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.0.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1e",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 1,
+                    "second": 7,
+                    "microsecond": 859000
+                },
+                "PreferredMaintenanceWindow": "thu:07:30-thu:08:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "green-elasticache-replication-group-259",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "08:30-09:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": true,
+                "ARN": "arn:aws:elasticache:us-east-1:1212121121212:cluster:green-elasticache-redis-259"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..47f5a1961
--- /dev/null
+++ b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "red-elasticache-redis-259",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.0.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1b",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 9,
+                    "minute": 50,
+                    "second": 15,
+                    "microsecond": 104000
+                },
+                "PreferredMaintenanceWindow": "sat:03:30-sat:04:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "red-elasticache-replication-group-259",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "07:00-08:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:1212121121212:cluster:red-elasticache-redis-259"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red_policy_test.py b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red_policy_test.py
new file mode 100644
index 000000000..b42543dc2
--- /dev/null
+++ b/tests/ecc-aws-259-elasticache_redis_clusters_encryption_at_rest/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AtRestEncryptionEnabled'])
diff --git a/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..0039e22ff
--- /dev/null
+++ b/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,80 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "green-redshift-260",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "c7n",
+                "DBName": "mydb",
+                "Endpoint": {
+                    "Address": "1212121121212",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 13,
+                    "second": 11,
+                    "microsecond": 367000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-1212121121212",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "sat:10:30-sat:11:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": true,
+                "ClusterPublicKey": "ssh-rsa 12121211212121212121121212 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "1212121121212",
+                        "PublicIPAddress": "1212121121212"
+                    }
+                ],
+                "ClusterRevisionNumber": "27747",
+                "Tags": [],
+                "KmsKeyId": "arn:aws:kms:us-east-1:1212121121212:key/1212121121212",
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 19,
+                    "hour": 10,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..ed59ed71c
--- /dev/null
+++ b/tests/ecc-aws-260-redshift_instances_are_encrypted/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "red-redshift-260",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "c7n",
+                "DBName": "mydb",
+                "Endpoint": {
+                    "Address": "1212121121212",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 17,
+                    "second": 1,
+                    "microsecond": 812000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-1212121121212",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "sun:04:30-sun:05:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "1212121121212 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "1212121121212",
+                        "PublicIPAddress": "1212121121212"
+                    }
+                ],
+                "ClusterRevisionNumber": "27747",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 20,
+                    "hour": 4,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-260-redshift_instances_are_encrypted/red_policy_test.py b/tests/ecc-aws-260-redshift_instances_are_encrypted/red_policy_test.py
new file mode 100644
index 000000000..94a08d139
--- /dev/null
+++ b/tests/ecc-aws-260-redshift_instances_are_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Encrypted'])
diff --git a/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..cc19e014b
--- /dev/null
+++ b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "greendb",
+                "DBClusterIdentifier": "green-rds-261",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 9,
+                    "second": 17,
+                    "microsecond": 851000
+                },
+                "Endpoint": "green-rds-261.1212121121212",
+                "ReaderEndpoint": "green-rds-261.1212121121212",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 9,
+                    "second": 17,
+                    "microsecond": 851000
+                },
+                "Port": 3306,
+                "MasterUsername": "c7n",
+                "PreferredBackupWindow": "07:26-07:56",
+                "PreferredMaintenanceWindow": "mon:05:24-mon:05:54",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "1212121121212",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:1212121121212:key/1212121121212",
+                "DbClusterResourceId": "cluster-1212121121212",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1212121121212:cluster:green-rds-261",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 8,
+                    "second": 36,
+                    "microsecond": 79000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..bbef3bf73
--- /dev/null
+++ b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "reddb",
+                "DBClusterIdentifier": "red-rds-261",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 11,
+                    "second": 48,
+                    "microsecond": 904000
+                },
+                "Endpoint": "red-rds-261.1212121121212",
+                "ReaderEndpoint": "red-rds-261.1212121121212",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 11,
+                    "second": 48,
+                    "microsecond": 904000
+                },
+                "Port": 3306,
+                "MasterUsername": "c7n",
+                "PreferredBackupWindow": "10:03-10:33",
+                "PreferredMaintenanceWindow": "fri:08:06-fri:08:36",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-QKLTPJ7S7TNYYF53D3D4BHXU5A",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1212121121212:cluster:red-rds-261",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 10,
+                    "second": 59,
+                    "microsecond": 582000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/red_policy_test.py b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/red_policy_test.py
new file mode 100644
index 000000000..9e583a364
--- /dev/null
+++ b/tests/ecc-aws-261-rds_cluster_storage_is_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['StorageEncrypted'])
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/green_policy_test.py b/tests/ecc-aws-262-expired_route53_domain_names/green_policy_test.py
new file mode 100644
index 000000000..76b133d71
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2023, 1, 17
\ No newline at end of file
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListDomains_1.json b/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..f61b1637b
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/placebo-green/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListDomains_1.json b/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..0cca65707
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 1,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/placebo-red/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-262-expired_route53_domain_names/red_policy_test.py b/tests/ecc-aws-262-expired_route53_domain_names/red_policy_test.py
new file mode 100644
index 000000000..edb5214e6
--- /dev/null
+++ b/tests/ecc-aws-262-expired_route53_domain_names/red_policy_test.py
@@ -0,0 +1,11 @@
+from datetime import datetime
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+
+        ExparationDate=datetime.fromisoformat(str(resources[0]['Expiry']))
+        ExparationDate = datetime.strptime(str(ExparationDate)[:-6], "%Y-%m-%d %H:%M:%S.%f")
+        time_now = datetime.now()
+        base_test.assertTrue(ExparationDate<time_now)
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..05191dd52
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": "green-elb-logs-263"
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..b8b97b1ee
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/green-alb-263/ARN",
+                "DNSName": "green-alb-263-1005614656.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 13,
+                    "minute": 42,
+                    "second": 55,
+                    "microsecond": 0
+                },
+                "LoadBalancerName": "green-alb-263",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-ID"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..eb4ce4d52
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/green-alb-263/ARN",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..3a7d228f7
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": ""
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..bfa2cbd6b
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/red-alb-263/ARN",
+                "DNSName": "red-alb-263-863613180.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 13,
+                    "minute": 52,
+                    "second": 22,
+                    "microsecond": 590000
+                },
+                "LoadBalancerName": "red-alb-263",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-ID"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..90c14c2bd
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/red-alb-263/ARN",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-263-enable_elb_access_logs/red_policy_test.py b/tests/ecc-aws-263-enable_elb_access_logs/red_policy_test.py
new file mode 100644
index 000000000..e45f67645
--- /dev/null
+++ b/tests/ecc-aws-263-enable_elb_access_logs/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0] ['Attributes'] ['access_logs.s3.enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeListeners_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeListeners_1.json
new file mode 100644
index 000000000..e4fc58133
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeListeners_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Listeners": [
+            {
+                "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:listener/net/nlb-264-green/0e1212906f607704/4a684aae1066ee1c",
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-264-green/0e1212906f607704",
+                "Port": 443,
+                "Protocol": "TLS",
+                "Certificates": [
+                    {
+                        "CertificateArn": "arn:aws:iam::111111111111:server-certificate/264_certificate_green"
+                    }
+                ],
+                "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
+                "DefaultActions": [
+                    {
+                        "Type": "forward",
+                        "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/lb-target-group-264-green/6560eddb6cb0d962",
+                        "Order": 1,
+                        "ForwardConfig": {
+                            "TargetGroups": [
+                                {
+                                    "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/lb-target-group-264-green/6560eddb6cb0d962"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..aeacaec68
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-264-green/0e1212906f607704",
+                "DNSName": "nlb-264-green-0e1212906f607704.elb.us-east-1.amazonaws.com",
+                "CanonicalHostedZoneId": "Z26RNL4JYFTOTI",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 2,
+                    "hour": 12,
+                    "minute": 23,
+                    "second": 13,
+                    "microsecond": 326000
+                },
+                "LoadBalancerName": "nlb-264-green",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "network",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-06aea26f69a40dac5",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-05d5ae6b493377522",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..9333747b2
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-264-green/0e1212906f607704",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-264-update_security_policy_of_network_load_balancer"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_1.json
new file mode 100644
index 000000000..c04db2c50
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Listeners": [
+            {
+                "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:listener/net/red-nlb-264/c9b5c5745a57f887/ARN",
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/red-nlb-264/ARN",
+                "Port": 443,
+                "Protocol": "TLS",
+                "Certificates": [
+                    {
+                        "CertificateArn": "arn:aws:iam::6:server-certificate/some_test_cert"
+                    }
+                ],
+                "SslPolicy": "ELBSecurityPolicy-2016-08",
+                "DefaultActions": [
+                    {
+                        "Type": "forward",
+                        "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/red-nlb-target-group-264/ARN",
+                        "Order": 1,
+                        "ForwardConfig": {
+                            "TargetGroups": [
+                                {
+                                    "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/red-nlb-target-group-264/ARN"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_2.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_2.json
new file mode 100644
index 000000000..25cace57b
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeListeners_2.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Listeners": [
+            {
+                "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:listener/net/red-nlb-264/c9b5c5745a57f887/ARN",
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/red-nlb-264/ARN",
+                "Port": 443,
+                "Protocol": "TLS",
+                "Certificates": [
+                    {
+                        "CertificateArn": "arn:aws:iam::111111111111:server-certificate/some_test_cert"
+                    }
+                ],
+                "SslPolicy": "ELBSecurityPolicy-2016-08",
+                "DefaultActions": [
+                    {
+                        "Type": "forward",
+                        "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/red-nlb-target-group-264/ARN",
+                        "Order": 1,
+                        "ForwardConfig": {
+                            "TargetGroups": [
+                                {
+                                    "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/red-nlb-target-group-264/ARN"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..573873598
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/red-nlb-264/ARN",
+                "DNSName": "red-nlb-264-c9b5c5745a57f888.elb.us-east-1.amazonaws.com",
+                "CanonicalHostedZoneId": "Z26RNL4JYFTOTI",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 7,
+                    "second": 48,
+                    "microsecond": 401000
+                },
+                "LoadBalancerName": "red-nlb-264",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "network",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-ID",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..d2df7a9c9
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/red-nlb-264/ARN",
+                "Tags": [
+                    {
+                        "Key": "Environment",
+                        "Value": "production"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/red_policy_test.py b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/red_policy_test.py
new file mode 100644
index 000000000..daab77075
--- /dev/null
+++ b/tests/ecc-aws-264-update_security_policy_of_network_load_balancer/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['c7n:MatchedListeners'][0] ['SslPolicy'], 'ELBSecurityPolicy-2016-08')
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetDetector_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetDetector_1.json
new file mode 100644
index 000000000..0ed1c73ca
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetDetector_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "CreatedAt": "2021-06-18T07:31:20.362Z",
+        "FindingPublishingFrequency": "SIX_HOURS",
+        "ServiceRole": "arn:aws:iam::111111111111:role/aws-service-role/guardduty.amazonaws.com/AWSServiceRoleForAmazonGuardDuty",
+        "Status": "ENABLED",
+        "UpdatedAt": "2021-06-18T07:31:20.362Z",
+        "DataSources": {
+            "CloudTrail": {
+                "Status": "ENABLED"
+            },
+            "DNSLogs": {
+                "Status": "ENABLED"
+            },
+            "FlowLogs": {
+                "Status": "ENABLED"
+            },
+            "S3Logs": {
+                "Status": "ENABLED"
+            }
+        },
+        "Tags": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetMasterAccount_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetMasterAccount_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.GetMasterAccount_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.ListDetectors_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.ListDetectors_1.json
new file mode 100644
index 000000000..7d3224c32
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/guardduty.ListDetectors_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DetectorIds": [
+            "111111111111"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..384ece3f3
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/guardduty.ListDetectors_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/guardduty.ListDetectors_1.json
new file mode 100644
index 000000000..36891f8e1
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/guardduty.ListDetectors_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DetectorIds": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..384ece3f3
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-267-guardduty_service_is_enabled/red_policy_test.py b/tests/ecc-aws-267-guardduty_service_is_enabled/red_policy_test.py
new file mode 100644
index 000000000..249a51d00
--- /dev/null
+++ b/tests/ecc-aws-267-guardduty_service_is_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('"Status": "ENABLED"', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..35b40d087
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,false,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 5,
+            "day": 6,
+            "hour": 11,
+            "minute": 28,
+            "second": 55,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..f271656f9
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,true,true,true,true,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2021,
+            "month": 5,
+            "day": 6,
+            "hour": 11,
+            "minute": 28,
+            "second": 55,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
new file mode 100644
index 000000000..bdd605b12
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['c7n:credential-report']['access_keys'][0]['last_used_date'])
+        base_test.assertTrue(resources[0]['c7n:credential-report']['password_last_used'])
+
+        
diff --git a/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/access-analyzer.ListAnalyzers_1.json b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/access-analyzer.ListAnalyzers_1.json
new file mode 100644
index 000000000..cb7dca411
--- /dev/null
+++ b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/access-analyzer.ListAnalyzers_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "analyzers": [
+            {
+                "arn": "arn:aws:access-analyzer:us-east-1:121212121211:analyzer/green-276",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 26,
+                    "second": 16,
+                    "microsecond": 0
+                },
+                "lastResourceAnalyzed": "arn:aws:iam::121212121211:role/test-rule",
+                "lastResourceAnalyzedAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 26,
+                    "second": 17,
+                    "microsecond": 40000
+                },
+                "name": "green-276",
+                "status": "ACTIVE",
+                "tags": {},
+                "type": "ACCOUNT"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/access-analyzer.ListAnalyzers_1.json b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/access-analyzer.ListAnalyzers_1.json
new file mode 100644
index 000000000..d8b64b680
--- /dev/null
+++ b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/access-analyzer.ListAnalyzers_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "analyzers": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-276-iam_access_analyzer_is_enabled/red_policy_test.py b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/red_policy_test.py
new file mode 100644
index 000000000..7014e636d
--- /dev/null
+++ b/tests/ecc-aws-276-iam_access_analyzer_is_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('c7n:matched-analyzers', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..08ee4c762
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "green-user-195",
+            "UserId": "1231231812121212121212",
+            "Arn": "arn:aws:iam::123123181212:user/green-user-195",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 5,
+                "day": 20,
+                "hour": 11,
+                "minute": 16,
+                "second": 24,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListAccessKeys_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListAccessKeys_1.json
new file mode 100644
index 000000000..393f7b791
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListAccessKeys_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccessKeyMetadata": [
+            {
+                "UserName": "green-user-195",
+                "AccessKeyId": "1231231812121212121212",
+                "Status": "Active",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 11,
+                    "minute": 16,
+                    "second": 24,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..e07b87a61
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "green-user-195",
+                "UserId": "1231231812121212121212",
+                "Arn": "arn:aws:iam::123123181212:user/green-user-195",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 11,
+                    "minute": 16,
+                    "second": 24,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..36b5e3a18
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "277_user_red",
+            "UserId": "1231231812121212121212",
+            "Arn": "arn:aws:iam::111111111111:user/277_user_red",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 28,
+                "hour": 11,
+                "minute": 39,
+                "second": 48,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListAccessKeys_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListAccessKeys_1.json
new file mode 100644
index 000000000..2139bae72
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListAccessKeys_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccessKeyMetadata": [
+            {
+                "UserName": "277_user_red",
+                "AccessKeyId": "1231231812121212121212",
+                "Status": "Active",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 39,
+                    "second": 48,
+                    "microsecond": 0
+                }
+            },
+            {
+                "UserName": "277_user_red",
+                "AccessKeyId": "1231231812121212121212",
+                "Status": "Active",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 39,
+                    "second": 48,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..f863441e2
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "277_user_red",
+                "UserId": "1231231812121212121212",
+                "Arn": "arn:aws:iam::111111111111:user/277_user_red",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 39,
+                    "second": 48,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red_policy_test.py b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red_policy_test.py
new file mode 100644
index 000000000..104819aa4
--- /dev/null
+++ b/tests/ecc-aws-277-only_one_active_access_key_available_for_any_single_iam_user/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:AccessKeys'][0]['Status'], "Active")
+        base_test.assertEqual(resources[0]['c7n:AccessKeys'][1]['Status'], "Active")
\ No newline at end of file
diff --git a/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green_policy_test.py b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green_policy_test.py
new file mode 100644
index 000000000..5643788f7
--- /dev/null
+++ b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def mock_time(self):
+        return 2022, 5, 12
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
diff --git a/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-green/iam.ListServerCertificates_1.json b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-green/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..b9da04c64
--- /dev/null
+++ b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-green/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "279_server_certificate_green",
+                "ServerCertificateId": "ASCAXPHGII4AGDWYUJ7S4",
+                "Arn": "arn:aws:iam::111111111111:server-certificate/279_server_certificate_green",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 57,
+                    "second": 22,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 57,
+                    "second": 5,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-red/iam.ListServerCertificates_1.json b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-red/iam.ListServerCertificates_1.json
new file mode 100644
index 000000000..b14f2e024
--- /dev/null
+++ b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/placebo-red/iam.ListServerCertificates_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ServerCertificateMetadataList": [
+            {
+                "Path": "/",
+                "ServerCertificateName": "279_server_certificate_red",
+                "ServerCertificateId": "ASCAXPHGII4ANKWYEWWDJ",
+                "Arn": "arn:aws:iam::111111111111:server-certificate/279_server_certificate_red",
+                "UploadDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 10,
+                    "hour": 13,
+                    "minute": 9,
+                    "second": 30,
+                    "microsecond": 0
+                },
+                "Expiration": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 11,
+                    "hour": 13,
+                    "minute": 8,
+                    "second": 36,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red_policy_test.py b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red_policy_test.py
new file mode 100644
index 000000000..373dccd3b
--- /dev/null
+++ b/tests/ecc-aws-279-expired_ssl_tls_certificates_stored_in_aws_iam_are_removed/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(str(resources[0]['Expiration']), '2022-05-11 13:08:36+00:00')
\ No newline at end of file
diff --git a/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-green/ec2.DescribeVolumes_1.json b/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-green/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..f61b1b630
--- /dev/null
+++ b/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-green/ec2.DescribeVolumes_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 4,
+                    "day": 20,
+                    "hour": 8,
+                    "minute": 22,
+                    "second": 51,
+                    "microsecond": 230000
+                },
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d790d044-f208-4947-a2d3-8622db8d40b4",
+                "Size": 5,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-096323c34c99fa9e8",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "289-ebs-volume-green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-289-ebs_volume_without_encrypt"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-red/ec2.DescribeVolumes_1.json b/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-red/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..90f018c20
--- /dev/null
+++ b/tests/ecc-aws-289-ebs_volume_without_encrypt/placebo-red/ec2.DescribeVolumes_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 4,
+                    "day": 20,
+                    "hour": 8,
+                    "minute": 22,
+                    "second": 56,
+                    "microsecond": 476000
+                },
+                "Encrypted": false,
+                "Size": 5,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-03fcab9f402fe1804",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-289-ebs_volume_without_encrypt"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "289-ebs-volume-red"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-289-ebs_volume_without_encrypt/red_policy_test.py b/tests/ecc-aws-289-ebs_volume_without_encrypt/red_policy_test.py
new file mode 100644
index 000000000..1ad18a4f0
--- /dev/null
+++ b/tests/ecc-aws-289-ebs_volume_without_encrypt/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Encrypted'])
+        
diff --git a/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2c97fcae2
--- /dev/null
+++ b/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,133 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210802131420169600000001",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database291red",
+                "Endpoint": {
+                    "Address": "terraform-20210802131420169600000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 2,
+                    "hour": 13,
+                    "minute": 19,
+                    "second": 41,
+                    "microsecond": 191000
+                },
+                "PreferredBackupWindow": "10:29-10:59",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-ID",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:06:05-fri:06:35",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ID",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20210802131420169600000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-291-rds_public_access_disabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..ffe4e1c14
--- /dev/null
+++ b/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,133 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210802122710098500000001",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database291green",
+                "Endpoint": {
+                    "Address": "terraform-20210802122710098500000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 2,
+                    "hour": 12,
+                    "minute": 34,
+                    "second": 50,
+                    "microsecond": 785000
+                },
+                "PreferredBackupWindow": "06:12-06:42",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-ID",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-ID",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:07:47-tue:08:17",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": true,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ID",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20210802122710098500000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-291-rds_public_access_disabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-291-rds_public_access_disabled/red_policy_test.py b/tests/ecc-aws-291-rds_public_access_disabled/red_policy_test.py
new file mode 100644
index 000000000..df0cd8c0f
--- /dev/null
+++ b/tests/ecc-aws-291-rds_public_access_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['PubliclyAccessible'])
\ No newline at end of file
diff --git a/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..9e7c3f922
--- /dev/null
+++ b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "rrpjkgkkee",
+                "name": "292_api_green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 49,
+                    "second": 28,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..b7e091024
--- /dev/null
+++ b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "oar0dx",
+                "stageName": "292_stage_green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": true,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": true,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 49,
+                    "second": 31,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 52,
+                    "second": 47,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..c66bb5b07
--- /dev/null
+++ b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "0qwur5wv1f",
+                "name": "292_api_red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 4,
+                    "second": 43,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..af89003e6
--- /dev/null
+++ b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "yict38",
+                "stageName": "292_stage_red",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": true,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 4,
+                    "second": 47,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 46,
+                    "second": 4,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red_policy_test.py b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red_policy_test.py
new file mode 100644
index 000000000..64ef2fba9
--- /dev/null
+++ b/tests/ecc-aws-292-api_gateway_rest_api_encryption_at_rest/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_ssesion):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['methodSettings']['*/*']['cacheDataEncrypted'])
\ No newline at end of file
diff --git a/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..84a2c7c97
--- /dev/null
+++ b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "293_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 20,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 20,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..dbbbcc670
--- /dev/null
+++ b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "293_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 20,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 20,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20.yml"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red_policy_test.py b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red_policy_test.py
new file mode 100644
index 000000000..621acf387
--- /dev/null
+++ b/tests/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 20)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..e2ff5a1fc
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": true,
+                "Timeout": 400
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..4fc992d39
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-294-green",
+                "DNSName": "elb-294-green-this.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-294-green-this.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-111bbb",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "this",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 27,
+                    "hour": 6,
+                    "minute": 24,
+                    "second": 9,
+                    "microsecond": 220000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ea226f2ca
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/elb-294-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-294-classic_load_balancers_connection_draining_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..fdabf7f8e
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": false,
+                "Timeout": 300
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..47004669a
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-294-red",
+                "DNSName": "elb-294-red-this.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-294-red-this.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-111aaa",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "this",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 27,
+                    "hour": 6,
+                    "minute": 24,
+                    "second": 45,
+                    "microsecond": 860000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6c6fa14f2
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/elb-294-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-294-classic_load_balancers_connection_draining_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-294-clb_connection_draining_enabled/red_policy_test.py b/tests/ecc-aws-294-clb_connection_draining_enabled/red_policy_test.py
new file mode 100644
index 000000000..0bda0dcaf
--- /dev/null
+++ b/tests/ecc-aws-294-clb_connection_draining_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        lbName = resources[0]['LoadBalancerName']
+        connection = local_session.client("elb").describe_load_balancer_attributes(LoadBalancerName = lbName)
+        base_test.assertFalse(connection['LoadBalancerAttributes']['ConnectionDraining']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..8dab633c9
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-295-green",
+                "DomainName": "domain-295-green",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-295-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-295-green-vgxioxcqvoh6aotecctlguuxua.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": true,
+                    "KmsKeyId": "arn:aws:kms:us-east-1:this:key/b0371366-f355-40c6-aa8d-ed45054edfea"
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": true
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "LogPublishingOptions": {
+                    "AUDIT_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:this:log-group:295_cloudwatch_log_group_green",
+                        "Enabled": true
+                    }
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P1",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": true,
+                    "InternalUserDatabaseEnabled": true
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..5d8d3a9d1
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-295-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListTags_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..3efff05ff
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-295-elasticsearch_domains_audit_logging_enabled"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..6cc022097
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-295-red",
+                "DomainName": "domain-295-red",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-295-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-295-red-yis2spqqkktlkajwh7yvfftd5a.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P1",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..a668d7923
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-295-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListTags_1.json b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..a7c33d584
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/placebo-red/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-295-elasticsearch_domains_audit_logging_enabled"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red_policy_test.py b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..c2795e312
--- /dev/null
+++ b/tests/ecc-aws-295-elasticsearch_domains_audit_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse('LogPublishingOptions' in resources[0])
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..22689138e
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-297-green",
+                "DomainName": "domain-297-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-297-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-297-green-mg34gvhsv5n4qatlgsqwx35r7i.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 3,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P1",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 11,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..bf2d782fe
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-297-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListTags_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-green/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..a13b957f4
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-297-red",
+                "DomainName": "domain-297-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-297-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-297-red-5iwj5g7h7vkpnt6btxf2ozvgyu.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 2,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P1",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 11,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..4cb77c448
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-297-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListTags_1.json b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red_policy_test.py b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red_policy_test.py
new file mode 100644
index 000000000..dfe3f2f7b
--- /dev/null
+++ b/tests/ecc-aws-297-elasticsearch_domains_configured_with_at_least_three_dedicated_master_nodes/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        config = (resources[0]['ElasticsearchClusterConfig'])
+        base_test.assertTrue(config['DedicatedMasterEnabled'])
+        base_test.assertLessEqual(config['DedicatedMasterCount'], 2)
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..591da33dd
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-298-green",
+                "DomainName": "domain-298-green",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-298-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-298-green-r6nnyosur2emlgzodasqgqzclm.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..282ff48df
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-298-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListTags_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-green/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..ad0c2acc9
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-298-red",
+                "DomainName": "domain-298-red",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-298-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-298-red-cfxmhmlswi6h4d5b3y664hn7lu.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..a143cc68c
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-298-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListTags_1.json b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red_policy_test.py b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red_policy_test.py
new file mode 100644
index 000000000..60d83036c
--- /dev/null
+++ b/tests/ecc-aws-298-elasticsearch_domain_connections_encrypted_using_TLS_1_2/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        endpoint = (resources[0]['DomainEndpointOptions'])
+        base_test.assertFalse(endpoint['EnforceHTTPS'])
+        base_test.assertIsNot(endpoint['TLSSecurityPolicy'], "Policy-Min-TLS-1-2-2019-07")
\ No newline at end of file
diff --git a/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..7dedba76b
--- /dev/null
+++ b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1f",
+                    "us-east-1b"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster299green",
+                "DBClusterIdentifier": "cluster-299-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 26,
+                    "second": 32,
+                    "microsecond": 654000
+                },
+                "Endpoint": "cluster-299-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-299-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 26,
+                    "second": 32,
+                    "microsecond": 654000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "05:42-06:12",
+                "PreferredMaintenanceWindow": "wed:06:53-wed:07:23",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-OESNQJUJDR3JGQTOSXP3QAHBLE",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-299-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 25,
+                    "second": 3,
+                    "microsecond": 917000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": true,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d88c29213
--- /dev/null
+++ b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-oesnqjujdr3jgqtosxp3qahble",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-299-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..07a985128
--- /dev/null
+++ b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster299red",
+                "DBClusterIdentifier": "cluster-299-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 39,
+                    "second": 51,
+                    "microsecond": 127000
+                },
+                "Endpoint": "cluster-299-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-299-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 39,
+                    "second": 51,
+                    "microsecond": 127000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "03:05-03:35",
+                "PreferredMaintenanceWindow": "tue:07:49-tue:08:19",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-HKW3MGNSQIIVERFCCJVJPLD63Y",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-299-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 6,
+                    "minute": 38,
+                    "second": 17,
+                    "microsecond": 625000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8cdbc7746
--- /dev/null
+++ b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-299-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-hkw3mgnsqiiverfccjvjpld63y",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red_policy_test.py b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red_policy_test.py
new file mode 100644
index 000000000..08fb7e2ce
--- /dev/null
+++ b/tests/ecc-aws-299-rds_db_clusters_configured_to_copy_tags_to_snapshots/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['CopyTagsToSnapshot'])
\ No newline at end of file
diff --git a/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..82b9ebb35
--- /dev/null
+++ b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210906114517399200000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "stopped",
+                "MasterUsername": "foo",
+                "DBName": "mydb",
+                "Endpoint": {
+                    "Address": "terraform-20210906114517399200000001.this.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 6,
+                    "hour": 11,
+                    "minute": 49,
+                    "second": 8,
+                    "microsecond": 589000
+                },
+                "PreferredBackupWindow": "07:18-07:48",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:04:04-thu:04:34",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-E6QA7J6MPLWBOOD42K3XDHH6UI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": true,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20210906114517399200000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..627d2f1f7
--- /dev/null
+++ b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20210906114517399200000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..8ab8b8036
--- /dev/null
+++ b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210906115453271000000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "stopped",
+                "MasterUsername": "foo",
+                "DBName": "mydb",
+                "Endpoint": {
+                    "Address": "terraform-20210906115453271000000001.this.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 6,
+                    "hour": 11,
+                    "minute": 58,
+                    "second": 33,
+                    "microsecond": 818000
+                },
+                "PreferredBackupWindow": "03:49-04:19",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:06:45-sun:07:15",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-VYVUMQDAKLWDHFKLPFCFMFIO2Q",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20210906115453271000000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..a38e1c6d3
--- /dev/null
+++ b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20210906115453271000000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red_policy_test.py b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red_policy_test.py
new file mode 100644
index 000000000..cdb81c14e
--- /dev/null
+++ b/tests/ecc-aws-300-rds_db_instances_configured_to_copy_tags_to_snapshots/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['CopyTagsToSnapshot'])
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..ecae7d7c8
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "auto_analyze",
+                "ParameterValue": "true",
+                "Description": "Use auto analyze",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "auto_mv",
+                "ParameterValue": "true",
+                "Description": "Enable AutoMV",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "datestyle",
+                "ParameterValue": "ISO, MDY",
+                "Description": "Sets the display format for date and time values.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_case_sensitive_identifier",
+                "ParameterValue": "false",
+                "Description": "Preserve case sensitivity for database identifiers such as table or column names in parser",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "true",
+                "Description": "parameter for audit logging purpose",
+                "Source": "user",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "extra_float_digits",
+                "ParameterValue": "0",
+                "Description": "Sets the number of digits displayed for floating-point values",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "-15-2",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_concurrency_scaling_clusters",
+                "ParameterValue": "1",
+                "Description": "The maximum concurrency scaling clusters can be used.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-10",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_cursor_result_set_size",
+                "ParameterValue": "default",
+                "Description": "Sets the max cursor result set size",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-14400000",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "query_group",
+                "ParameterValue": "default",
+                "Description": "This parameter applies a user-defined label to a group of queries that are run during the same session..",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "false",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "search_path",
+                "ParameterValue": "$user, public",
+                "Description": "Sets the schema search order for names that are not schema-qualified.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "statement_timeout",
+                "ParameterValue": "0",
+                "Description": "Aborts any statement that takes over the specified number of milliseconds.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0,100-2147483647",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "use_fips_ssl",
+                "ParameterValue": "false",
+                "Description": "Use fips ssl library",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "wlm_json_configuration",
+                "ParameterValue": "[{\"auto_wlm\":true}]",
+                "Description": "wlm json configuration",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..b63fa9b9b
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-306-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift306green",
+                "Endpoint": {
+                    "Address": "redshift-306-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 11,
+                    "minute": 15,
+                    "second": 56,
+                    "microsecond": 648000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-306-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "sat:07:00-sat:07:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDj8PgvvF9hYURTZK2cHd/qNdbPCafDcCXBr3lh87nL3l7UGsIfalqdjsJOthzcVTqbwE0Q4h85w2IpLnBO/c4mj1RQI+h/vsAXFdne5FUd6DGul6RQa3DeLh/6+ke8gngcCkuRdUXs6M5ybj3Tr8mELKosBckf+3fU4vO3+VcxH7CV+nH4LY/KNmC94gyWx0/NGiZuwf/EFoj4meIdtGKWMow2ojDgCdRERUO6STp39ShkgKoIrd1Lbl7syNAaeIR2AMmdtI9uYoXfqOUf0WLx5A9mn+j+WQtfLruJKgqYIu6OQXG+mGEZwcDSdiNBFpE013ksAzsP87FEl9wL+5m7 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.53.110",
+                        "PublicIPAddress": "3.229.212.71"
+                    }
+                ],
+                "ClusterRevisionNumber": "40083",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-306-redshift_clusters_audit_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 23,
+                    "hour": 7,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:dd3c5f76-f5cd-47b5-a384-dc32fe0033c3",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
new file mode 100644
index 000000000..db49426f9
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoggingEnabled": true,
+        "BucketName": "bucket-306-green",
+        "LastSuccessfulDeliveryTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 19,
+            "hour": 12,
+            "minute": 1,
+            "second": 36,
+            "microsecond": 418000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..30ce7aefd
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "auto_analyze",
+                "ParameterValue": "true",
+                "Description": "Use auto analyze",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "auto_mv",
+                "ParameterValue": "true",
+                "Description": "Enable AutoMV",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "datestyle",
+                "ParameterValue": "ISO, MDY",
+                "Description": "Sets the display format for date and time values.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_case_sensitive_identifier",
+                "ParameterValue": "false",
+                "Description": "Preserve case sensitivity for database identifiers such as table or column names in parser",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "false",
+                "Description": "parameter for audit logging purpose",
+                "Source": "user",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "extra_float_digits",
+                "ParameterValue": "0",
+                "Description": "Sets the number of digits displayed for floating-point values",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "-15-2",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_concurrency_scaling_clusters",
+                "ParameterValue": "1",
+                "Description": "The maximum concurrency scaling clusters can be used.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-10",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_cursor_result_set_size",
+                "ParameterValue": "default",
+                "Description": "Sets the max cursor result set size",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-14400000",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "query_group",
+                "ParameterValue": "default",
+                "Description": "This parameter applies a user-defined label to a group of queries that are run during the same session..",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "false",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "search_path",
+                "ParameterValue": "$user, public",
+                "Description": "Sets the schema search order for names that are not schema-qualified.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "statement_timeout",
+                "ParameterValue": "0",
+                "Description": "Aborts any statement that takes over the specified number of milliseconds.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0,100-2147483647",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "use_fips_ssl",
+                "ParameterValue": "false",
+                "Description": "Use fips ssl library",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "wlm_json_configuration",
+                "ParameterValue": "[{\"auto_wlm\":true}]",
+                "Description": "wlm json configuration",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..30b03317b
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,153 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-306-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift306red",
+                "Endpoint": {
+                    "Address": "redshift-306-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 50,
+                    "second": 21,
+                    "microsecond": 25000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-306-red",
+                        "ParameterApplyStatus": "pending-reboot",
+                        "ClusterParameterStatusList": [
+                            {
+                                "ParameterName": "enable_user_activity_logging",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "auto_analyze",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "max_cursor_result_set_size",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "query_group",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "datestyle",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "extra_float_digits",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "search_path",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "statement_timeout",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "wlm_json_configuration",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "require_ssl",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "use_fips_ssl",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "max_concurrency_scaling_clusters",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "auto_mv",
+                                "ParameterApplyStatus": "pending-reboot"
+                            },
+                            {
+                                "ParameterName": "enable_case_sensitive_identifier",
+                                "ParameterApplyStatus": "pending-reboot"
+                            }
+                        ]
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1f",
+                "PreferredMaintenanceWindow": "thu:07:00-thu:07:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMNj/+rkDkiVJhmZAMS5j0zPtTj8IR6MNpl+kshTVq+r/vYr1cYOPs970WC8nO9r/FJxz+kMQpFG0MK1PoRHx6xEEH1jkatE4J0fpAcUBwvFlVg6GH0NEOBllqIzyrM3qTvo80PlkjRe70il/+vKVlm+pDDFRLvug8zIBjca5x1vtS1JRoC2xGcWQElJsh8xRFJeopnvyziZY7A92/wtDssB6nWShjP2MbcRP1C7unImi2xxvZVxxHtsbuP32pinhjeGlTT8JLxu2ywQGdVqlbGUPmxfrTLlID6N9hjJnM/thhJ+ZKy0w+d+Kmy1uaKXa994Zzox9keokzjAPnoPDR Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.66.5",
+                        "PublicIPAddress": "44.208.185.67"
+                    }
+                ],
+                "ClusterRevisionNumber": "40083",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-306-redshift_clusters_audit_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 7,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:d28fd605-bd2b-4ff3-a484-315ddac97786",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
new file mode 100644
index 000000000..b7ab63eae
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoggingEnabled": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/red_policy_test.py b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..8e7bbe214
--- /dev/null
+++ b/tests/ecc-aws-306-redshift_clusters_audit_logging_enabled/red_policy_test.py
@@ -0,0 +1,15 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        client = local_session.client("redshift")
+        redshift_id = resources[0]['ClusterIdentifier']
+        result = client.describe_logging_status(
+            ClusterIdentifier=redshift_id)
+        base_test.assertFalse(result["LoggingEnabled"])
+        paramName = resources[0]['ClusterParameterGroups'][0]['ParameterGroupName']
+        param = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName=paramName)
+        parameters=param["Parameters"]
+        for parameter in parameters:
+          if parameter["ParameterName"]=="enable_user_activity_logging":
+             base_test.assertEqual(parameter['ParameterValue'], 'false')
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.DescribeServices_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.DescribeServices_1.json
new file mode 100644
index 000000000..e0c9e8d40
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.DescribeServices_1.json
@@ -0,0 +1,116 @@
+{
+    "status_code": 200,
+    "data": {
+        "services": [
+            {
+                "serviceArn": "arn:aws:ecs:us-east-1:this:service/308_ecs_cluster_green/308_ecs_service_green",
+                "serviceName": "308_ecs_service_green",
+                "clusterArn": "arn:aws:ecs:us-east-1:this:cluster/308_ecs_cluster_green",
+                "loadBalancers": [],
+                "serviceRegistries": [],
+                "status": "ACTIVE",
+                "desiredCount": 1,
+                "runningCount": 0,
+                "pendingCount": 1,
+                "launchType": "FARGATE",
+                "platformVersion": "LATEST",
+                "taskDefinition": "arn:aws:ecs:us-east-1:this:task-definition/service:16",
+                "deploymentConfiguration": {
+                    "maximumPercent": 200,
+                    "minimumHealthyPercent": 100
+                },
+                "deployments": [
+                    {
+                        "id": "ecs-svc/8221154871227926052",
+                        "status": "PRIMARY",
+                        "taskDefinition": "arn:aws:ecs:us-east-1:this:task-definition/service:16",
+                        "desiredCount": 1,
+                        "pendingCount": 1,
+                        "runningCount": 0,
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 1,
+                            "second": 36,
+                            "microsecond": 642000
+                        },
+                        "updatedAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 1,
+                            "second": 36,
+                            "microsecond": 642000
+                        },
+                        "launchType": "FARGATE",
+                        "platformVersion": "1.4.0",
+                        "networkConfiguration": {
+                            "awsvpcConfiguration": {
+                                "subnets": [
+                                    "subnet-09bc27724625aee4d",
+                                    "subnet-0d9e9622b3f5d875d"
+                                ],
+                                "securityGroups": [
+                                    "sg-070eadb227fb2d12a"
+                                ],
+                                "assignPublicIp": "DISABLED"
+                            }
+                        }
+                    }
+                ],
+                "roleArn": "arn:aws:iam::this:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
+                "events": [
+                    {
+                        "id": "a4c10ac5-741b-4234-bbae-48edfa20c709",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 1,
+                            "second": 38,
+                            "microsecond": 615000
+                        },
+                        "message": "(service 308_ecs_service_green) has started 1 tasks: (task 8bf55f510c854982a7e27da81148e84c)."
+                    }
+                ],
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 1,
+                    "second": 36,
+                    "microsecond": 642000
+                },
+                "placementConstraints": [],
+                "placementStrategy": [],
+                "networkConfiguration": {
+                    "awsvpcConfiguration": {
+                        "subnets": [
+                            "subnet-09bc27724625aee4d",
+                            "subnet-0d9e9622b3f5d875d"
+                        ],
+                        "securityGroups": [
+                            "sg-070eadb227fb2d12a"
+                        ],
+                        "assignPublicIp": "DISABLED"
+                    }
+                },
+                "schedulingStrategy": "REPLICA",
+                "createdBy": "arn:aws:iam::this:user/test",
+                "enableECSManagedTags": false,
+                "propagateTags": "NONE"
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListClusters_1.json
new file mode 100644
index 000000000..aa6115ca7
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:this:cluster/308_ecs_cluster_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListServices_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListServices_1.json
new file mode 100644
index 000000000..ba69c395a
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-green/ecs.ListServices_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "serviceArns": [
+            "arn:aws:ecs:us-east-1:this:service/308_ecs_cluster_green/308_ecs_service_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.DescribeServices_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.DescribeServices_1.json
new file mode 100644
index 000000000..a46845bc5
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.DescribeServices_1.json
@@ -0,0 +1,130 @@
+{
+    "status_code": 200,
+    "data": {
+        "services": [
+            {
+                "serviceArn": "arn:aws:ecs:us-east-1:this:service/308_ecs_cluster_red/308_ecs_service_red",
+                "serviceName": "308_ecs_service_red",
+                "clusterArn": "arn:aws:ecs:us-east-1:this:cluster/308_ecs_cluster_red",
+                "loadBalancers": [],
+                "serviceRegistries": [],
+                "status": "ACTIVE",
+                "desiredCount": 1,
+                "runningCount": 0,
+                "pendingCount": 1,
+                "launchType": "FARGATE",
+                "platformVersion": "LATEST",
+                "taskDefinition": "arn:aws:ecs:us-east-1:this:task-definition/service:15",
+                "deploymentConfiguration": {
+                    "maximumPercent": 200,
+                    "minimumHealthyPercent": 100
+                },
+                "deployments": [
+                    {
+                        "id": "ecs-svc/3836308548649085661",
+                        "status": "PRIMARY",
+                        "taskDefinition": "arn:aws:ecs:us-east-1:this:task-definition/service:15",
+                        "desiredCount": 1,
+                        "pendingCount": 1,
+                        "runningCount": 0,
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 0,
+                            "second": 55,
+                            "microsecond": 634000
+                        },
+                        "updatedAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 0,
+                            "second": 55,
+                            "microsecond": 634000
+                        },
+                        "launchType": "FARGATE",
+                        "platformVersion": "1.4.0",
+                        "networkConfiguration": {
+                            "awsvpcConfiguration": {
+                                "subnets": [
+                                    "subnet-09e415e5229b84c95",
+                                    "subnet-08cb2dfc2928c51b7"
+                                ],
+                                "securityGroups": [
+                                    "sg-08abdfd433e56e5ee"
+                                ],
+                                "assignPublicIp": "ENABLED"
+                            }
+                        }
+                    }
+                ],
+                "roleArn": "arn:aws:iam::this:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
+                "events": [
+                    {
+                        "id": "3bf5d755-3c6c-49da-9619-1c7db1012bd9",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 5,
+                            "second": 28,
+                            "microsecond": 917000
+                        },
+                        "message": "(service 308_ecs_service_red) has started 1 tasks: (task 952386932c384504a4ca3e719d3e648d)."
+                    },
+                    {
+                        "id": "cb737f19-7f19-4819-82e0-04c5d3b812f7",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 9,
+                            "day": 13,
+                            "hour": 13,
+                            "minute": 1,
+                            "second": 2,
+                            "microsecond": 556000
+                        },
+                        "message": "(service 308_ecs_service_red) has started 1 tasks: (task aa403829f9514c828af125615f989192)."
+                    }
+                ],
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 0,
+                    "second": 55,
+                    "microsecond": 634000
+                },
+                "placementConstraints": [],
+                "placementStrategy": [],
+                "networkConfiguration": {
+                    "awsvpcConfiguration": {
+                        "subnets": [
+                            "subnet-09e415e5229b84c95",
+                            "subnet-08cb2dfc2928c51b7"
+                        ],
+                        "securityGroups": [
+                            "sg-08abdfd433e56e5ee"
+                        ],
+                        "assignPublicIp": "ENABLED"
+                    }
+                },
+                "schedulingStrategy": "REPLICA",
+                "createdBy": "arn:aws:iam::this:user/test",
+                "enableECSManagedTags": false,
+                "propagateTags": "NONE"
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListClusters_1.json
new file mode 100644
index 000000000..975e14615
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:this:cluster/308_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListServices_1.json b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListServices_1.json
new file mode 100644
index 000000000..d1bdf1bd5
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/placebo-red/ecs.ListServices_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "serviceArns": [
+            "arn:aws:ecs:us-east-1:this:service/308_ecs_cluster_red/308_ecs_service_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red_policy_test.py b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red_policy_test.py
new file mode 100644
index 000000000..3d83c973e
--- /dev/null
+++ b/tests/ecc-aws-308-ecs_services_public_ip_addresses_not_assigned_automatically/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['deployments'][0]['networkConfiguration']['awsvpcConfiguration']['assignPublicIp'], 'ENABLED')
\ No newline at end of file
diff --git a/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..30c72576a
--- /dev/null
+++ b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "309_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 135,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 135,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..4f95c26e9
--- /dev/null
+++ b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "309_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 135,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 135,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red_policy_test.py b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red_policy_test.py
new file mode 100644
index 000000000..76356c15b
--- /dev/null
+++ b/tests/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 135)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..85dc3c0f1
--- /dev/null
+++ b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "310_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 143,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 143,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..e1e070aad
--- /dev/null
+++ b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "310_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 143,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 143,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red_policy_test.py b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red_policy_test.py
new file mode 100644
index 000000000..d50c2d446
--- /dev/null
+++ b/tests/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 143)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
diff --git a/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..47552167b
--- /dev/null
+++ b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "312_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 1433,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1433,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 1434,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1434,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..8f17f837e
--- /dev/null
+++ b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "312_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 1433,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1433,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 1434,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 1434,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red_policy_test.py b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red_policy_test.py
new file mode 100644
index 000000000..11a48027f
--- /dev/null
+++ b/tests/ecc-aws-312-security_group_ingress_is_restricted_traffic_to_mssql_ports/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 1433)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
+        base_test.assertEqual(resources[0]['IpPermissions'][1]['ToPort'], 1434)
+        base_test.assertEqual(resources[0]['IpPermissions'][1]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..2bd99ad7e
--- /dev/null
+++ b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "313_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 4333,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 4333,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..d768b4bdc
--- /dev/null
+++ b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "313_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 4333,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 4333,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red_policy_test.py b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red_policy_test.py
new file mode 100644
index 000000000..1416cf52b
--- /dev/null
+++ b/tests/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 4333)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..a567102c1
--- /dev/null
+++ b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "314_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5500,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5500,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..779c71947
--- /dev/null
+++ b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "314_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5500,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5500,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red_policy_test.py b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red_policy_test.py
new file mode 100644
index 000000000..40fa62378
--- /dev/null
+++ b/tests/ecc-aws-314-security_group_ingress_is_restricted_traffic_to_port_5500/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 5500)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..0ad169c72
--- /dev/null
+++ b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "315_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5601,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5601,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..777ddbdc5
--- /dev/null
+++ b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "315_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 5601,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 5601,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red_policy_test.py b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red_policy_test.py
new file mode 100644
index 000000000..22c229df2
--- /dev/null
+++ b/tests/ecc-aws-315-security_group_ingress_is_restricted_traffic_to_port_5601/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 5601)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..ff2084961
--- /dev/null
+++ b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "316_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 8080,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 8080,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..f1a8b20fe
--- /dev/null
+++ b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "316_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 8080,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 8080,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "this",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red_policy_test.py b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red_policy_test.py
new file mode 100644
index 000000000..c72a1dbd3
--- /dev/null
+++ b/tests/ecc-aws-316-security_group_ingress_is_restricted_traffic_to_port_8080/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 8080)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..b2c476c78
--- /dev/null
+++ b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "317_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 9300,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 9300,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 9200,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 9200,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..5274881a8
--- /dev/null
+++ b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "317_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 9300,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 9300,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 9200,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 9200,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red_policy_test.py b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red_policy_test.py
new file mode 100644
index 000000000..bfcc65c16
--- /dev/null
+++ b/tests/ecc-aws-317-security_group_ingress_is_restricted_traffic_to_elasticsearch_service_ports/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['ToPort'], 9300)
+        base_test.assertEqual(resources[0]['IpPermissions'][0]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
+        base_test.assertEqual(resources[0]['IpPermissions'][1]['ToPort'], 9200)
+        base_test.assertEqual(resources[0]['IpPermissions'][1]['IpRanges'][0]['CidrIp'], '0.0.0.0/0')
\ No newline at end of file
diff --git a/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..5119bcc38
--- /dev/null
+++ b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster318green",
+                "DBClusterIdentifier": "cluster-318-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 20,
+                    "second": 56,
+                    "microsecond": 194000
+                },
+                "Endpoint": "cluster-318-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-318-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 20,
+                    "second": 56,
+                    "microsecond": 194000
+                },
+                "Port": 6033,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:46-05:16",
+                "PreferredMaintenanceWindow": "thu:06:12-thu:06:42",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-GIRBG6IJSPD2BUR7WYUOFI3NXY",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-318-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 20,
+                    "second": 16,
+                    "microsecond": 748000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..36d186b8e
--- /dev/null
+++ b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-318-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-girbg6ijspd2bur7wyuofi3nxy",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..e2fe8fa4d
--- /dev/null
+++ b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster318red",
+                "DBClusterIdentifier": "cluster-318-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 49,
+                    "second": 39,
+                    "microsecond": 163000
+                },
+                "Endpoint": "cluster-318-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-318-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 49,
+                    "second": 39,
+                    "microsecond": 163000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "07:51-08:21",
+                "PreferredMaintenanceWindow": "sat:04:40-sat:05:10",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-YG2NVS4H3WPLRTQ7RNWWT7BSAE",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-318-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 18,
+                    "minute": 48,
+                    "second": 58,
+                    "microsecond": 557000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..da9513f66
--- /dev/null
+++ b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-318-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-yg2nvs4h3wplrtq7rnwwt7bsae",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-318-rds_database_cluster_engine_no_default_ports"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red_policy_test.py b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red_policy_test.py
new file mode 100644
index 000000000..7be0209a5
--- /dev/null
+++ b/tests/ecc-aws-318-rds_database_cluster_engine_no_default_ports/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['Port'] in [3306,5432])
+    
\ No newline at end of file
diff --git a/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2b6ee7c98
--- /dev/null
+++ b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,129 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210923101039107900000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "database319green",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:04-08:34",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-1234567",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8232323",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8232321",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-823232111",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8231112",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-82431112",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:07:14-sat:07:44",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****"
+                },
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:this:key/7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "DbiResourceId": "db-55DQ7RJN5BLTV6Q7JRIJE5TC5I",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": true,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20210923101039107900000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-319-rds_instances_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f3caf5fd4
--- /dev/null
+++ b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:db:terraform-20210923101039107900000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-319-rds_instances_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..81782c384
--- /dev/null
+++ b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,129 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20210923101039107900000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "database319red",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:04-08:34",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-1234567",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8232323",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8232321",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-823232111",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8231112",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-82431112",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:07:14-sat:07:44",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****"
+                },
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:this:key/7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "DbiResourceId": "db-55DQ7RJN5BLTV6Q7JRIJE5TC5I",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": true,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20210923101039107900000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-319-rds_instances_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f3caf5fd4
--- /dev/null
+++ b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:db:terraform-20210923101039107900000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-319-rds_instances_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-319-rds_instances_storage_is_encrypted/red_policy_test.py b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/red_policy_test.py
new file mode 100644
index 000000000..785e65718
--- /dev/null
+++ b/tests/ecc-aws-319-rds_instances_storage_is_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertFalse(resources[0]['StorageEncrypted'])
diff --git a/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..f7cea8258
--- /dev/null
+++ b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,61 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "snapshot320green",
+                "DBInstanceIdentifier": "terraform-20211001110348344700000001",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 1,
+                    "hour": 11,
+                    "minute": 10,
+                    "second": 31,
+                    "microsecond": 575000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1d",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 1,
+                    "hour": 11,
+                    "minute": 9,
+                    "second": 22,
+                    "microsecond": 867000
+                },
+                "MasterUsername": "root",
+                "EngineVersion": "5.7.33",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:this:key/7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:this:snapshot:snapshot320green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-QMNXBTRX7NG7NAHGL5FHCEJQLM",
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..a8c6785ee
--- /dev/null
+++ b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:snapshot:snapshot320green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..0f245f045
--- /dev/null
+++ b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "snapshot320red",
+                "DBInstanceIdentifier": "terraform-20211001112402283300000001",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 1,
+                    "hour": 11,
+                    "minute": 29,
+                    "second": 2,
+                    "microsecond": 761000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1d",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 1,
+                    "hour": 11,
+                    "minute": 27,
+                    "second": 31,
+                    "microsecond": 759000
+                },
+                "MasterUsername": "root",
+                "EngineVersion": "5.7.33",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": false,
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:this:snapshot:snapshot320red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-XZAFZ2UQKZOUMZHC6WF3YRBIDQ",
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..5512b760f
--- /dev/null
+++ b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:snapshot:snapshot320red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-320-rds_snapshots_storage_is_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/red_policy_test.py b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/red_policy_test.py
new file mode 100644
index 000000000..c18eb6ed6
--- /dev/null
+++ b/tests/ecc-aws-320-rds_snapshots_storage_is_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Encrypted'])
diff --git a/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..d26c39a90
--- /dev/null
+++ b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "qopxcs4q73",
+                "name": "322_api_gateway_rest_api_green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 50,
+                    "second": 25,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..357e2d3b8
--- /dev/null
+++ b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "1yiaix",
+                "clientCertificateId": "5gc72g",
+                "stageName": "322_api_gateway_stage_green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": true,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 50,
+                    "second": 30,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 53,
+                    "second": 54,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..9d59cb104
--- /dev/null
+++ b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "ugjlm8qa0l",
+                "name": "322_api_gateway_rest_api_red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 10,
+                    "minute": 55,
+                    "second": 51,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..cf721e141
--- /dev/null
+++ b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "n26hxk",
+                "stageName": "322_api_gateway_stage_red",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": true,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 10,
+                    "minute": 55,
+                    "second": 56,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 35,
+                    "second": 53,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red_policy_test.py b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red_policy_test.py
new file mode 100644
index 000000000..a14d2d9f3
--- /dev/null
+++ b/tests/ecc-aws-322-api_gateway_rest_api_stages_ssl_certificates_configured/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_ssesion):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('clientCertificateId', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..33a772181
--- /dev/null
+++ b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,50 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "bl3smk71ei",
+                "name": "323_api_green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 6,
+                    "minute": 12,
+                    "second": 35,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            },
+            {
+                "id": "uogwvyvq9a",
+                "name": "323_api_red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 8,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..f095cbc73
--- /dev/null
+++ b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "52qr93",
+                "stageName": "323_stage_green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": true,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 6,
+                    "minute": 12,
+                    "second": 39,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 6,
+                    "minute": 16,
+                    "second": 3,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..cecfb37c9
--- /dev/null
+++ b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "uogwvyvq9a",
+                "name": "323_api_red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 8,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..471f4362b
--- /dev/null
+++ b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "oqmfz1",
+                "stageName": "323_stage_red",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 12,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 33,
+                    "second": 17,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/red_policy_test.py b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/red_policy_test.py
new file mode 100644
index 000000000..565027559
--- /dev/null
+++ b/tests/ecc-aws-323-rest_api_aws_x_ray_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['tracingEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..111130443
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,125 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E1DMQIUSQYM9K8",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20211011080440481800000001",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "index.html",
+            "Origins": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "myGreenS3",
+                        "DomainName": "bucket-324-green.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": ""
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 0
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "myGreenS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 7,
+                    "Items": [
+                        "HEAD",
+                        "DELETE",
+                        "POST",
+                        "GET",
+                        "OPTIONS",
+                        "PUT",
+                        "PATCH"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": false,
+                "IncludeCookies": false,
+                "Bucket": "",
+                "Prefix": ""
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "whitelist",
+                    "Quantity": 4,
+                    "Items": [
+                        "US",
+                        "CA",
+                        "DE",
+                        "GB"
+                    ]
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..64e2b95c6
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,138 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E234R7HBRR1UAX",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E234R7HBRR1UAX",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 10,
+                        "day": 11,
+                        "hour": 8,
+                        "minute": 35,
+                        "second": 29,
+                        "microsecond": 360000
+                    },
+                    "DomainName": "d3b5nbsj36e98d.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myGreenS3",
+                                "DomainName": "bucket-324-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myGreenS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "GB",
+                                "CA",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..29c62dfcd
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E234R7HBRR1UAX",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-324-cloudfront_default_root_object_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..181a73fd6
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,125 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E39J8FG14KFUTV",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20211011085043404100000001",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "",
+            "Origins": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "myRedS3",
+                        "DomainName": "bucket-324-red.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": ""
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 0
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "myRedS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 7,
+                    "Items": [
+                        "HEAD",
+                        "DELETE",
+                        "POST",
+                        "GET",
+                        "OPTIONS",
+                        "PUT",
+                        "PATCH"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": false,
+                "IncludeCookies": false,
+                "Bucket": "",
+                "Prefix": ""
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "whitelist",
+                    "Quantity": 4,
+                    "Items": [
+                        "CA",
+                        "DE",
+                        "GB",
+                        "US"
+                    ]
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..eed64aff6
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,138 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "EQB1ZVTUQPX0I",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/EQB1ZVTUQPX0I",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 10,
+                        "day": 11,
+                        "hour": 8,
+                        "minute": 50,
+                        "second": 44,
+                        "microsecond": 99000
+                    },
+                    "DomainName": "dxdigqzd5r9uy.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "bucket-324-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "CA",
+                                "DE",
+                                "US"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..5abb4e92b
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/EQB1ZVTUQPX0I",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-324-cloudfront_default_root_object_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-324-cloudfront_default_root_object_configured/red_policy_test.py b/tests/ecc-aws-324-cloudfront_default_root_object_configured/red_policy_test.py
new file mode 100644
index 000000000..ce952572a
--- /dev/null
+++ b/tests/ecc-aws-324-cloudfront_default_root_object_configured/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:distribution-config']['DefaultRootObject'],'' )
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..b1c4d829a
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,164 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E18VTHU09E3ELO",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20211026131933236600000002",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "index.html",
+            "Origins": {
+                "Quantity": 2,
+                "Items": [
+                    {
+                        "Id": "primaryS3",
+                        "DomainName": "primarys3-326rule.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": "origin-access-identity/cloudfront/EUQ47FJ653LNO"
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    },
+                    {
+                        "Id": "12345asdfg",
+                        "DomainName": "failovers3-326rule.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": "origin-access-identity/cloudfront/EUQ47FJ653LNO"
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "groupS3",
+                        "FailoverCriteria": {
+                            "StatusCodes": {
+                                "Quantity": 4,
+                                "Items": [
+                                    403,
+                                    404,
+                                    502,
+                                    500
+                                ]
+                            }
+                        },
+                        "Members": {
+                            "Quantity": 2,
+                            "Items": [
+                                {
+                                    "OriginId": "primaryS3"
+                                },
+                                {
+                                    "OriginId": "failoverS3"
+                                }
+                            ]
+                        }
+                    }
+                ]
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "groupS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 3,
+                    "Items": [
+                        "HEAD",
+                        "GET",
+                        "OPTIONS"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": false,
+                "IncludeCookies": false,
+                "Bucket": "",
+                "Prefix": ""
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "whitelist",
+                    "Quantity": 4,
+                    "Items": [
+                        "US",
+                        "DE",
+                        "CA",
+                        "GB"
+                    ]
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..a43f50fb8
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,177 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E1PJYZGMX46NOE",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E1PJYZGMX46NOE",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 10,
+                        "day": 26,
+                        "hour": 13,
+                        "minute": 19,
+                        "second": 33,
+                        "microsecond": 302000
+                    },
+                    "DomainName": "d3l8dw45ayhrev.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 2,
+                        "Items": [
+                            {
+                                "Id": "primaryS3",
+                                "DomainName": "primarys3-326rule.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": "origin-access-identity/cloudfront/EUQ47FJ653LNO"
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            },
+                            {
+                                "Id": "12345asdfg",
+                                "DomainName": "failovers3-326rule.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": "origin-access-identity/cloudfront/EUQ47FJ653LNO"
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "groupS3",
+                                "FailoverCriteria": {
+                                    "StatusCodes": {
+                                        "Quantity": 4,
+                                        "Items": [
+                                            403,
+                                            404,
+                                            502,
+                                            500
+                                        ]
+                                    }
+                                },
+                                "Members": {
+                                    "Quantity": 2,
+                                    "Items": [
+                                        {
+                                            "OriginId": "primaryS3"
+                                        },
+                                        {
+                                            "OriginId": "failoverS3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "groupS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 3,
+                            "Items": [
+                                "HEAD",
+                                "GET",
+                                "OPTIONS"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "CA",
+                                "DE",
+                                "GB",
+                                "US"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..434019c49
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E1PJYZGMX46NOE",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-326-cloudfront_origin_failover_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.GetDistributionConfig_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
new file mode 100644
index 000000000..e666b1e5a
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.GetDistributionConfig_1.json
@@ -0,0 +1,119 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ETag": "E3AGZPKX9PPA27",
+        "DistributionConfig": {
+            "CallerReference": "terraform-20211026132948278000000002",
+            "Aliases": {
+                "Quantity": 0
+            },
+            "DefaultRootObject": "index.html",
+            "Origins": {
+                "Quantity": 1,
+                "Items": [
+                    {
+                        "Id": "myredS3",
+                        "DomainName": "c7n-326-bucket-red.s3.amazonaws.com",
+                        "OriginPath": "",
+                        "CustomHeaders": {
+                            "Quantity": 0
+                        },
+                        "S3OriginConfig": {
+                            "OriginAccessIdentity": "origin-access-identity/cloudfront/E3NO8PVGX4387B"
+                        },
+                        "ConnectionAttempts": 3,
+                        "ConnectionTimeout": 10,
+                        "OriginShield": {
+                            "Enabled": false
+                        }
+                    }
+                ]
+            },
+            "OriginGroups": {
+                "Quantity": 0
+            },
+            "DefaultCacheBehavior": {
+                "TargetOriginId": "myredS3",
+                "TrustedSigners": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "TrustedKeyGroups": {
+                    "Enabled": false,
+                    "Quantity": 0
+                },
+                "ViewerProtocolPolicy": "allow-all",
+                "AllowedMethods": {
+                    "Quantity": 7,
+                    "Items": [
+                        "HEAD",
+                        "DELETE",
+                        "POST",
+                        "GET",
+                        "OPTIONS",
+                        "PUT",
+                        "PATCH"
+                    ],
+                    "CachedMethods": {
+                        "Quantity": 2,
+                        "Items": [
+                            "HEAD",
+                            "GET"
+                        ]
+                    }
+                },
+                "SmoothStreaming": false,
+                "Compress": false,
+                "LambdaFunctionAssociations": {
+                    "Quantity": 0
+                },
+                "FieldLevelEncryptionId": "",
+                "ForwardedValues": {
+                    "QueryString": false,
+                    "Cookies": {
+                        "Forward": "none"
+                    },
+                    "Headers": {
+                        "Quantity": 0
+                    },
+                    "QueryStringCacheKeys": {
+                        "Quantity": 0
+                    }
+                },
+                "MinTTL": 0,
+                "DefaultTTL": 0,
+                "MaxTTL": 0
+            },
+            "CacheBehaviors": {
+                "Quantity": 0
+            },
+            "CustomErrorResponses": {
+                "Quantity": 0
+            },
+            "Comment": "",
+            "Logging": {
+                "Enabled": true,
+                "IncludeCookies": true,
+                "Bucket": "c7n-326-bucket-red.s3.amazonaws.com",
+                "Prefix": "myprefix"
+            },
+            "PriceClass": "PriceClass_All",
+            "Enabled": true,
+            "ViewerCertificate": {
+                "CloudFrontDefaultCertificate": true,
+                "MinimumProtocolVersion": "TLSv1",
+                "CertificateSource": "cloudfront"
+            },
+            "Restrictions": {
+                "GeoRestriction": {
+                    "RestrictionType": "none",
+                    "Quantity": 0
+                }
+            },
+            "WebACLId": "",
+            "HttpVersion": "http2",
+            "IsIPV6Enabled": false
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..b5bfa1d6f
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,132 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E33O92NK067DQ8",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E33O92NK067DQ8",
+                    "Status": "InProgress",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 10,
+                        "day": 26,
+                        "hour": 13,
+                        "minute": 29,
+                        "second": 48,
+                        "microsecond": 612000
+                    },
+                    "DomainName": "d1mxpate34dzjr.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myredS3",
+                                "DomainName": "c7n-326-bucket-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": "origin-access-identity/cloudfront/E3NO8PVGX4387B"
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myredS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "none",
+                            "Quantity": 0
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..55b849316
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E33O92NK067DQ8",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-326-cloudfront_distribution_access_logging"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-326-cloudfront_origin_failover_configured/red_policy_test.py b/tests/ecc-aws-326-cloudfront_origin_failover_configured/red_policy_test.py
new file mode 100644
index 000000000..7155a264b
--- /dev/null
+++ b/tests/ecc-aws-326-cloudfront_origin_failover_configured/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['OriginGroups']['Quantity'], 0)
diff --git a/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..272ba372c
--- /dev/null
+++ b/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-327-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 16,
+                    "minute": 40,
+                    "second": 27,
+                    "microsecond": 530000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:10:38-fri:11:08",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.3",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:AZ47ST3SVCESPWDXEF3E6MQQUCKAFZYDDJNQNZI",
+                "ReplicationInstancePrivateIpAddress": "172.31.83.135",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.83.135"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..aad6d5ddc
--- /dev/null
+++ b/tests/ecc-aws-327-dms_replication_not_public/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-327-dms_replication_not_public"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..0a292d8d6
--- /dev/null
+++ b/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,97 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-327-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 16,
+                    "minute": 19,
+                    "second": 47,
+                    "microsecond": 609000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:08:38-thu:09:08",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.3",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:JSNZSB4QBCJNQCFAVKLVVFCITF4VVSNK2TKLJQI",
+                "ReplicationInstancePublicIpAddress": "54.235.91.48",
+                "ReplicationInstancePrivateIpAddress": "172.31.86.146",
+                "ReplicationInstancePublicIpAddresses": [
+                    "54.235.91.48"
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.86.146"
+                ],
+                "PubliclyAccessible": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..a300dd73a
--- /dev/null
+++ b/tests/ecc-aws-327-dms_replication_not_public/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-327-dms_replication_not_public"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-327-dms_replication_not_public/red_policy_test.py b/tests/ecc-aws-327-dms_replication_not_public/red_policy_test.py
new file mode 100644
index 000000000..df0cd8c0f
--- /dev/null
+++ b/tests/ecc-aws-327-dms_replication_not_public/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['PubliclyAccessible'])
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeContinuousBackups_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeContinuousBackups_1.json
new file mode 100644
index 000000000..fff483cfc
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeContinuousBackups_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "ContinuousBackupsDescription": {
+            "ContinuousBackupsStatus": "ENABLED",
+            "PointInTimeRecoveryDescription": {
+                "PointInTimeRecoveryStatus": "ENABLED",
+                "EarliestRestorableDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 20,
+                    "second": 34,
+                    "microsecond": 0
+                },
+                "LatestRestorableDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 20,
+                    "second": 34,
+                    "microsecond": 0
+                }
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeTable_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..b9865b5e2
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.DescribeTable_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "329_dynamodb_table_green",
+            "KeySchema": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 26,
+                "hour": 10,
+                "minute": 20,
+                "second": 26,
+                "microsecond": 754000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 0,
+                "WriteCapacityUnits": 0
+            },
+            "TableSizeBytes": 0,
+            "ItemCount": 0,
+            "TableArn": "arn:aws:dynamodb:us-east-1:111111111111:table/329_dynamodb_table_green",
+            "TableId": "7862aec5-6da5-455e-8971-59d90042cc4b",
+            "BillingModeSummary": {
+                "BillingMode": "PAY_PER_REQUEST",
+                "LastUpdateToPayPerRequestDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 20,
+                    "second": 26,
+                    "microsecond": 754000
+                }
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.ListTables_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..1c557b7fb
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "329_dynamodb_table_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..3ccc38b15
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:dynamodb:us-east-1:111111111111:table/329_dynamodb_table_green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-329-dynamodb_tables_pitr_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeContinuousBackups_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeContinuousBackups_1.json
new file mode 100644
index 000000000..dc4c5c432
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeContinuousBackups_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ContinuousBackupsDescription": {
+            "ContinuousBackupsStatus": "ENABLED",
+            "PointInTimeRecoveryDescription": {
+                "PointInTimeRecoveryStatus": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeTable_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..9d0b54cac
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.DescribeTable_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "RedTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "329_dynamodb_table_red",
+            "KeySchema": [
+                {
+                    "AttributeName": "RedTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 26,
+                "hour": 10,
+                "minute": 23,
+                "second": 50,
+                "microsecond": 782000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 0,
+                "WriteCapacityUnits": 0
+            },
+            "TableSizeBytes": 0,
+            "ItemCount": 0,
+            "TableArn": "arn:aws:dynamodb:us-east-1:111111111111:table/329_dynamodb_table_red",
+            "TableId": "5c3384ae-b46b-4981-ad4b-e2db7c7d6391",
+            "BillingModeSummary": {
+                "BillingMode": "PAY_PER_REQUEST",
+                "LastUpdateToPayPerRequestDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 23,
+                    "second": 50,
+                    "microsecond": 782000
+                }
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.ListTables_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..b5ef097d4
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "329_dynamodb_table_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..934aec545
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:dynamodb:us-east-1:111111111111:table/329_dynamodb_table_red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-329-dynamodb_tables_pitr_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/red_policy_test.py b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/red_policy_test.py
new file mode 100644
index 000000000..c810ca84f
--- /dev/null
+++ b/tests/ecc-aws-329-dynamodb_tables_pitr_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:continuous-backup']['PointInTimeRecoveryDescription']['PointInTimeRecoveryStatus'], 'DISABLED')
\ No newline at end of file
diff --git a/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.DescribeClusters_1.json b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..709fd9067
--- /dev/null
+++ b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.DescribeClusters_1.json
@@ -0,0 +1,59 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-330",
+                "ClusterArn": "arn:aws:dax:us-east-1:this:cache/cluster-330",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.r4.large",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-330.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 8111
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-330-a",
+                        "Endpoint": {
+                            "Address": "cluster-330-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 8111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 26,
+                            "hour": 14,
+                            "minute": 53,
+                            "second": 5,
+                            "microsecond": 624000
+                        },
+                        "AvailabilityZone": "us-east-1a",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "mon:07:00-mon:08:00",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::this:role/role-for-dax",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "ENABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.ListTags_1.json b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.ListTags_1.json
new file mode 100644
index 000000000..554bb5956
--- /dev/null
+++ b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-green/dax.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-330-dynamodb_dax_encryption_enabled"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.DescribeClusters_1.json b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..60124a3e1
--- /dev/null
+++ b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.DescribeClusters_1.json
@@ -0,0 +1,59 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-330-red",
+                "ClusterArn": "arn:aws:dax:us-east-1:this:cache/cluster-330-red",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.r4.large",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-330-red.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 8111
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-330-red-a",
+                        "Endpoint": {
+                            "Address": "cluster-330-red-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 8111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 26,
+                            "hour": 15,
+                            "minute": 19,
+                            "second": 50,
+                            "microsecond": 125000
+                        },
+                        "AvailabilityZone": "us-east-1e",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "sun:10:00-sun:11:00",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::this:role/role-for-dax-red",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "DISABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.ListTags_1.json b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.ListTags_1.json
new file mode 100644
index 000000000..553a9f8a8
--- /dev/null
+++ b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/placebo-red/dax.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-330-dynamodb_dax_encryption_enabled"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/red_policy_test.py b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..9312b699c
--- /dev/null
+++ b/tests/ecc-aws-330-dynamodb_dax_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['SSEDescription']['Status'], 'DISABLED')
\ No newline at end of file
diff --git a/tests/ecc-aws-331-ec2_stopped_instance/green_policy_test.py b/tests/ecc-aws-331-ec2_stopped_instance/green_policy_test.py
new file mode 100644
index 000000000..2235e1dd7
--- /dev/null
+++ b/tests/ecc-aws-331-ec2_stopped_instance/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2021, 10, 27
diff --git a/tests/ecc-aws-331-ec2_stopped_instance/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-331-ec2_stopped_instance/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..6ab3beaed
--- /dev/null
+++ b/tests/ecc-aws-331-ec2_stopped_instance/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,168 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-01ef899afac9d96e5",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 27,
+                            "hour": 8,
+                            "minute": 30,
+                            "second": 50,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                        "PrivateIpAddress": "172.31.87.11",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-10-27 08:31:31 GMT)",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 8,
+                                        "minute": 30,
+                                        "second": 52,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0e6cd81c548175d86"
+                                }
+                            }
+                        ],
+                        "ClientToken": "A30F40F0-AF93-4BFC-A190-E612189027EC",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 8,
+                                        "minute": 30,
+                                        "second": 50,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-01596592d8e9447fb",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:db:5b:e1:66:53",
+                                "NetworkInterfaceId": "eni-0174f660a431965b9",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                                "PrivateIpAddress": "172.31.87.11",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                                        "PrivateIpAddress": "172.31.87.11"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "331_instance_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-331-ec2_stopped_instance"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-037aab9e8a633d6ab"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-331-ec2_stopped_instance/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-331-ec2_stopped_instance/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..ea74cc9ae
--- /dev/null
+++ b/tests/ecc-aws-331-ec2_stopped_instance/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,168 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-01ef899afac9d96e5",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 27,
+                            "hour": 8,
+                            "minute": 30,
+                            "second": 50,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                        "PrivateIpAddress": "172.31.87.11",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-06-16 16:06:33 GMT)",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 8,
+                                        "minute": 30,
+                                        "second": 52,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0e6cd81c548175d86"
+                                }
+                            }
+                        ],
+                        "ClientToken": "A30F40F0-AF93-4BFC-A190-E612189027EC",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 8,
+                                        "minute": 30,
+                                        "second": 50,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-01596592d8e9447fb",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:db:5b:e1:66:53",
+                                "NetworkInterfaceId": "eni-0174f660a431965b9",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                                "PrivateIpAddress": "172.31.87.11",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-87-11.ec2.internal",
+                                        "PrivateIpAddress": "172.31.87.11"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "331_instance_red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-331-ec2_stopped_instance"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-037aab9e8a633d6ab"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-331-ec2_stopped_instance/red_policy_test.py b/tests/ecc-aws-331-ec2_stopped_instance/red_policy_test.py
new file mode 100644
index 000000000..9d28ee9bd
--- /dev/null
+++ b/tests/ecc-aws-331-ec2_stopped_instance/red_policy_test.py
@@ -0,0 +1,14 @@
+from re import search
+from datetime import datetime, timedelta
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['State']['Name'], 'stopped')
+        stoped_date_str=search('\((.*)\)',resources[0]['StateTransitionReason'])
+        format = "%Y-%m-%d %H:%M:%S %Z"
+        stoped_date_object=datetime.strptime(str(stoped_date_str.group(1)),format)
+        time_now= datetime.strptime("2021-10-27 09:31:31","%Y-%m-%d %H:%M:%S")
+        datatime30ago=time_now - timedelta(days=30)
+        base_test.assertFalse(stoped_date_object>datatime30ago)
\ No newline at end of file
diff --git a/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..4aa81d83c
--- /dev/null
+++ b/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,158 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-004bf28d7e5cfae00",
+                        "InstanceId": "i-0b54695a834e8bf30",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 4,
+                            "hour": 8,
+                            "minute": 43,
+                            "second": 19,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1a",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-10-0-1-12.ec2.internal",
+                        "PrivateIpAddress": "10.0.1.12",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-0497a3766d329af60",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 4,
+                                        "hour": 8,
+                                        "minute": 43,
+                                        "second": 20,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-06a7b3cabbe3c6909"
+                                }
+                            }
+                        ],
+                        "ClientToken": "CAB9A343-477F-4FBF-B99D-EBA3C6430396",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 4,
+                                        "hour": 8,
+                                        "minute": 43,
+                                        "second": 19,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-003b4bbe56b7042d4",
+                                    "DeleteOnTermination": false,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0e:0b:87:ad:2e:97",
+                                "NetworkInterfaceId": "eni-0f1cade7f5f296218",
+                                "OwnerId": "this",
+                                "PrivateIpAddress": "10.0.1.12",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateIpAddress": "10.0.1.12"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-0497a3766d329af60",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-332-ec2_instance_no_public_ip"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "this",
+                "ReservationId": "r-0158758f6a1af64db"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..dc74767d1
--- /dev/null
+++ b/tests/ecc-aws-332-ec2_instance_no_public_ip/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,169 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-004bf28d7e5cfae00",
+                        "InstanceId": "i-0994330ff0cf03006",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 4,
+                            "hour": 8,
+                            "minute": 40,
+                            "second": 19,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1a",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-10-0-1-128.ec2.internal",
+                        "PrivateIpAddress": "10.0.1.128",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "PublicIpAddress": "54.175.133.210",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-0b0e6223dc3fdd5a0",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 4,
+                                        "hour": 8,
+                                        "minute": 26,
+                                        "second": 37,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0df159aca9062b303"
+                                }
+                            }
+                        ],
+                        "ClientToken": "608C3B80-3D0B-419A-A70B-73411DFAC5EA",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "",
+                                    "PublicIp": "54.175.133.210"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 4,
+                                        "hour": 8,
+                                        "minute": 26,
+                                        "second": 36,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0e96eea80b8d314ae",
+                                    "DeleteOnTermination": false,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0e:ec:c7:ea:83:df",
+                                "NetworkInterfaceId": "eni-094a41f0adf31ecc8",
+                                "OwnerId": "this",
+                                "PrivateIpAddress": "10.0.1.128",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "",
+                                            "PublicIp": "54.175.133.210"
+                                        },
+                                        "Primary": true,
+                                        "PrivateIpAddress": "10.0.1.128"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-0b0e6223dc3fdd5a0",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-332-ec2_instance_no_public_ip"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "this",
+                "ReservationId": "r-0b44f003e1be82ce7"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-332-ec2_instance_no_public_ip/red_policy_test.py b/tests/ecc-aws-332-ec2_instance_no_public_ip/red_policy_test.py
new file mode 100644
index 000000000..a1d873b5c
--- /dev/null
+++ b/tests/ecc-aws-332-ec2_instance_no_public_ip/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['NetworkInterfaces'][0]['Association']['PublicIp'])
\ No newline at end of file
diff --git a/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcEndpoints_1.json b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcEndpoints_1.json
new file mode 100644
index 000000000..9408321a4
--- /dev/null
+++ b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcEndpoints_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcEndpoints": [
+            {
+                "VpcEndpointId": "vpce-0bb7e0efa735c6138",
+                "VpcEndpointType": "Interface",
+                "VpcId": "vpc-12345asdfg",
+                "ServiceName": "com.amazonaws.us-east-1.ec2",
+                "State": "available",
+                "PolicyDocument": "{\n  \"Statement\": [\n    {\n      \"Action\": \"*\", \n      \"Effect\": \"Allow\", \n      \"Principal\": \"*\", \n      \"Resource\": \"*\"\n    }\n  ]\n}",
+                "RouteTableIds": [],
+                "SubnetIds": [],
+                "Groups": [
+                    {
+                        "GroupId": "sg-1234567asdfg",
+                        "GroupName": "333_security_group_green"
+                    }
+                ],
+                "PrivateDnsEnabled": false,
+                "RequesterManaged": false,
+                "NetworkInterfaceIds": [],
+                "DnsEntries": [],
+                "CreationTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 8,
+                    "minute": 14,
+                    "second": 55,
+                    "microsecond": 100000
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-333-ec2_service_use_vpc_endpoints"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcs_1.json b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..54085865f
--- /dev/null
+++ b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-green/ec2.DescribeVpcs_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "10.0.0.0/16",
+                "DhcpOptionsId": "dopt-bc2559c6",
+                "State": "available",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-0e9dcf1be446ebff5",
+                        "CidrBlock": "10.0.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": false,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "333_vpc_green"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-333-ec2_service_use_vpc_endpoints"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcEndpoints_1.json b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcEndpoints_1.json
new file mode 100644
index 000000000..a05c33650
--- /dev/null
+++ b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcEndpoints_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcEndpoints": [
+            {
+                "VpcEndpointId": "vpce-0b52372026eabcb8f",
+                "VpcEndpointType": "Interface",
+                "VpcId": "vpc-12345asdfg",
+                "ServiceName": "com.amazonaws.us-east-1.s3",
+                "State": "available",
+                "PolicyDocument": "{\n  \"Statement\": [\n    {\n      \"Action\": \"*\", \n      \"Effect\": \"Allow\", \n      \"Principal\": \"*\", \n      \"Resource\": \"*\"\n    }\n  ]\n}",
+                "RouteTableIds": [],
+                "SubnetIds": [],
+                "Groups": [
+                    {
+                        "GroupId": "sg-1234567asdfg",
+                        "GroupName": "333_security_group_red"
+                    }
+                ],
+                "PrivateDnsEnabled": false,
+                "RequesterManaged": false,
+                "NetworkInterfaceIds": [],
+                "DnsEntries": [],
+                "CreationTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 8,
+                    "minute": 30,
+                    "second": 3,
+                    "microsecond": 944000
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-333-ec2_service_use_vpc_endpoints"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcs_1.json b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..23ee23843
--- /dev/null
+++ b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/placebo-red/ec2.DescribeVpcs_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "10.0.0.0/16",
+                "DhcpOptionsId": "dopt-bc2559c6",
+                "State": "available",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-0e4ac67bc3418256b",
+                        "CidrBlock": "10.0.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": false,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-333-ec2_service_use_vpc_endpoints"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "333_vpc_red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/red_policy_test.py b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/red_policy_test.py
new file mode 100644
index 000000000..2f6c5b271
--- /dev/null
+++ b/tests/ecc-aws-333-ec2_service_use_vpc_endpoints/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        vpc_id = resources[0]['VpcId']
+        vpc_endpoints = local_session.client("ec2").describe_vpc_endpoints(Filters=[{'Name':'vpc-id','Values':[vpc_id]}])
+        base_test.assertNotEqual(vpc_endpoints['VpcEndpoints'][0]['ServiceName'],'com.amazonaws.us-east-1.ec2')
\ No newline at end of file
diff --git a/tests/ecc-aws-334-vpc_unused_network_acl/placebo-green/ec2.DescribeNetworkAcls_1.json b/tests/ecc-aws-334-vpc_unused_network_acl/placebo-green/ec2.DescribeNetworkAcls_1.json
new file mode 100644
index 000000000..5f98dfe17
--- /dev/null
+++ b/tests/ecc-aws-334-vpc_unused_network_acl/placebo-green/ec2.DescribeNetworkAcls_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkAcls": [
+            {
+                "Associations": [
+                    {
+                        "NetworkAclAssociationId": "aclassoc-0dd399e58bf9da66c",
+                        "NetworkAclId": "acl-001e2831dba9dbd35",
+                        "SubnetId": "subnet-05540e2f32a1b8ff8"
+                    }
+                ],
+                "Entries": [
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": true,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    },
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": false,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    }
+                ],
+                "IsDefault": false,
+                "NetworkAclId": "acl-001e2831dba9dbd35",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-334-vpc_unused_network_acl"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "this"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-334-vpc_unused_network_acl/placebo-red/ec2.DescribeNetworkAcls_1.json b/tests/ecc-aws-334-vpc_unused_network_acl/placebo-red/ec2.DescribeNetworkAcls_1.json
new file mode 100644
index 000000000..df44d8acc
--- /dev/null
+++ b/tests/ecc-aws-334-vpc_unused_network_acl/placebo-red/ec2.DescribeNetworkAcls_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkAcls": [
+            {
+                "Associations": [],
+                "Entries": [
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": true,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    },
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": false,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    }
+                ],
+                "IsDefault": false,
+                "NetworkAclId": "acl-08075389d63839a9b",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-334-vpc_unused_network_acl"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "this"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-334-vpc_unused_network_acl/red_policy_test.py b/tests/ecc-aws-334-vpc_unused_network_acl/red_policy_test.py
new file mode 100644
index 000000000..70cd571b2
--- /dev/null
+++ b/tests/ecc-aws-334-vpc_unused_network_acl/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Associations'])
\ No newline at end of file
diff --git a/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..11d6d33d0
--- /dev/null
+++ b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,162 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-0f1c25aaab10dcbb1",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 26,
+                            "hour": 13,
+                            "minute": 13,
+                            "second": 40,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1a",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-10-0-1-100.ec2.internal",
+                        "PrivateIpAddress": "10.0.1.100",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-10-26 13:14:52 GMT)",
+                        "SubnetId": "subnet-05f28c47728fd1893",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 26,
+                                        "hour": 13,
+                                        "minute": 13,
+                                        "second": 42,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0d8d91166eb042e78"
+                                }
+                            }
+                        ],
+                        "ClientToken": "9640B4B1-2BAE-4F56-BA71-724C4E92FF38",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 26,
+                                        "hour": 13,
+                                        "minute": 13,
+                                        "second": 40,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-09a3e5bd721bb58d0",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0e:ad:50:7a:c4:83",
+                                "NetworkInterfaceId": "eni-066ceca691c79c573",
+                                "OwnerId": "this",
+                                "PrivateIpAddress": "10.0.1.100",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateIpAddress": "10.0.1.100"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-05f28c47728fd1893",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-335-ec2_instance_should_not_use_multiple_eni"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "this",
+                "ReservationId": "r-0900cde2d0d6c0e0e"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..ad24c2a6f
--- /dev/null
+++ b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,204 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-05f7efcfb2b4ee118",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 26,
+                            "hour": 13,
+                            "minute": 8,
+                            "second": 13,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1a",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-10-0-1-167.ec2.internal",
+                        "PrivateIpAddress": "10.0.1.167",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2021-10-26 13:14:30 GMT)",
+                        "SubnetId": "subnet-02821aa0903914675",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 26,
+                                        "hour": 13,
+                                        "minute": 8,
+                                        "second": 14,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-079d0af76a8f243b4"
+                                }
+                            }
+                        ],
+                        "ClientToken": "90620387-D95D-43A3-A306-A41717739251",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 26,
+                                        "hour": 13,
+                                        "minute": 8,
+                                        "second": 13,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-040f63580327aaf12",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0e:87:da:ae:fa:b1",
+                                "NetworkInterfaceId": "eni-0654d0304b145e70b",
+                                "OwnerId": "111111111111",
+                                "PrivateIpAddress": "10.0.1.167",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateIpAddress": "10.0.1.167"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-02821aa0903914675",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            },
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 26,
+                                        "hour": 13,
+                                        "minute": 10,
+                                        "second": 40,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-03e7d1e7b0dfd8c0b",
+                                    "DeleteOnTermination": false,
+                                    "DeviceIndex": 1,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0e:94:6a:a7:a2:97",
+                                "NetworkInterfaceId": "eni-07c8211cf8c22648e",
+                                "OwnerId": "111111111111",
+                                "PrivateIpAddress": "10.0.1.49",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateIpAddress": "10.0.1.49"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-02821aa0903914675",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-335-ec2_instance_should_not_use_multiple_eni"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-05347ecb780b4693b"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red_policy_test.py b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red_policy_test.py
new file mode 100644
index 000000000..7332ef600
--- /dev/null
+++ b/tests/ecc-aws-335-ec2_instance_should_not_use_multiple_eni/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):                                                              
+                                                                                       
+    def test_resources_with_client(self, base_test, resources, local_session):         
+        base_test.assertEqual(len(resources), 1)                                       
+        base_test.assertEqual(resources[0]['NetworkInterfaces'][1]['Status'], "in-use")
\ No newline at end of file
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..fe3c3aeeb
--- /dev/null
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,58 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/336_ecs_task_definition_green:2",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "user": "test",
+                    "privileged": true
+                }
+            ],
+            "family": "336_ecs_task_definition_green",
+            "networkMode": "host",
+            "revision": 2,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.privileged-container"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ]
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..94176db32
--- /dev/null
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/336_ecs_task_definition_green:2"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..83a2a1984
--- /dev/null
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,55 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/336_ecs_task_definition_red:1",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "user": "root",
+                    "privileged": false
+                }
+            ],
+            "family": "336_ecs_task_definition_red",
+            "networkMode": "host",
+            "revision": 1,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ]
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..807af1d3c
--- /dev/null
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/336_ecs_task_definition_red:1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red_policy_test.py b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red_policy_test.py
new file mode 100644
index 000000000..1f2d61634
--- /dev/null
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['networkMode'], 'host')
+        base_test.assertEqual(resources[0]['containerDefinitions'][0]['user'], 'root')
+        base_test.assertEqual(resources[0]['containerDefinitions'][0]['privileged'], False)
\ No newline at end of file
diff --git a/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..c91e25aab
--- /dev/null
+++ b/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "this",
+                "CreationToken": "337_efs_green",
+                "FileSystemId": "fs-0c0b6185d03a22bff",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:this:file-system/fs-0c0b6185d03a22bff",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 9,
+                    "minute": 24,
+                    "second": 26,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:this:key/f1222765-672a-4ed9-9390-5dad09bbfd84",
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-337-efs_in_backup_plan"
+                    },
+                    {
+                        "Key": "aws:elasticfilesystem:default-backup",
+                        "Value": "enabled"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..538f971bb
--- /dev/null
+++ b/tests/ecc-aws-337-efs_in_backup_plan/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:this:file-system/fs-0c0b6185d03a22bff",
+                "Tags": [
+                    {
+                        "Key": "aws:elasticfilesystem:default-backup",
+                        "Value": "enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-337-efs_in_backup_plan"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..e91c7c767
--- /dev/null
+++ b/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "this",
+                "CreationToken": "337_efs_red",
+                "FileSystemId": "fs-0eb3a2ed1d5cb4803",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:this:file-system/fs-0eb3a2ed1d5cb4803",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 9,
+                    "minute": 23,
+                    "second": 29,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:this:key/f1222765-672a-4ed9-9390-5dad09bbfd84",
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-337-efs_in_backup_plan"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..adafd7da8
--- /dev/null
+++ b/tests/ecc-aws-337-efs_in_backup_plan/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticfilesystem:us-east-1:this:file-system/fs-0eb3a2ed1d5cb4803",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-337-efs_in_backup_plan"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-337-efs_in_backup_plan/red_policy_test.py b/tests/ecc-aws-337-efs_in_backup_plan/red_policy_test.py
new file mode 100644
index 000000000..11d0d7bd4
--- /dev/null
+++ b/tests/ecc-aws-337-efs_in_backup_plan/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['Tags'][0]['Key'], "aws:elasticfilesystem:default-backup")
+        base_test.assertNotEqual(resources[0]['Tags'][1]['Key'], "aws:elasticfilesystem:default-backup")
+        base_test.assertLess(len(resources[0]['Tags']), 3)
\ No newline at end of file
diff --git a/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
new file mode 100644
index 000000000..d76802b99
--- /dev/null
+++ b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "Environments": [
+            {
+                "EnvironmentName": "environment-338-green",
+                "EnvironmentId": "e-nmwqqayinw",
+                "ApplicationName": "338_application_green",
+                "SolutionStackName": "64bit Amazon Linux 2 v3.3.7 running Python 3.8",
+                "PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.3.7",
+                "EndpointURL": "awseb-e-n-AWSEBLoa-NZMS8PTH0OJT-1577978758.us-east-1.elb.amazonaws.com",
+                "CNAME": "environment-338-green.eba-y3fgxyzw.us-east-1.elasticbeanstalk.com",
+                "DateCreated": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 45,
+                    "second": 4,
+                    "microsecond": 542000
+                },
+                "DateUpdated": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 47,
+                    "second": 20,
+                    "microsecond": 303000
+                },
+                "Status": "Ready",
+                "AbortableOperationInProgress": false,
+                "Health": "Green",
+                "HealthStatus": "Ok",
+                "Tier": {
+                    "Name": "WebServer",
+                    "Type": "Standard",
+                    "Version": "1.0"
+                },
+                "EnvironmentLinks": [],
+                "EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/338_application_green/environment-338-green"
+            }            
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.ListTagsForResource_1.json b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
new file mode 100644
index 000000000..4e2cc1845
--- /dev/null
+++ b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/338_application_green/environment-338-green",
+        "ResourceTags": [
+            {
+                "Key": "elasticbeanstalk:environment-id",
+                "Value": "e-nmwqqayinw"
+            },
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "elasticbeanstalk:environment-name",
+                "Value": "environment-338-green"
+            },
+            {
+                "Key": "Name",
+                "Value": "environment-338-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
new file mode 100644
index 000000000..c3b9f1fc8
--- /dev/null
+++ b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Environments": [
+            {
+                "EnvironmentName": "environment-338-red",
+                "EnvironmentId": "e-n6dgqimezz",
+                "ApplicationName": "338_application_red",
+                "SolutionStackName": "64bit Amazon Linux 2 v3.3.7 running Python 3.8",
+                "PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.3.7",
+                "EndpointURL": "awseb-e-n-AWSEBLoa-6UR3NW7I3VRY-1692350973.us-east-1.elb.amazonaws.com",
+                "CNAME": "environment-338-red.eba-nrtqmynx.us-east-1.elasticbeanstalk.com",
+                "DateCreated": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 16,
+                    "second": 57,
+                    "microsecond": 587000
+                },
+                "DateUpdated": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 24,
+                    "second": 44,
+                    "microsecond": 878000
+                },
+                "Status": "Ready",
+                "AbortableOperationInProgress": false,
+                "Health": "Green",
+                "Tier": {
+                    "Name": "WebServer",
+                    "Type": "Standard",
+                    "Version": "1.0"
+                },
+                "EnvironmentLinks": [],
+                "EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/338_application_red/environment-338-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.ListTagsForResource_1.json b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
new file mode 100644
index 000000000..4a8b464a7
--- /dev/null
+++ b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/338_application_red/environment-338-red",
+        "ResourceTags": [
+            {
+                "Key": "elasticbeanstalk:environment-id",
+                "Value": "e-n6dgqimezz"
+            },
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "elasticbeanstalk:environment-name",
+                "Value": "environment-338-red"
+            },
+            {
+                "Key": "Name",
+                "Value": "environment-338-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red_policy_test.py b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red_policy_test.py
new file mode 100644
index 000000000..37e87bbe0
--- /dev/null
+++ b/tests/ecc-aws-338-elastic_beanstalk_enhanced_health_reporting_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('HealthStatus', resources[0] )
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..ac6bbd44f
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": "339-bucket-green"
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..c2d46e1eb
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-339-green/7ff4896ae00696b5",
+                "DNSName": "internal-alb-339-green-497525673.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 16,
+                    "minute": 24,
+                    "second": 30,
+                    "microsecond": 480000
+                },
+                "LoadBalancerName": "alb-339-green",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0841490fc5ffec1f8",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-088ef4b408c8ae646",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-08072b741bec53af0"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..dbb39c4b7
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-339-green/7ff4896ae00696b5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-339-alb_drop_invalid_http_header"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..fc9bc6e73
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": "339-bucket-red"
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..3e3a9f106
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-339-red/7ff4896ae00696b5",
+                "DNSName": "internal-alb-339-red-497525673.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 16,
+                    "minute": 24,
+                    "second": 30,
+                    "microsecond": 480000
+                },
+                "LoadBalancerName": "alb-339-red",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0841490fc5ffec1f8",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-088ef4b408c8ae646",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-08072b741bec53af0"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..b3804bae5
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-339-red/7ff4896ae00696b5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-339-alb_drop_invalid_http_header"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-339-alb_drop_invalid_http_header/red_policy_test.py b/tests/ecc-aws-339-alb_drop_invalid_http_header/red_policy_test.py
new file mode 100644
index 000000000..3bf0bf58b
--- /dev/null
+++ b/tests/ecc-aws-339-alb_drop_invalid_http_header/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Attributes']['routing.http.drop_invalid_header_fields.enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..3468dc1f1
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": ""
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..0b1a36947
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-341-green/de0fbccdf3455b6f",
+                "DNSName": "internal-alb-341-green-2000904576.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 7,
+                    "minute": 54,
+                    "second": 40,
+                    "microsecond": 240000
+                },
+                "LoadBalancerName": "alb-341-green",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-089f1ab9d0682740f",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-09cb67bd27a547951",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-0204ac1ed140f243f"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..af193b2ca
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-341-green/de0fbccdf3455b6f",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-341-alb_deletion_protection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..5c8e5c343
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": ""
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..a01b4410b
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-341-Red/88fb9c463f4888e4",
+                "DNSName": "internal-alb-341-Red-341002715.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 11,
+                    "second": 21,
+                    "microsecond": 950000
+                },
+                "LoadBalancerName": "alb-341-Red",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-01bd6251095ebf56b",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-063c73ed52507ad7f",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-02f4981f176781f7b"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..673380aa0
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-341-Red/88fb9c463f4888e4",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-341-alb_deletion_protection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-341-elb_deletion_protection_enabled/red_policy_test.py b/tests/ecc-aws-341-elb_deletion_protection_enabled/red_policy_test.py
new file mode 100644
index 000000000..af58b618b
--- /dev/null
+++ b/tests/ecc-aws-341-elb_deletion_protection_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Attributes']['deletion_protection.enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeListeners_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeListeners_1.json
new file mode 100644
index 000000000..efc62833a
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeListeners_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "Listeners": [
+            {
+                "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:listener/app/alb-342-green/939112af1a930959/84ad3c5b9abd0631",
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-342-green/939112af1a930959",
+                "Port": 80,
+                "Protocol": "HTTP",
+                "DefaultActions": [
+                    {
+                        "Type": "redirect",
+                        "Order": 1,
+                        "RedirectConfig": {
+                            "Protocol": "HTTPS",
+                            "Port": "443",
+                            "Host": "#{host}",
+                            "Path": "/#{path}",
+                            "Query": "#{query}",
+                            "StatusCode": "HTTP_301"
+                        }
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..952e29e51
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-342-green/939112af1a930959",
+                "DNSName": "internal-alb-342-green-419168343.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 12,
+                    "minute": 14,
+                    "second": 3,
+                    "microsecond": 920000
+                },
+                "LoadBalancerName": "alb-342-green",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-090ac6b7a58cf3c3d",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0d22f576c98b7f6a5",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-00d7c1eb8de35fbec"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..52f8dcc77
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:this:loadbalancer/app/alb-342-green/939112af1a930959",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-342-alb_http_to_https_redirection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeListeners_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeListeners_1.json
new file mode 100644
index 000000000..dd1247bea
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeListeners_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "Listeners": [
+            {
+                "ListenerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:listener/app/alb-342-red/bf801c58c4331723/ef084f660110bcb9",
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-342-red/bf801c58c4331723",
+                "Port": 80,
+                "Protocol": "HTTP",
+                "DefaultActions": [
+                    {
+                        "Type": "redirect",
+                        "Order": 1,
+                        "RedirectConfig": {
+                            "Protocol": "HTTP",
+                            "Port": "81",
+                            "Host": "#{host}",
+                            "Path": "/#{path}",
+                            "Query": "#{query}",
+                            "StatusCode": "HTTP_301"
+                        }
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..60dcfa7bf
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-342-red/bf801c58c4331723",
+                "DNSName": "internal-alb-342-red-1799910585.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 2,
+                    "hour": 10,
+                    "minute": 15,
+                    "second": 13,
+                    "microsecond": 960000
+                },
+                "LoadBalancerName": "alb-342-red",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-074fb349fda9f2e69",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-0ed75736ff7674ef1",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-0b3c5b5a09a1d6a29"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..80d4083cd
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-342-red/bf801c58c4331723",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-342-alb_http_to_https_redirection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/red_policy_test.py b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/red_policy_test.py
new file mode 100644
index 000000000..7036e6b76
--- /dev/null
+++ b/tests/ecc-aws-342-alb_http_to_https_redirection_enabled/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]["c7n:MatchedListeners"][0]["Protocol"],"HTTP")
+        base_test.assertEqual(resources[0]["c7n:MatchedListeners"][0]["DefaultActions"][0]["Type"],"redirect")
+        base_test.assertNotEqual(resources[0]["c7n:MatchedListeners"][0]["DefaultActions"][0]["RedirectConfig"]["Protocol"],"HTTPS")
+        
\ No newline at end of file
diff --git a/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..0a1152e3a
--- /dev/null
+++ b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2J9C4X0KGRVUB",
+            "Name": "343_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 12,
+                        "hour": 9,
+                        "minute": 21,
+                        "second": 35,
+                        "microsecond": 79000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 12,
+                        "hour": 9,
+                        "minute": 32,
+                        "second": 37,
+                        "microsecond": 335000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-04ab0028716add8c7",
+                "RequestedEc2SubnetIds": [
+                    "subnet-04ab0028716add8c7"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/343_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-0a090e276ea6deaa8",
+                "EmrManagedSlaveSecurityGroup": "sg-0eb9bcf478a9dbc80",
+                "ServiceAccessSecurityGroup": "sg-055474ab7b139b32c",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Hadoop",
+                    "Version": "2.10.1"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-343-emr_master_nodes_no_public_ip"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/343_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "ip-10-0-1-201.ec2.internal",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2J9C4X0KGRVUB",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..eb3028dbf
--- /dev/null
+++ b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2J9C4X0KGRVUB",
+                "Name": "343_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 12,
+                            "hour": 9,
+                            "minute": 21,
+                            "second": 35,
+                            "microsecond": 79000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 12,
+                            "hour": 9,
+                            "minute": 32,
+                            "second": 37,
+                            "microsecond": 335000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2J9C4X0KGRVUB"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..82af3e73f
--- /dev/null
+++ b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-1VNANG9TXKIBU",
+            "Name": "343_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 12,
+                        "hour": 9,
+                        "minute": 29,
+                        "second": 24,
+                        "microsecond": 538000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 12,
+                        "hour": 9,
+                        "minute": 37,
+                        "second": 34,
+                        "microsecond": 164000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-0b191c948f7208653",
+                "RequestedEc2SubnetIds": [
+                    "subnet-0b191c948f7208653"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/343_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-0dcf87a402aca3b12",
+                "EmrManagedSlaveSecurityGroup": "sg-0dcf87a402aca3b12",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-343-emr_master_nodes_no_public_ip"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/343_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.162.35.169",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1VNANG9TXKIBU",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..779f6a06b
--- /dev/null
+++ b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-1VNANG9TXKIBU",
+                "Name": "343_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 12,
+                            "hour": 9,
+                            "minute": 29,
+                            "second": 24,
+                            "microsecond": 538000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 12,
+                            "hour": 9,
+                            "minute": 37,
+                            "second": 34,
+                            "microsecond": 164000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1VNANG9TXKIBU"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-343-emr_master_nodes_no_public_ip/red_policy_test.py b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/red_policy_test.py
new file mode 100644
index 000000000..e9b516651
--- /dev/null
+++ b/tests/ecc-aws-343-emr_master_nodes_no_public_ip/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn(resources[0]['Status']['State'], ['RUNNING', 'WAITING'])
+        base_test.assertRegexpMatches(resources[0]['MasterPublicDnsName'], "^([0-9]{1,3}\.){3}[0-9]{1,3}$")
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..d0731481a
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-344-green",
+                "DomainName": "domain-344-green",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-344-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-344-green-dzpeso3dm3fq57j25gr4whzswy.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 3,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": true
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..4067eb4c4
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-344-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListTags_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-green/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..63cc9422e
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-344-red",
+                "DomainName": "domain-344-red",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-344-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-344-red-guaucetx35o66xp7miz6ayzryq.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 2,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..c1164fb96
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-344-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListTags_1.json b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red_policy_test.py b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..8a8d7be3c
--- /dev/null
+++ b/tests/ecc-aws-344-elasticsearch_node_to_node_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['NodeToNodeEncryptionOptions']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..aef19eb54
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-345-green",
+                "DomainName": "domain-345-green",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-345-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-345-green-p6dcerqjhrkvls6wnbp2wob6sm.us-east-1.es.amazonaws.com",
+                "Processing": true,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "LogPublishingOptions": {
+                    "ES_APPLICATION_LOGS": {
+                        "Enabled": true
+                    },
+                    "INDEX_SLOW_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:this:log-group:loggroup-elasticsearch-345",
+                        "Enabled": true
+                    }
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..85c563476
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-345-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListTags_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-green/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..ad404e12a
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "this/domain-345-red",
+                "DomainName": "domain-345-red",
+                "ARN": "arn:aws:es:us-east-1:this:domain/domain-345-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-345-red-p6dcerqjhrkvls6wnbp2wob6sm.us-east-1.es.amazonaws.com",
+                "Processing": true,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "LogPublishingOptions": {
+                    "ES_APPLICATION_LOGS": {
+                        "Enabled": false
+                    },
+                    "INDEX_SLOW_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:this:log-group:loggroup-elasticsearch-345",
+                        "Enabled": true
+                    }
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20210816-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 6,
+                        "second": 15,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..add38adf5
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-345-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListTags_1.json b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/placebo-red/es.ListTags_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red_policy_test.py b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red_policy_test.py
new file mode 100644
index 000000000..37dea885a
--- /dev/null
+++ b/tests/ecc-aws-345-elasticsearch_error_logging_to_cloudwatch_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LogPublishingOptions']['ES_APPLICATION_LOGS']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..ccde95e3b
--- /dev/null
+++ b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211006072859470400000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database346green",
+                "Endpoint": {
+                    "Address": "terraform-20211006072859470400000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 32,
+                    "second": 56,
+                    "microsecond": 847000
+                },
+                "PreferredBackupWindow": "03:13-03:43",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:06:45-sun:07:15",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-OMBZ65NWCSM65XJCWIYSIKXCXI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 30,
+                "EnhancedMonitoringResourceArn": "arn:aws:logs:us-east-1:this:log-group:RDSOSMetrics:log-stream:db-OMBZ65NWCSM65XJCWIYSIKXCXI",
+                "MonitoringRoleArn": "arn:aws:iam::this:role/346-role-green",
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211006072859470400000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..cadc95bab
--- /dev/null
+++ b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20211006072859470400000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..99f26f5f8
--- /dev/null
+++ b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211006084128923900000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "stopping",
+                "MasterUsername": "root",
+                "DBName": "database346red",
+                "Endpoint": {
+                    "Address": "terraform-20211006084128923900000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 45,
+                    "second": 15,
+                    "microsecond": 766000
+                },
+                "PreferredBackupWindow": "09:27-09:57",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:10:16-thu:10:46",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-I7WMSS6X2SB5VE53MCTPMCBK7U",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211006084128923900000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..7f48d7338
--- /dev/null
+++ b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20211006084128923900000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-346-rds_instance_enhanced_monitoring_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red_policy_test.py b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red_policy_test.py
new file mode 100644
index 000000000..9e30cc520
--- /dev/null
+++ b/tests/ecc-aws-346-rds_instance_enhanced_monitoring_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse('EnhancedMonitoringResourceArn' in resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..1847a608d
--- /dev/null
+++ b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1f",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster347green",
+                "DBClusterIdentifier": "cluster-347-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 3,
+                    "second": 35,
+                    "microsecond": 790000
+                },
+                "Endpoint": "cluster-347-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-347-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 3,
+                    "second": 35,
+                    "microsecond": 790000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:24-04:54",
+                "PreferredMaintenanceWindow": "fri:09:30-fri:10:00",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-YLNF53TECHW7N44EE3TM7LYTSE",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-347-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 2,
+                    "second": 18,
+                    "microsecond": 270000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": true,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..bcb45c0c9
--- /dev/null
+++ b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-ylnf53techw7n44ee3tm7lytse",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-347-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..4e996b680
--- /dev/null
+++ b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster347red",
+                "DBClusterIdentifier": "cluster-347-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 11,
+                    "second": 4,
+                    "microsecond": 449000
+                },
+                "Endpoint": "cluster-347-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-347-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 11,
+                    "second": 4,
+                    "microsecond": 449000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "06:00-06:30",
+                "PreferredMaintenanceWindow": "wed:09:06-wed:09:36",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-FYNWTNZNWQRE43BFLFELAWQKCA",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-347-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 15,
+                    "minute": 9,
+                    "second": 16,
+                    "microsecond": 139000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6d814cbc1
--- /dev/null
+++ b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-347-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-fynwtnznwqre43bflfelawqkca",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-347-rds_cluster_deletion_protection_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/red_policy_test.py b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/red_policy_test.py
new file mode 100644
index 000000000..5aed4952c
--- /dev/null
+++ b/tests/ecc-aws-347-rds_cluster_deletion_protection_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['DeletionProtection'])
\ No newline at end of file
diff --git a/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..4c105a905
--- /dev/null
+++ b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,133 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211027104009590100000001",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database348green",
+                "Endpoint": {
+                    "Address": "terraform-20211027104009590100000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 10,
+                    "minute": 44,
+                    "second": 58,
+                    "microsecond": 638000
+                },
+                "PreferredBackupWindow": "06:34-07:04",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:05:19-thu:05:49",
+                "PendingModifiedValues": {},
+                "MultiAZ": true,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "SecondaryAvailabilityZone": "us-east-1d",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-G7FYEOQJNKWN5EKKZLVIA7GEQU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211027104009590100000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": true,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..b42ac3105
--- /dev/null
+++ b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,133 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211027105821338700000001",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database348red",
+                "Endpoint": {
+                    "Address": "terraform-20211027105821338700000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 11,
+                    "minute": 3,
+                    "second": 10,
+                    "microsecond": 964000
+                },
+                "PreferredBackupWindow": "08:32-09:02",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:06:03-sat:06:33",
+                "PendingModifiedValues": {},
+                "MultiAZ": true,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "SecondaryAvailabilityZone": "us-east-1d",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-4EUXMQTABIQZGOGZSBHRQ5PUEE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211027105821338700000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/red_policy_test.py b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/red_policy_test.py
new file mode 100644
index 000000000..f84238aac
--- /dev/null
+++ b/tests/ecc-aws-348-rds_instance_deletion_protection_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['DeletionProtection'])
\ No newline at end of file
diff --git a/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..33b82b372
--- /dev/null
+++ b/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,151 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211114085123222500000001",
+                "DBInstanceClass": "db.t3.small",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "configuring-log-exports",
+                "MasterUsername": "root",
+                "DBName": "GREEN349",
+                "Endpoint": {
+                    "Address": "terraform-20211114085123222500000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 14,
+                    "hour": 9,
+                    "minute": 1,
+                    "second": 19,
+                    "microsecond": 969000
+                },
+                "PreferredBackupWindow": "06:50-07:20",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.oracle-ee-19",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:05:50-fri:06:20",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "19.0.0.0.ru-2021-04.rur-2021-04.r1",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-19",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-4HL552FOHQESHHR2ROWDS5UZS4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20211114085123222500000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "alert",
+                    "audit",
+                    "listener",
+                    "trace"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-349-rds_oracle_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..713605980
--- /dev/null
+++ b/tests/ecc-aws-349-rds_oracle_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,150 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-349-red",
+                "DBInstanceClass": "db.t3.small",
+                "Engine": "oracle-se2",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED349",
+                "Endpoint": {
+                    "Address": "database-349-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 15,
+                    "hour": 7,
+                    "minute": 24,
+                    "second": 3,
+                    "microsecond": 106000
+                },
+                "PreferredBackupWindow": "06:08-06:38",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.oracle-se2-19",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:05:06-thu:05:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "19.0.0.0.ru-2021-04.rur-2021-04.r1",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-se2-19",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-3DNJZOQWBH5GLCLMRO7KKSF4KI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-349-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "alert",
+                    "audit",
+                    "listener"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-349-rds_oracle_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-349-rds_oracle_logging_enabled/red_policy_test.py b/tests/ecc-aws-349-rds_oracle_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..588eb6959
--- /dev/null
+++ b/tests/ecc-aws-349-rds_oracle_logging_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertRegexpMatches(resources[0]['Engine'], "oracle")
+        base_test.assertNotIn('trace',resources[0]['EnabledCloudwatchLogsExports'])
\ No newline at end of file
diff --git a/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..9abbdd669
--- /dev/null
+++ b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-350-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green350",
+                "Endpoint": {
+                    "Address": "database-350-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 12,
+                    "second": 42,
+                    "microsecond": 888000
+                },
+                "PreferredBackupWindow": "04:48-05:18",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-350-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:05:43-thu:06:13",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-OPWADYSDA5CGH34UUPKCZSMRDU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-350-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql",
+                    "upgrade"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-350-rds_postgresql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..885312395
--- /dev/null
+++ b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,1030 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "geqo_seed",
+                "Description": "GEQO: seed for random path selection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "geqo_selection_bias",
+                "Description": "GEQO: selective pressure within the population.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "1.5-2",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "geqo_threshold",
+                "Description": "Sets the threshold of FROM items beyond which GEQO is used.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "2-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "gin_fuzzy_search_limit",
+                "Description": "Sets the maximum allowed result for exact search by GIN.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "gin_pending_list_limit",
+                "Description": "(kB) Sets the maximum size of the pending list for GIN index.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hash_mem_multiplier",
+                "Description": "Multiple of work_mem to use for hash tables.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "1-1000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hba_file",
+                "ParameterValue": "/rdsdbdata/config/pg_hba.conf",
+                "Description": "Sets the servers hba configuration file.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hll.force_groupagg",
+                "Description": "Force group aggregation for hll",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hot_standby_feedback",
+                "Description": "Allows feedback from a hot standby to the primary that will avoid query conflicts.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "huge_pages",
+                "ParameterValue": "on",
+                "Description": "Use of huge pages on Linux.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "AllowedValues": "on,off",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "ident_file",
+                "ParameterValue": "/rdsdbdata/config/pg_ident.conf",
+                "Description": "Sets the servers ident configuration file.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "idle_in_transaction_session_timeout",
+                "ParameterValue": "86400000",
+                "Description": "(ms) Sets the maximum allowed duration of any idling transaction.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "ignore_invalid_pages",
+                "ParameterValue": "0",
+                "Description": "Continues recovery after an invalid pages failure.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "intervalstyle",
+                "Description": "Sets the display format for interval values.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "postgres,postgres_verbose,sql_standard,iso_8601",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit",
+                "ParameterValue": "0",
+                "Description": "Allow JIT compilation.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_above_cost",
+                "Description": "Perform JIT compilation if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_inline_above_cost",
+                "Description": "Perform JIT inlining if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_optimize_above_cost",
+                "Description": "Optimize JITed functions if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "join_collapse_limit",
+                "Description": "Sets the FROM-list size beyond which JOIN constructs are not flattened.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_messages",
+                "Description": "Sets the language in which messages are displayed.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_monetary",
+                "Description": "Sets the locale for formatting monetary amounts.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_numeric",
+                "Description": "Sets the locale for formatting numbers.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_time",
+                "Description": "Sets the locale for formatting date and time values.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "listen_addresses",
+                "ParameterValue": "*",
+                "Description": "Sets the host name or IP address(es) to listen to.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lo_compat_privileges",
+                "ParameterValue": "0",
+                "Description": "Enables backward compatibility mode for privilege checks on large objects.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_autovacuum_min_duration",
+                "ParameterValue": "10000",
+                "Description": "(ms) Sets the minimum execution time above which autovacuum actions will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_checkpoints",
+                "ParameterValue": "1",
+                "Description": "Logs each checkpoint.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_connections",
+                "Description": "Logs each successful connection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_destination",
+                "ParameterValue": "stderr",
+                "Description": "Sets the destination for server log output.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "stderr,csvlog",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_directory",
+                "ParameterValue": "/rdsdbdata/log/error",
+                "Description": "Sets the destination directory for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_disconnections",
+                "Description": "Logs end of a session, including duration.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_duration",
+                "Description": "Logs the duration of each completed SQL statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_error_verbosity",
+                "Description": "Sets the verbosity of logged messages.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "terse,default,verbose",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_executor_stats",
+                "Description": "Writes executor performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_file_mode",
+                "ParameterValue": "0644",
+                "Description": "Sets the file permissions for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_filename",
+                "ParameterValue": "postgresql.log.%Y-%m-%d-%H",
+                "Description": "Sets the file name pattern for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "postgresql.log.%Y-%m-%d,postgresql.log.%Y-%m-%d-%H",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "logging_collector",
+                "ParameterValue": "1",
+                "Description": "Start a subprocess to capture stderr output and/or csvlogs into log files.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_hostname",
+                "Description": "Logs the host name in the connection logs.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "logical_decoding_work_mem",
+                "Description": "(kB) Sets the maximum memory to be used for logical decoding.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_line_prefix",
+                "ParameterValue": "%t:%r:%u@%d:[%p]:",
+                "Description": "Controls information prefixed to each log line.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_lock_waits",
+                "Description": "Logs long lock waits.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_duration_sample",
+                "Description": "(ms) Sets the minimum execution time above which a sample of statements will be logged. Sampling is determined by log_statement_sample_rate.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_duration_statement",
+                "ParameterValue": "1",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_error_statement",
+                "Description": "Causes all statements generating error at or above this level to be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal,panic",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_messages",
+                "Description": "Sets the message levels that are logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parameter_max_length",
+                "Description": "When logging statements, limit logged parameter values to first N bytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-1073741823",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parameter_max_length_on_error",
+                "Description": "When reporting an error, limit logged parameter values to first N bytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-1073741823",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parser_stats",
+                "Description": "Writes parser performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_planner_stats",
+                "Description": "Writes planner performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_replication_commands",
+                "Description": "Logs each replication command.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_age",
+                "ParameterValue": "60",
+                "Description": "(min) Automatic log file rotation will occur after N minutes.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-1440",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_size",
+                "Description": "(kB) Automatic log file rotation will occur after N kilobytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2097151",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_statement_sample_rate",
+                "Description": "Fraction of statements exceeding log_min_duration_sample to be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_statement_stats",
+                "Description": "Writes cumulative performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_temp_files",
+                "Description": "(kB) Log the use of temporary files larger than this number of kilobytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_timezone",
+                "ParameterValue": "UTC",
+                "Description": "Sets the time zone to use in log messages.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_transaction_sample_rate",
+                "Description": "Set the fraction of transactions to log for new transactions.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0.0-1.0",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_truncate_on_rotation",
+                "ParameterValue": "0",
+                "Description": "Truncate existing log files of same name during log rotation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "maintenance_io_concurrency",
+                "Description": "A variant of effective_io_concurrency that is used for maintenance work.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "maintenance_work_mem",
+                "ParameterValue": "GREATEST({DBInstanceClassMemory*1024/63963136},65536)",
+                "Description": "(kB) Sets the maximum memory to be used for maintenance operations.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1024-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_connections",
+                "ParameterValue": "LEAST({DBInstanceClassMemory/9531392},5000)",
+                "Description": "Sets the maximum number of concurrent connections.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "6-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_files_per_process",
+                "Description": "Sets the maximum number of simultaneously open files for each server process.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_locks_per_transaction",
+                "ParameterValue": "64",
+                "Description": "Sets the maximum number of locks per transaction.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "10-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_logical_replication_workers",
+                "Description": "Maximum number of logical replication worker processes.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_maintenance_workers",
+                "Description": "Sets the maximum number of parallel processes per maintenance operation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_workers",
+                "ParameterValue": "GREATEST(${DBInstanceVCPU/2},8)",
+                "Description": "Sets the maximum number of parallel workers than can be active at one time.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_workers_per_gather",
+                "Description": "Sets the maximum number of parallel processes per executor node.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_page",
+                "Description": "Sets the maximum number of predicate-locked tuples per page.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_relation",
+                "Description": "Sets the maximum number of predicate-locked pages and tuples per relation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-2147483648-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_transaction",
+                "Description": "Sets the maximum number of predicate locks per transaction.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "10-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_prepared_transactions",
+                "ParameterValue": "0",
+                "Description": "Sets the maximum number of simultaneously prepared transactions.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_replication_slots",
+                "ParameterValue": "20",
+                "Description": "Sets the maximum number of replication slots that the server can support.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "5-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_slot_wal_keep_size",
+                "Description": "(MB) Sets the maximum WAL size that can be reserved by replication slots.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_stack_depth",
+                "ParameterValue": "6144",
+                "Description": "(kB) Sets the maximum stack depth, in kilobytes.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "100-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_standby_archive_delay",
+                "Description": "(ms) Sets the maximum delay before canceling queries when a hot standby server is processing archived WAL data.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_standby_streaming_delay",
+                "Description": "(ms) Sets the maximum delay before canceling queries when a hot standby server is processing streamed WAL data.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_sync_workers_per_subscription",
+                "Description": "Maximum number of synchronization workers per subscription",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_wal_senders",
+                "ParameterValue": "20",
+                "Description": "Sets the maximum number of simultaneously running WAL sender processes.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "5-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_wal_size",
+                "ParameterValue": "2048",
+                "Description": "(MB) Sets the WAL size that triggers a checkpoint.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "128-201326592",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_worker_processes",
+                "ParameterValue": "GREATEST(${DBInstanceVCPU*2},8)",
+                "Description": "Sets the maximum number of concurrent worker processes.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_parallel_index_scan_size",
+                "Description": "(8kB) Sets the minimum amount of index data for a parallel scan.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-715827882",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_parallel_table_scan_size",
+                "Description": "(8kB) Sets the minimum amount of table data for a parallel scan.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-715827882",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_wal_size",
+                "ParameterValue": "192",
+                "Description": "(MB) Sets the minimum size to shrink the WAL to.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "128-201326592",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "old_snapshot_threshold",
+                "Description": "(min) Time before a snapshot is too old to read pages changed after the snapshot was taken.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "-1-86400",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "operator_precedence_warning",
+                "Description": "Emit a warning for constructs that changed meaning since PostgreSQL 9.4.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "orafce.nls_date_format",
+                "Description": "Emulate oracle's date output behaviour.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "orafce.timezone",
+                "Description": "Specify timezone used for sysdate function.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_leader_participation",
+                "Description": "Controls whether Gather and Gather Merge also run subplans.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_setup_cost",
+                "Description": "Sets the planner's estimate of the cost of starting up worker processes for parallel query.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_tuple_cost",
+                "Description": "Sets the planner's estimate of the cost of passing each tuple (row) from worker to master backend.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "password_encryption",
+                "ParameterValue": "md5",
+                "Description": "Encrypt passwords.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "md5,scram-sha-256",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log",
+                "Description": "Specifies which classes of statements will be logged by session audit logging.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "list",
+                "AllowedValues": "ddl,function,misc,read,role,write,none,all,-ddl,-function,-misc,-read,-role,-write",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_catalog",
+                "Description": "Specifies that session logging should be enabled in the case where all relations in a statement are in pg_catalog.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_level",
+                "Description": "Specifies the log level that will be used for log entries.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,log",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_parameter",
+                "Description": "Specifies that audit logging should include the parameters that were passed with the statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_relation",
+                "Description": "Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_statement_once",
+                "Description": "Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.role",
+                "Description": "Specifies the master role to use for object audit logging.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "rds_pgaudit",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pg_bigm.enable_recheck",
+                "ParameterValue": "on",
+                "Description": "It specifies whether to perform Recheck which is an internal process of full text search.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "on,off",
+                "IsModifiable": true,
+                "MinimumEngineVersion": "13.2",
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..ac68c66c5
--- /dev/null
+++ b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-350-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red350",
+                "Endpoint": {
+                    "Address": "database-350-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 18,
+                    "hour": 10,
+                    "minute": 45,
+                    "second": 30,
+                    "microsecond": 280000
+                },
+                "PreferredBackupWindow": "08:58-09:28",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-350-red",
+                        "ParameterApplyStatus": "pending-reboot"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:05:59-thu:06:29",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-HXSN33G366ZYBTXPWQ2TXXF5AU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-350-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-350-rds_postgresql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..c2cfae541
--- /dev/null
+++ b/tests/ecc-aws-350-rds_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,1029 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "geqo_seed",
+                "Description": "GEQO: seed for random path selection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "geqo_selection_bias",
+                "Description": "GEQO: selective pressure within the population.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "1.5-2",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "geqo_threshold",
+                "Description": "Sets the threshold of FROM items beyond which GEQO is used.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "2-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "gin_fuzzy_search_limit",
+                "Description": "Sets the maximum allowed result for exact search by GIN.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "gin_pending_list_limit",
+                "Description": "(kB) Sets the maximum size of the pending list for GIN index.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hash_mem_multiplier",
+                "Description": "Multiple of work_mem to use for hash tables.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "1-1000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hba_file",
+                "ParameterValue": "/rdsdbdata/config/pg_hba.conf",
+                "Description": "Sets the servers hba configuration file.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hll.force_groupagg",
+                "Description": "Force group aggregation for hll",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "hot_standby_feedback",
+                "Description": "Allows feedback from a hot standby to the primary that will avoid query conflicts.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "huge_pages",
+                "ParameterValue": "on",
+                "Description": "Use of huge pages on Linux.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "AllowedValues": "on,off",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "ident_file",
+                "ParameterValue": "/rdsdbdata/config/pg_ident.conf",
+                "Description": "Sets the servers ident configuration file.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "idle_in_transaction_session_timeout",
+                "ParameterValue": "86400000",
+                "Description": "(ms) Sets the maximum allowed duration of any idling transaction.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "ignore_invalid_pages",
+                "ParameterValue": "0",
+                "Description": "Continues recovery after an invalid pages failure.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "intervalstyle",
+                "Description": "Sets the display format for interval values.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "postgres,postgres_verbose,sql_standard,iso_8601",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit",
+                "ParameterValue": "0",
+                "Description": "Allow JIT compilation.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_above_cost",
+                "Description": "Perform JIT compilation if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_inline_above_cost",
+                "Description": "Perform JIT inlining if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "jit_optimize_above_cost",
+                "Description": "Optimize JITed functions if query is more expensive.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "-1-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "join_collapse_limit",
+                "Description": "Sets the FROM-list size beyond which JOIN constructs are not flattened.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_messages",
+                "Description": "Sets the language in which messages are displayed.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_monetary",
+                "Description": "Sets the locale for formatting monetary amounts.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_numeric",
+                "Description": "Sets the locale for formatting numbers.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lc_time",
+                "Description": "Sets the locale for formatting date and time values.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "listen_addresses",
+                "ParameterValue": "*",
+                "Description": "Sets the host name or IP address(es) to listen to.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "lo_compat_privileges",
+                "ParameterValue": "0",
+                "Description": "Enables backward compatibility mode for privilege checks on large objects.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_autovacuum_min_duration",
+                "ParameterValue": "10000",
+                "Description": "(ms) Sets the minimum execution time above which autovacuum actions will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_checkpoints",
+                "ParameterValue": "1",
+                "Description": "Logs each checkpoint.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_connections",
+                "Description": "Logs each successful connection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_destination",
+                "ParameterValue": "stderr",
+                "Description": "Sets the destination for server log output.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "stderr,csvlog",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_directory",
+                "ParameterValue": "/rdsdbdata/log/error",
+                "Description": "Sets the destination directory for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_disconnections",
+                "Description": "Logs end of a session, including duration.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_duration",
+                "Description": "Logs the duration of each completed SQL statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_error_verbosity",
+                "Description": "Sets the verbosity of logged messages.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "terse,default,verbose",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_executor_stats",
+                "Description": "Writes executor performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_file_mode",
+                "ParameterValue": "0644",
+                "Description": "Sets the file permissions for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_filename",
+                "ParameterValue": "postgresql.log.%Y-%m-%d-%H",
+                "Description": "Sets the file name pattern for log files.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "postgresql.log.%Y-%m-%d,postgresql.log.%Y-%m-%d-%H",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "logging_collector",
+                "ParameterValue": "1",
+                "Description": "Start a subprocess to capture stderr output and/or csvlogs into log files.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_hostname",
+                "Description": "Logs the host name in the connection logs.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "logical_decoding_work_mem",
+                "Description": "(kB) Sets the maximum memory to be used for logical decoding.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_line_prefix",
+                "ParameterValue": "%t:%r:%u@%d:[%p]:",
+                "Description": "Controls information prefixed to each log line.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_lock_waits",
+                "Description": "Logs long lock waits.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_duration_sample",
+                "Description": "(ms) Sets the minimum execution time above which a sample of statements will be logged. Sampling is determined by log_statement_sample_rate.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_duration_statement",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_error_statement",
+                "Description": "Causes all statements generating error at or above this level to be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal,panic",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_min_messages",
+                "Description": "Sets the message levels that are logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parameter_max_length",
+                "Description": "When logging statements, limit logged parameter values to first N bytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-1073741823",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parameter_max_length_on_error",
+                "Description": "When reporting an error, limit logged parameter values to first N bytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-1073741823",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_parser_stats",
+                "Description": "Writes parser performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_planner_stats",
+                "Description": "Writes planner performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_replication_commands",
+                "Description": "Logs each replication command.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_age",
+                "ParameterValue": "60",
+                "Description": "(min) Automatic log file rotation will occur after N minutes.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-1440",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_size",
+                "Description": "(kB) Automatic log file rotation will occur after N kilobytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2097151",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_statement_sample_rate",
+                "Description": "Fraction of statements exceeding log_min_duration_sample to be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_statement_stats",
+                "Description": "Writes cumulative performance statistics to the server log.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_temp_files",
+                "Description": "(kB) Log the use of temporary files larger than this number of kilobytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_timezone",
+                "ParameterValue": "UTC",
+                "Description": "Sets the time zone to use in log messages.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_transaction_sample_rate",
+                "Description": "Set the fraction of transactions to log for new transactions.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0.0-1.0",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_truncate_on_rotation",
+                "ParameterValue": "0",
+                "Description": "Truncate existing log files of same name during log rotation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "maintenance_io_concurrency",
+                "Description": "A variant of effective_io_concurrency that is used for maintenance work.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "maintenance_work_mem",
+                "ParameterValue": "GREATEST({DBInstanceClassMemory*1024/63963136},65536)",
+                "Description": "(kB) Sets the maximum memory to be used for maintenance operations.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1024-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_connections",
+                "ParameterValue": "LEAST({DBInstanceClassMemory/9531392},5000)",
+                "Description": "Sets the maximum number of concurrent connections.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "6-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_files_per_process",
+                "Description": "Sets the maximum number of simultaneously open files for each server process.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "64-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_locks_per_transaction",
+                "ParameterValue": "64",
+                "Description": "Sets the maximum number of locks per transaction.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "10-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_logical_replication_workers",
+                "Description": "Maximum number of logical replication worker processes.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_maintenance_workers",
+                "Description": "Sets the maximum number of parallel processes per maintenance operation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_workers",
+                "ParameterValue": "GREATEST(${DBInstanceVCPU/2},8)",
+                "Description": "Sets the maximum number of parallel workers than can be active at one time.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_parallel_workers_per_gather",
+                "Description": "Sets the maximum number of parallel processes per executor node.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-1024",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_page",
+                "Description": "Sets the maximum number of predicate-locked tuples per page.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_relation",
+                "Description": "Sets the maximum number of predicate-locked pages and tuples per relation.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-2147483648-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_pred_locks_per_transaction",
+                "Description": "Sets the maximum number of predicate locks per transaction.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "10-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_prepared_transactions",
+                "ParameterValue": "0",
+                "Description": "Sets the maximum number of simultaneously prepared transactions.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_replication_slots",
+                "ParameterValue": "20",
+                "Description": "Sets the maximum number of replication slots that the server can support.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "5-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_slot_wal_keep_size",
+                "Description": "(MB) Sets the maximum WAL size that can be reserved by replication slots.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_stack_depth",
+                "ParameterValue": "6144",
+                "Description": "(kB) Sets the maximum stack depth, in kilobytes.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "100-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_standby_archive_delay",
+                "Description": "(ms) Sets the maximum delay before canceling queries when a hot standby server is processing archived WAL data.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_standby_streaming_delay",
+                "Description": "(ms) Sets the maximum delay before canceling queries when a hot standby server is processing streamed WAL data.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_sync_workers_per_subscription",
+                "Description": "Maximum number of synchronization workers per subscription",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_wal_senders",
+                "ParameterValue": "20",
+                "Description": "Sets the maximum number of simultaneously running WAL sender processes.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "5-8388607",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_wal_size",
+                "ParameterValue": "2048",
+                "Description": "(MB) Sets the WAL size that triggers a checkpoint.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "128-201326592",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "max_worker_processes",
+                "ParameterValue": "GREATEST(${DBInstanceVCPU*2},8)",
+                "Description": "Sets the maximum number of concurrent worker processes.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "0-262143",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_parallel_index_scan_size",
+                "Description": "(8kB) Sets the minimum amount of index data for a parallel scan.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-715827882",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_parallel_table_scan_size",
+                "Description": "(8kB) Sets the minimum amount of table data for a parallel scan.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-715827882",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "min_wal_size",
+                "ParameterValue": "192",
+                "Description": "(MB) Sets the minimum size to shrink the WAL to.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "128-201326592",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "old_snapshot_threshold",
+                "Description": "(min) Time before a snapshot is too old to read pages changed after the snapshot was taken.",
+                "Source": "engine-default",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "-1-86400",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "operator_precedence_warning",
+                "Description": "Emit a warning for constructs that changed meaning since PostgreSQL 9.4.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "orafce.nls_date_format",
+                "Description": "Emulate oracle's date output behaviour.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "orafce.timezone",
+                "Description": "Specify timezone used for sysdate function.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_leader_participation",
+                "Description": "Controls whether Gather and Gather Merge also run subplans.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_setup_cost",
+                "Description": "Sets the planner's estimate of the cost of starting up worker processes for parallel query.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "parallel_tuple_cost",
+                "Description": "Sets the planner's estimate of the cost of passing each tuple (row) from worker to master backend.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "float",
+                "AllowedValues": "0-1.79769e+308",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "password_encryption",
+                "ParameterValue": "md5",
+                "Description": "Encrypt passwords.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "md5,scram-sha-256",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log",
+                "Description": "Specifies which classes of statements will be logged by session audit logging.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "list",
+                "AllowedValues": "ddl,function,misc,read,role,write,none,all,-ddl,-function,-misc,-read,-role,-write",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_catalog",
+                "Description": "Specifies that session logging should be enabled in the case where all relations in a statement are in pg_catalog.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_level",
+                "Description": "Specifies the log level that will be used for log entries.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,log",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_parameter",
+                "Description": "Specifies that audit logging should include the parameters that were passed with the statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_relation",
+                "Description": "Specifies whether session audit logging should create a separate log entry for each relation (TABLE, VIEW, etc.) referenced in a SELECT or DML statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.log_statement_once",
+                "Description": "Specifies whether logging will include the statement text and parameters with the first log entry for a statement/substatement combination or with every entry.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pgaudit.role",
+                "Description": "Specifies the master role to use for object audit logging.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "rds_pgaudit",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "pg_bigm.enable_recheck",
+                "ParameterValue": "on",
+                "Description": "It specifies whether to perform Recheck which is an internal process of full text search.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "on,off",
+                "IsModifiable": true,
+                "MinimumEngineVersion": "13.2",
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-350-rds_postgresql_logging_enabled/red_policy_test.py b/tests/ecc-aws-350-rds_postgresql_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..fa8b299c2
--- /dev/null
+++ b/tests/ecc-aws-350-rds_postgresql_logging_enabled/red_policy_test.py
@@ -0,0 +1,23 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        base_test.assertNotIn('upgrade',resources[0]['EnabledCloudwatchLogsExports'])
+        base_test.assertIn('postgresql',resources[0]['EnabledCloudwatchLogsExports'])
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_statement":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], 'all')
+            elif parameter["ParameterName"]=="log_min_duration_statement":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..a4973aa8d
--- /dev/null
+++ b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,154 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-351-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green351",
+                "Endpoint": {
+                    "Address": "database-351-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 11,
+                    "minute": 1,
+                    "second": 52,
+                    "microsecond": 264000
+                },
+                "PreferredBackupWindow": "08:48-09:18",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-351-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:09:26-fri:09:56",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "8.0.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-8-0",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-OENCDXU6WIBRMRKJPVJDBFY33U",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-351-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-351-rds_mysql_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "351_db_instance_green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..5795caaa3
--- /dev/null
+++ b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e5cae426a
--- /dev/null
+++ b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,154 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-351-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red351",
+                "Endpoint": {
+                    "Address": "database-351-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 10,
+                    "minute": 36,
+                    "second": 44,
+                    "microsecond": 50000
+                },
+                "PreferredBackupWindow": "09:06-09:36",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-351-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:04:42-tue:05:12",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "8.0.26",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-8-0",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-J4KQTWLMMGGDDMXVWUJGWMFOGA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-351-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-351-rds_mysql_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "351_db_instance_red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..12e7c6270
--- /dev/null
+++ b/tests/ecc-aws-351-rds_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "Description": "Enable or disable the slow query log",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-351-rds_mysql_logging_enabled/red_policy_test.py b/tests/ecc-aws-351-rds_mysql_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..4ff3258a0
--- /dev/null
+++ b/tests/ecc-aws-351-rds_mysql_logging_enabled/red_policy_test.py
@@ -0,0 +1,20 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "mysql")
+
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+
+          for parameter in parameters:
+            if parameter["ParameterName"]=="slow_query_log":
+              base_test.assertNotIn('ParameterValue', parameter)
+
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..693d4afaa
--- /dev/null
+++ b/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-353-green",
+                "DBInstanceClass": "db.t3.small",
+                "Engine": "sqlserver-web",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "Endpoint": {
+                    "Address": "database-353-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1433,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 53,
+                    "second": 36,
+                    "microsecond": 732000
+                },
+                "PreferredBackupWindow": "03:54-04:24",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.sqlserver-web-15.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:21-fri:08:51",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "15.00.4073.23.v1",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "license-included",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:sqlserver-web-15-00",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "SQL_Latin1_General_CP1_CI_AS",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ECFPE7ELGH4LLVK46SI4HUFKW4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-353-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "agent",
+                    "error"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-353-rds_sql_server_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..c2b3a9c88
--- /dev/null
+++ b/tests/ecc-aws-353-rds_sql_server_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-353-red",
+                "DBInstanceClass": "db.t3.small",
+                "Engine": "sqlserver-web",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "Endpoint": {
+                    "Address": "database-353-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1433,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 19,
+                    "hour": 11,
+                    "minute": 49,
+                    "second": 44,
+                    "microsecond": 113000
+                },
+                "PreferredBackupWindow": "04:19-04:49",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.sqlserver-web-15.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:03:08-wed:03:38",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "15.00.4073.23.v1",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "license-included",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:sqlserver-web-15-00",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "SQL_Latin1_General_CP1_CI_AS",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-TBLITL4JMB2NR3ENACPYBCB45M",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-353-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "agent"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-353-rds_sql_server_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-353-rds_sql_server_logging_enabled/red_policy_test.py b/tests/ecc-aws-353-rds_sql_server_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..b2a9af85d
--- /dev/null
+++ b/tests/ecc-aws-353-rds_sql_server_logging_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertRegexpMatches(resources[0]['Engine'], "sqlserver")
+        base_test.assertNotIn('error',resources[0]['EnabledCloudwatchLogsExports'])
\ No newline at end of file
diff --git a/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..c83f076a6
--- /dev/null
+++ b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,150 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-354-green",
+                "DBInstanceClass": "db.t2.small",
+                "Engine": "aurora",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green354",
+                "Endpoint": {
+                    "Address": "database-354-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 11,
+                    "minute": 10,
+                    "second": 27,
+                    "microsecond": 375000
+                },
+                "PreferredBackupWindow": "09:24-09:54",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-354-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:06:22-mon:06:52",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.6.mysql_aurora.1.21.0",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-5-6",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-354-green",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-T4OO3YNS2KYZHYG3JCPRTTPNDU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-354-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-354-rds_aurora_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..34a9ff281
--- /dev/null
+++ b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..0718b6359
--- /dev/null
+++ b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,150 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-354-red",
+                "DBInstanceClass": "db.t2.small",
+                "Engine": "aurora",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red354",
+                "Endpoint": {
+                    "Address": "database-354-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 10,
+                    "minute": 38,
+                    "second": 21,
+                    "microsecond": 648000
+                },
+                "PreferredBackupWindow": "07:51-08:21",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-354-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:09:07-sat:09:37",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.6.mysql_aurora.1.21.0",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-5-6",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-354-red",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-WF6MLRIHDRMRE5E3QOHQPG5JKQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-354-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-354-rds_aurora_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..7bacd2456
--- /dev/null
+++ b/tests/ecc-aws-354-rds_aurora_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "Description": "Enable or disable the slow query log",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "TABLE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-354-rds_aurora_logging_enabled/red_policy_test.py b/tests/ecc-aws-354-rds_aurora_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..720113593
--- /dev/null
+++ b/tests/ecc-aws-354-rds_aurora_logging_enabled/red_policy_test.py
@@ -0,0 +1,26 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora")
+
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+        
+          for parameter in parameters:
+            if parameter["ParameterName"]=="slow_query_log":
+              base_test.assertNotIn('ParameterValue', parameter)
+            elif parameter["ParameterName"]=="general_log":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+            elif parameter["ParameterName"]=="log_output":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertNotEqual(parameter['ParameterValue'], "FILE")
+
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..b9259a396
--- /dev/null
+++ b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,150 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-355-green",
+                "DBInstanceClass": "db.t2.small",
+                "Engine": "aurora-mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green355",
+                "Endpoint": {
+                    "Address": "database-355-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 14,
+                    "minute": 57,
+                    "second": 48,
+                    "microsecond": 843000
+                },
+                "PreferredBackupWindow": "06:33-07:03",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-355-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:06:20-tue:06:50",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.mysql_aurora.2.10.0",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-355-green",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-D2SQOXTVHCW5SVYH5RR5OHKDJE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-355-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-355-rds_aurora_mysql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..5795caaa3
--- /dev/null
+++ b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..43a80a064
--- /dev/null
+++ b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,150 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-355-red",
+                "DBInstanceClass": "db.t2.small",
+                "Engine": "aurora-mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red355",
+                "Endpoint": {
+                    "Address": "database-355-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 14,
+                    "minute": 38,
+                    "second": 1,
+                    "microsecond": 890000
+                },
+                "PreferredBackupWindow": "04:19-04:49",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-355-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:09:04-mon:09:34",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.mysql_aurora.2.10.0",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-355-red",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-RL26Z5EW4F4JYV2LPLCTWD4OQY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-355-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-355-rds_aurora_mysql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..ed554938c
--- /dev/null
+++ b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "Description": "Enable or disable the slow query log",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/red_policy_test.py b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..ff13f7103
--- /dev/null
+++ b/tests/ecc-aws-355-rds_aurora_mysql_logging_enabled/red_policy_test.py
@@ -0,0 +1,26 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora-mysql")
+
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+        
+          for parameter in parameters:
+            if parameter["ParameterName"]=="slow_query_log":
+              base_test.assertNotIn('ParameterValue', parameter)
+            elif parameter["ParameterName"]=="general_log":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+            elif parameter["ParameterName"]=="log_output":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertNotEqual(parameter['ParameterValue'], "FILE")
+
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..ba4f7ddf6
--- /dev/null
+++ b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-356-green",
+                "DBInstanceClass": "db.t3.medium",
+                "Engine": "aurora-postgresql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green356",
+                "Endpoint": {
+                    "Address": "database-356-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 16,
+                    "minute": 31,
+                    "second": 33,
+                    "microsecond": 355000
+                },
+                "PreferredBackupWindow": "07:56-08:26",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-356-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:09:59-fri:10:29",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-postgresql-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-356-green",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-NDCSLRIWHXZUYE3ALH774VS36U",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-356-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-356-rds_aurora_postgresql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..3369ed47b
--- /dev/null
+++ b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_duration_statement",
+                "ParameterValue": "1",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..37161f1b5
--- /dev/null
+++ b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-356-red",
+                "DBInstanceClass": "db.t3.medium",
+                "Engine": "aurora-postgresql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red356",
+                "Endpoint": {
+                    "Address": "database-356-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 1,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 23,
+                    "hour": 16,
+                    "minute": 8,
+                    "second": 2,
+                    "microsecond": 948000
+                },
+                "PreferredBackupWindow": "07:53-08:23",
+                "BackupRetentionPeriod": 1,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-356-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:03:37-thu:04:07",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:aurora-postgresql-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "aurora",
+                "DbInstancePort": 0,
+                "DBClusterIdentifier": "aurora-cluster-356-red",
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-IKX2GQ3UV6TYMXGHSXZUKUPS6E",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "PromotionTier": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-356-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-356-rds_aurora_postgresql_logging_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..aba3e3f3b
--- /dev/null
+++ b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_duration_statement",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_statement",
+                "Description": "Sets the type of statements logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red_policy_test.py b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..af46e8826
--- /dev/null
+++ b/tests/ecc-aws-356-rds_aurora_postgresql_logging_enabled/red_policy_test.py
@@ -0,0 +1,22 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora-postgresql")
+        base_test.assertIn('postgresql',resources[0]['EnabledCloudwatchLogsExports'])
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+        
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_statement":
+              base_test.assertNotIn('ParameterValue', parameter)
+            elif parameter["ParameterName"]=="log_min_duration_statement":
+              base_test.assertNotIn('ParameterValue', parameter)
+
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..f9cc02db3
--- /dev/null
+++ b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211029102352335500000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "stopped",
+                "MasterUsername": "root",
+                "DBName": "database357green",
+                "Endpoint": {
+                    "Address": "terraform-20211029102352335500000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 10,
+                    "minute": 27,
+                    "second": 34,
+                    "microsecond": 840000
+                },
+                "PreferredBackupWindow": "09:47-10:17",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:03:45-thu:04:15",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-65J3GU3ENNS2XBUN6EFDOLNZ24",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211029102352335500000001",
+                "IAMDatabaseAuthenticationEnabled": true,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-357-rds_instance_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..b4b89426e
--- /dev/null
+++ b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20211029102352335500000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-357-rds_instance_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..b4d19e2ca
--- /dev/null
+++ b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20211029103302637400000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "stopped",
+                "MasterUsername": "root",
+                "DBName": "database357red",
+                "Endpoint": {
+                    "Address": "terraform-20211029103302637400000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 10,
+                    "minute": 37,
+                    "second": 4,
+                    "microsecond": 121000
+                },
+                "PreferredBackupWindow": "06:56-07:26",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:03:27-wed:03:57",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-CJCZQWHJKVI4NGF3CZDZ6KHFKY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:terraform-20211029103302637400000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-357-rds_instance_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..c04146811
--- /dev/null
+++ b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:db:terraform-20211029103302637400000001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-357-rds_instance_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-357-rds_instance_iam_authentication_configured/red_policy_test.py b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/red_policy_test.py
new file mode 100644
index 000000000..342526ead
--- /dev/null
+++ b/tests/ecc-aws-357-rds_instance_iam_authentication_configured/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['IAMDatabaseAuthenticationEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..f1d1753ad
--- /dev/null
+++ b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster358green",
+                "DBClusterIdentifier": "cluster-358-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 17,
+                    "second": 38,
+                    "microsecond": 180000
+                },
+                "Endpoint": "cluster-358-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-358-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 17,
+                    "second": 38,
+                    "microsecond": 180000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "08:38-09:08",
+                "PreferredMaintenanceWindow": "wed:03:33-wed:04:03",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-VUFNTHHYAODP6GKFXLSEZUP7EA",
+                "DBClusterArn": "arn:aws:rds:us-east-1:this:cluster:cluster-358-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": true,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 16,
+                    "second": 28,
+                    "microsecond": 525000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-358-rds_cluster_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..b6448e4d1
--- /dev/null
+++ b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:cluster:cluster-358-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-358-rds_cluster_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..4514d553d
--- /dev/null
+++ b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster358red",
+                "DBClusterIdentifier": "cluster-358-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 20,
+                    "second": 27,
+                    "microsecond": 622000
+                },
+                "Endpoint": "cluster-358-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-358-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 20,
+                    "second": 27,
+                    "microsecond": 622000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "09:09-09:39",
+                "PreferredMaintenanceWindow": "wed:05:14-wed:05:44",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-CZZGDO4XNYBTUHDHGMIPEAWQIM",
+                "DBClusterArn": "arn:aws:rds:us-east-1:this:cluster:cluster-358-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 7,
+                    "minute": 19,
+                    "second": 29,
+                    "microsecond": 878000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-358-rds_cluster_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..ba9fc2452
--- /dev/null
+++ b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:this:cluster:cluster-358-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-358-rds_cluster_iam_authentication_configured"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/red_policy_test.py b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/red_policy_test.py
new file mode 100644
index 000000000..342526ead
--- /dev/null
+++ b/tests/ecc-aws-358-rds_cluster_iam_authentication_configured/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['IAMDatabaseAuthenticationEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..c08ee4642
--- /dev/null
+++ b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster359green",
+                "DBClusterIdentifier": "cluster-359-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 6,
+                    "second": 50,
+                    "microsecond": 256000
+                },
+                "Endpoint": "cluster-359-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-359-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.07.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 6,
+                    "second": 50,
+                    "microsecond": 256000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "09:27-09:57",
+                "PreferredMaintenanceWindow": "tue:07:28-tue:07:58",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-ON3UHKRUCVRWEZSPLMHSKVBJIE",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-359-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 6,
+                    "second": 12,
+                    "microsecond": 181000
+                },
+                "BacktrackWindow": 600,
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9d1021a90
--- /dev/null
+++ b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-on3uhkrucvrwezsplmhskvbjie",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-359-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..066a532c9
--- /dev/null
+++ b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster359red",
+                "DBClusterIdentifier": "cluster-359-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 17,
+                    "second": 44,
+                    "microsecond": 337000
+                },
+                "Endpoint": "cluster-359-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-359-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.07.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 17,
+                    "second": 44,
+                    "microsecond": 337000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:56-05:26",
+                "PreferredMaintenanceWindow": "tue:03:12-tue:03:42",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-DSK3ASKRTODOYYTDQYGRKPQE5U",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-359-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 16,
+                    "second": 53,
+                    "microsecond": 680000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..003ef7249
--- /dev/null
+++ b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-dsk3askrtodoyytdqygrkpqe5u",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-359-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-359-rds_aurora_mysql_backtracking_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red_policy_test.py b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red_policy_test.py
new file mode 100644
index 000000000..bc5db59f0
--- /dev/null
+++ b/tests/ecc-aws-359-rds_aurora_mysql_backtracking_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora-mysql")
+        base_test.assertFalse('BacktrackWindow' in resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..2fc34c919
--- /dev/null
+++ b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,105 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1d",
+                    "us-east-1a"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster360green",
+                "DBClusterIdentifier": "cluster-360-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 28,
+                    "second": 57,
+                    "microsecond": 224000
+                },
+                "Endpoint": "cluster-360-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-360-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": true,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 35,
+                    "second": 55,
+                    "microsecond": 458000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:57-05:27",
+                "PreferredMaintenanceWindow": "mon:09:58-mon:10:28",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "rds-cluster-instance1-360-red",
+                        "IsClusterWriter": false,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    },
+                    {
+                        "DBInstanceIdentifier": "rds-cluster-instance2-360-red",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-ZXODCIVG7SGY4NTNLETREWDUXY",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-360-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 27,
+                    "second": 50,
+                    "microsecond": 716000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ef570420a
--- /dev/null
+++ b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-360-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-zxodcivg7sgy4ntnletrewduxy",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..3cc8cb505
--- /dev/null
+++ b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,99 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1f",
+                    "us-east-1b",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster360red",
+                "DBClusterIdentifier": "rds-cluster-360-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 47,
+                    "second": 25,
+                    "microsecond": 362000
+                },
+                "Endpoint": "rds-cluster-360-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "rds-cluster-360-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.03.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 47,
+                    "second": 25,
+                    "microsecond": 362000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "10:29-10:59",
+                "PreferredMaintenanceWindow": "thu:09:20-thu:09:50",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "rds-cluster-instance-360-red",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-ASXN35VVQS7JT3UJQRFFMBFQWU",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:rds-cluster-360-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 46,
+                    "second": 12,
+                    "microsecond": 173000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..802ffb953
--- /dev/null
+++ b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:rds-cluster-360-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-asxn35vvqs7jt3ujqrffmbfqwu",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-360-rds_cluster_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-360-rds_cluster_multi_az_enabled/red_policy_test.py b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/red_policy_test.py
new file mode 100644
index 000000000..84e53714c
--- /dev/null
+++ b/tests/ecc-aws-360-rds_cluster_multi_az_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['MultiAZ'])
\ No newline at end of file
diff --git a/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..cd3d8cdba
--- /dev/null
+++ b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,134 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "auto_analyze",
+                "ParameterValue": "true",
+                "Description": "Use auto analyze",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "datestyle",
+                "ParameterValue": "ISO, MDY",
+                "Description": "Sets the display format for date and time values.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_case_sensitive_identifier",
+                "ParameterValue": "false",
+                "Description": "Preserve case sensitivity for database identifiers such as table or column names in parser",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "false",
+                "Description": "parameter for audit logging purpose",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "extra_float_digits",
+                "ParameterValue": "0",
+                "Description": "Sets the number of digits displayed for floating-point values",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "-15-2",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_concurrency_scaling_clusters",
+                "ParameterValue": "1",
+                "Description": "The maximum concurrency scaling clusters can be used.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-10",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_cursor_result_set_size",
+                "ParameterValue": "default",
+                "Description": "Sets the max cursor result set size",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-14400000",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "query_group",
+                "ParameterValue": "default",
+                "Description": "This parameter applies a user-defined label to a group of queries that are run during the same session..",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "true",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "user",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "search_path",
+                "ParameterValue": "$user, public",
+                "Description": "Sets the schema search order for names that are not schema-qualified.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "statement_timeout",
+                "ParameterValue": "0",
+                "Description": "Aborts any statement that takes over the specified number of milliseconds.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0,100-2147483647",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "use_fips_ssl",
+                "ParameterValue": "false",
+                "Description": "Use fips ssl library",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "wlm_json_configuration",
+                "ParameterValue": "[{\"auto_wlm\":true}]",
+                "Description": "wlm json configuration",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..96789cd7a
--- /dev/null
+++ b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-361-redshift-green",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-361-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 25,
+                    "second": 19,
+                    "microsecond": 876000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-361-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "wed:06:00-wed:06:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPwl++l7a4L4+9I29mV7DS3H2q2Ak5KAZvM9KlvYrl7Ro0Z992KOLCRMp02O0iDCpXMIRCbKuSEgmwwQkJHB0Xpuo1sN/PMIDIA8F+TgrSqgkQwPVb1SL1HgPzNP7ksQf/ce27aJWstHbJVP/yeCAs9kNK288vSofRqfm+xRvJUNoGP4lws9PL6QRYy/O3g+wkjRMCNEtWCUEmUWLJXIe6tyWN1b8u34beLhg1i/Wj0Mv2BXxGEiRND4ZN08mRwsfQvFs8Ofsm67hyehHyJ7WvHuQ6zprmUL5Qk0rdmncyz2L8Bakn6jcAQjf6zh4rNzpTLxzsTWajisP+gB6Csx0Z Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.81.10",
+                        "PublicIPAddress": "3.223.167.186"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 13,
+                    "hour": 6,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..55625c773
--- /dev/null
+++ b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,134 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "auto_analyze",
+                "ParameterValue": "true",
+                "Description": "Use auto analyze",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "datestyle",
+                "ParameterValue": "ISO, MDY",
+                "Description": "Sets the display format for date and time values.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_case_sensitive_identifier",
+                "ParameterValue": "false",
+                "Description": "Preserve case sensitivity for database identifiers such as table or column names in parser",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "false",
+                "Description": "parameter for audit logging purpose",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "extra_float_digits",
+                "ParameterValue": "0",
+                "Description": "Sets the number of digits displayed for floating-point values",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "-15-2",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_concurrency_scaling_clusters",
+                "ParameterValue": "1",
+                "Description": "The maximum concurrency scaling clusters can be used.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-10",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "max_cursor_result_set_size",
+                "ParameterValue": "default",
+                "Description": "Sets the max cursor result set size",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0-14400000",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "query_group",
+                "ParameterValue": "default",
+                "Description": "This parameter applies a user-defined label to a group of queries that are run during the same session..",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "false",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "user",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "search_path",
+                "ParameterValue": "$user, public",
+                "Description": "Sets the schema search order for names that are not schema-qualified.",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "statement_timeout",
+                "ParameterValue": "0",
+                "Description": "Aborts any statement that takes over the specified number of milliseconds.",
+                "Source": "engine-default",
+                "DataType": "integer",
+                "AllowedValues": "0,100-2147483647",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "use_fips_ssl",
+                "ParameterValue": "false",
+                "Description": "Use fips ssl library",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            },
+            {
+                "ParameterName": "wlm_json_configuration",
+                "ParameterValue": "[{\"auto_wlm\":true}]",
+                "Description": "wlm json configuration",
+                "Source": "engine-default",
+                "DataType": "string",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..30ad04f7d
--- /dev/null
+++ b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-361-redshift-red",
+                "NodeType": "dc1.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshiftred",
+                "Endpoint": {
+                    "Address": "c7n-361-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 2,
+                    "second": 31,
+                    "microsecond": 501000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-361-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "wed:09:00-wed:09:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqEOBt1EQtE+lySj8uzm6JZBotuweDgZyhUJ1olvJWDO0nxn6+5eawK63IGeRdvQbAqJgT2v8/g8bSQ9n1vp50RiFV0bwWnvWjW1OZ0W33eJKiPnIJ74BR9l86DPMQzWJDbJnemgzUoeX9qwTSkLUmYI6HjKtQvd2bz+cnHR0TJBxj8WyjjSSvrjwCJT6UWK3tguOUemWTTWWTFFKw8t6hUUcS9b7JTYy7i+F1zAo5G7tscSj0AiwRUa9II8VzKcdTG4b+3TlZoxSq0aa0cJhekQswkRQ04HHEPxf1+Fi9jYf0z7VmHTEzCwa+K7XNnsYL203vzD8Xpt/nQiwXuy13 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.89.107",
+                        "PublicIPAddress": "3.209.205.72"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 13,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/red_policy_test.py b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/red_policy_test.py
new file mode 100644
index 000000000..5300d67c2
--- /dev/null
+++ b/tests/ecc-aws-361-redshift_cluster_encrypted_in_transit/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        localGroup = resources[0]['ClusterParameterGroups'][0]['ParameterGroupName']
+        paramGroup = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName = localGroup)["Parameters"][8]
+        base_test.assertEqual(paramGroup['ParameterValue'], "false")
\ No newline at end of file
diff --git a/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..ff409a0ca
--- /dev/null
+++ b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-362-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-362-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 7,
+                    "minute": 56,
+                    "second": 39,
+                    "microsecond": 351000
+                },
+                "AutomatedSnapshotRetentionPeriod": 7,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "sun:08:00-sun:08:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.56.196",
+                        "PublicIPAddress": "34.192.224.209"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..a0a7e86ba
--- /dev/null
+++ b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-362-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-362-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 9,
+                    "microsecond": 966000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "sun:04:00-sun:04:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.50.90",
+                        "PublicIPAddress": "54.243.140.134"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 4,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red_policy_test.py b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red_policy_test.py
new file mode 100644
index 000000000..7cca7fc64
--- /dev/null
+++ b/tests/ecc-aws-362-redshift_cluster_automatic_snapshot_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertLess(resources[0]['AutomatedSnapshotRetentionPeriod'], 7)
\ No newline at end of file
diff --git a/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..22496ed15
--- /dev/null
+++ b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-363-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-363-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 40,
+                    "second": 53,
+                    "microsecond": 938000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "sat:05:00-sat:05:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.21.146",
+                        "PublicIPAddress": "18.235.170.0"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 6,
+                    "hour": 5,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..37cf20e97
--- /dev/null
+++ b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-363-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-363-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 57,
+                    "second": 9,
+                    "microsecond": 731000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "fri:07:00-fri:07:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": false,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.18.75",
+                        "PublicIPAddress": "52.23.58.84"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 5,
+                    "hour": 7,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red_policy_test.py b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red_policy_test.py
new file mode 100644
index 000000000..1f7d0ac5e
--- /dev/null
+++ b/tests/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AllowVersionUpgrade'])
\ No newline at end of file
diff --git a/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..4cc9a377b
--- /dev/null
+++ b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-364-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-364-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 7,
+                    "minute": 35,
+                    "second": 52,
+                    "microsecond": 341000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "fri:05:30-fri:06:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.29.93",
+                        "PublicIPAddress": "174.129.68.236"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": true,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 29,
+                    "hour": 5,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..e5d2a5aaf
--- /dev/null
+++ b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-364-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-364-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 7,
+                    "minute": 31,
+                    "second": 27,
+                    "microsecond": 396000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "sat:04:00-sat:04:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "this",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.22.158",
+                        "PublicIPAddress": "52.1.5.110"
+                    }
+                ],
+                "ClusterRevisionNumber": "31651",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 30,
+                    "hour": 4,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red_policy_test.py b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red_policy_test.py
new file mode 100644
index 000000000..8796a21c5
--- /dev/null
+++ b/tests/ecc-aws-364-redshift_cluster_enhanced_vpc_routing_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['EnhancedVpcRouting'])
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.GetTopicAttributes_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..e35072a80
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.GetTopicAttributes_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:rule-368-green\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "KmsMasterKeyId": "alias/aws/sns",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-368-green",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.ListTopics_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.ListTopics_1.json
new file mode 100644
index 000000000..af1eca95d
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-368-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..7e28ec040
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sns:us-east-1:111111111111:rule-368-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-368-sns_kms_encryption_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.GetTopicAttributes_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..c2551a2c2
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.GetTopicAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:rule-368-red\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-368-red",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.ListTopics_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.ListTopics_1.json
new file mode 100644
index 000000000..7d6ef3bb6
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-368-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..041b0a0a4
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sns:us-east-1:111111111111:rule-368-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-368-sns_kms_encryption_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-368-sns_kms_encryption_enabled/red_policy_test.py b/tests/ecc-aws-368-sns_kms_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..4c7cfd375
--- /dev/null
+++ b/tests/ecc-aws-368-sns_kms_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsMasterKeyId', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..d1ce773d9
--- /dev/null
+++ b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,179 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-04deab1f3e42c8d63",
+                        "InstanceId": "i-09372179bfd53a220",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 8,
+                            "hour": 13,
+                            "minute": 24,
+                            "second": 13,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1d",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-18-49.ec2.internal",
+                        "PrivateIpAddress": "172.31.18.49",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-18-212-100-164.compute-1.amazonaws.com",
+                        "PublicIpAddress": "18.212.100.164",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-fa9dcab7",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 8,
+                                        "hour": 13,
+                                        "minute": 24,
+                                        "second": 14,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-05feb1572d9102a08"
+                                }
+                            }
+                        ],
+                        "ClientToken": "A81C13F8-FE24-4CE9-96F9-BC931B2CA8FA",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/370_profile_green",
+                            "Id": "AAAAAAAAA11111"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-18-212-100-164.compute-1.amazonaws.com",
+                                    "PublicIp": "18.212.100.164"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 8,
+                                        "hour": 13,
+                                        "minute": 24,
+                                        "second": 13,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-033ac5ecf331c3a63",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "370_security_group_green",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0a:d5:f5:dc:8e:87",
+                                "NetworkInterfaceId": "eni-06583491340bf5a47",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-18-49.ec2.internal",
+                                "PrivateIpAddress": "172.31.18.49",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-18-212-100-164.compute-1.amazonaws.com",
+                                            "PublicIp": "18.212.100.164"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-18-49.ec2.internal",
+                                        "PrivateIpAddress": "172.31.18.49"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-fa9dcab7",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "370_security_group_green",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "370_instance_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-370-ec2_instance_managed_by_systems_manager"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-089b02f296b5bc0a5"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ssm.DescribeInstanceInformation_1.json b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ssm.DescribeInstanceInformation_1.json
new file mode 100644
index 000000000..360a7ffe9
--- /dev/null
+++ b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-green/ssm.DescribeInstanceInformation_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "InstanceInformationList": [
+            {
+                "InstanceId": "i-09372179bfd53a220",
+                "PingStatus": "Online",
+                "LastPingDateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 8,
+                    "hour": 15,
+                    "minute": 47,
+                    "second": 36,
+                    "microsecond": 921000
+                },
+                "AgentVersion": "3.1.459.0",
+                "IsLatestVersion": true,
+                "PlatformType": "Linux",
+                "PlatformName": "Amazon Linux",
+                "PlatformVersion": "2",
+                "ResourceType": "EC2Instance",
+                "IPAddress": "172.31.18.49",
+                "ComputerName": "ip-172-31-18-49.ec2.internal",
+                "AssociationStatus": "Success",
+                "LastAssociationExecutionDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 8,
+                    "hour": 15,
+                    "minute": 26,
+                    "second": 5,
+                    "microsecond": 269000
+                },
+                "LastSuccessfulAssociationExecutionDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 8,
+                    "hour": 15,
+                    "minute": 26,
+                    "second": 5,
+                    "microsecond": 269000
+                },
+                "AssociationOverview": {
+                    "DetailedStatus": "Success",
+                    "InstanceAssociationStatusAggregatedCount": {
+                        "Success": 1
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..164fa958c
--- /dev/null
+++ b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,175 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-04deab1f3e42c8d63",
+                        "InstanceId": "i-0b233699936ce4bdc",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 8,
+                            "hour": 13,
+                            "minute": 6,
+                            "second": 40,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1d",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-31-10.ec2.internal",
+                        "PrivateIpAddress": "172.31.31.10",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-54-91-25-81.compute-1.amazonaws.com",
+                        "PublicIpAddress": "54.91.25.81",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-fa9dcab7",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 8,
+                                        "hour": 13,
+                                        "minute": 6,
+                                        "second": 41,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0c388c4e8086e3ce2"
+                                }
+                            }
+                        ],
+                        "ClientToken": "763EF372-4E70-4494-BF08-B825111D35BB",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-54-91-25-81.compute-1.amazonaws.com",
+                                    "PublicIp": "54.91.25.81"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 8,
+                                        "hour": 13,
+                                        "minute": 6,
+                                        "second": 40,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-08b35d73184d6fa9f",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0a:5e:d4:6e:a6:07",
+                                "NetworkInterfaceId": "eni-072fb231d3b0a5dbe",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-31-10.ec2.internal",
+                                "PrivateIpAddress": "172.31.31.10",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-54-91-25-81.compute-1.amazonaws.com",
+                                            "PublicIp": "54.91.25.81"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-31-10.ec2.internal",
+                                        "PrivateIpAddress": "172.31.31.10"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-fa9dcab7",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "370_instance_red"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-370-ec2_instance_managed_by_systems_manager"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0e70b06a9f5842d4a"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ssm.DescribeInstanceInformation_1.json b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ssm.DescribeInstanceInformation_1.json
new file mode 100644
index 000000000..04c312b9a
--- /dev/null
+++ b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/placebo-red/ssm.DescribeInstanceInformation_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "InstanceInformationList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/red_policy_test.py b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/red_policy_test.py
new file mode 100644
index 000000000..ebc41464a
--- /dev/null
+++ b/tests/ecc-aws-370-ec2_instance_managed_by_systems_manager/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('InstanceId', local_session.client("ssm").describe_instance_information())
+        base_test.assertIn(resources[0]['State']['Name'], ['stopped', 'running'])
\ No newline at end of file
diff --git a/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..bd5c212fe
--- /dev/null
+++ b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,179 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-05ffd15d4bd815259",
+                        "InstanceId": "i-0c03cb33f004aeea6",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 26,
+                            "hour": 8,
+                            "minute": 1,
+                            "second": 54,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-90-112.ec2.internal",
+                        "PrivateIpAddress": "172.31.90.112",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-3-88-132-206.compute-1.amazonaws.com",
+                        "PublicIpAddress": "3.88.132.206",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 26,
+                                        "hour": 8,
+                                        "minute": 1,
+                                        "second": 55,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-09301063ff5a41c50"
+                                }
+                            }
+                        ],
+                        "ClientToken": "1BB8A3A0-6775-4D04-8138-0982717F5B13",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/371_profile_green",
+                            "Id": "AAAAAAAAA11111"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-3-88-132-206.compute-1.amazonaws.com",
+                                    "PublicIp": "3.88.132.206"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 26,
+                                        "hour": 8,
+                                        "minute": 1,
+                                        "second": 54,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0321a446b552bbbeb",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "371_security_group_green",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:c9:6a:34:86:cd",
+                                "NetworkInterfaceId": "eni-094271a855fbc99ac",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-90-112.ec2.internal",
+                                "PrivateIpAddress": "172.31.90.112",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-3-88-132-206.compute-1.amazonaws.com",
+                                            "PublicIp": "3.88.132.206"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-90-112.ec2.internal",
+                                        "PrivateIpAddress": "172.31.90.112"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "371_security_group_green",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-371-ec2_managed_instance_association_compliance_status_check"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "371_instance_green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0f3e741581f5a019f"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ssm.ListResourceComplianceSummaries_1.json b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ssm.ListResourceComplianceSummaries_1.json
new file mode 100644
index 000000000..053777a8f
--- /dev/null
+++ b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-green/ssm.ListResourceComplianceSummaries_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceComplianceSummaryItems": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..965a65b2c
--- /dev/null
+++ b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,179 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-04ad2567c9e3d7893",
+                        "InstanceId": "i-0bda67de3d5c5e6ae",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 11,
+                            "day": 26,
+                            "hour": 9,
+                            "minute": 0,
+                            "second": 59,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-94-74.ec2.internal",
+                        "PrivateIpAddress": "172.31.94.74",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-3-82-155-10.compute-1.amazonaws.com",
+                        "PublicIpAddress": "3.82.155.10",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 26,
+                                        "hour": 9,
+                                        "minute": 1,
+                                        "second": 8,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-07a916a8a741a4171"
+                                }
+                            }
+                        ],
+                        "ClientToken": "EDA9BCDE-3AFA-4F05-9A03-E64720068886",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "IamInstanceProfile": {
+                            "Arn": "arn:aws:iam::111111111111:instance-profile/371_profile_red",
+                            "Id": "AAAAAAAAA11111"
+                        },
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-3-82-155-10.compute-1.amazonaws.com",
+                                    "PublicIp": "3.82.155.10"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 11,
+                                        "day": 26,
+                                        "hour": 9,
+                                        "minute": 0,
+                                        "second": 59,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-02b2b0714134d3b7f",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "371_security_group_red",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:3d:03:1e:b1:01",
+                                "NetworkInterfaceId": "eni-08e3f46c820dbadcd",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-94-74.ec2.internal",
+                                "PrivateIpAddress": "172.31.94.74",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-3-82-155-10.compute-1.amazonaws.com",
+                                            "PublicIp": "3.82.155.10"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-94-74.ec2.internal",
+                                        "PrivateIpAddress": "172.31.94.74"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "371_security_group_red",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-371-ec2_managed_instance_association_compliance_status_check"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "371_instance_red"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0c8a6615352473716"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ssm.ListResourceComplianceSummaries_1.json b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ssm.ListResourceComplianceSummaries_1.json
new file mode 100644
index 000000000..6fdd90102
--- /dev/null
+++ b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/placebo-red/ssm.ListResourceComplianceSummaries_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceComplianceSummaryItems": [
+            {
+                "ComplianceType": "Association",
+                "ResourceType": "ManagedInstance",
+                "ResourceId": "i-0bda67de3d5c5e6ae",
+                "Status": "NON_COMPLIANT",
+                "OverallSeverity": "LOW",
+                "ExecutionSummary": {
+                    "ExecutionTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 11,
+                        "day": 26,
+                        "hour": 11,
+                        "minute": 4,
+                        "second": 47,
+                        "microsecond": 0
+                    }
+                },
+                "CompliantSummary": {
+                    "CompliantCount": 0,
+                    "SeveritySummary": {
+                        "CriticalCount": 0,
+                        "HighCount": 0,
+                        "MediumCount": 0,
+                        "LowCount": 0,
+                        "InformationalCount": 0,
+                        "UnspecifiedCount": 0
+                    }
+                },
+                "NonCompliantSummary": {
+                    "NonCompliantCount": 1,
+                    "SeveritySummary": {
+                        "CriticalCount": 0,
+                        "HighCount": 0,
+                        "MediumCount": 0,
+                        "LowCount": 1,
+                        "InformationalCount": 0,
+                        "UnspecifiedCount": 0
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red_policy_test.py b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red_policy_test.py
new file mode 100644
index 000000000..4e37c8ad9
--- /dev/null
+++ b/tests/ecc-aws-371-ec2_managed_instance_association_compliance_status_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:ssm-compliance'][0]['Status'], 'NON_COMPLIANT')
\ No newline at end of file
diff --git a/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..33ee30466
--- /dev/null
+++ b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,175 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-024b40473b9980ef1",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 27,
+                            "hour": 11,
+                            "minute": 32,
+                            "second": 21,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-87-43.ec2.internal",
+                        "PrivateIpAddress": "172.31.87.43",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-18-205-160-183.compute-1.amazonaws.com",
+                        "PublicIpAddress": "18.205.160.183",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 11,
+                                        "minute": 32,
+                                        "second": 22,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0b2d1be3eb8db6bd4"
+                                }
+                            }
+                        ],
+                        "ClientToken": "4D64A159-BAA1-49D7-8A4C-6D499035DAC9",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-18-205-160-183.compute-1.amazonaws.com",
+                                    "PublicIp": "18.205.160.183"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 11,
+                                        "minute": 32,
+                                        "second": 21,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-08bc1bdfbb7b0bbb8",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:71:b6:d7:48:b1",
+                                "NetworkInterfaceId": "eni-04d1f0b765f295f3c",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-87-43.ec2.internal",
+                                "PrivateIpAddress": "172.31.87.43",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-18-205-160-183.compute-1.amazonaws.com",
+                                            "PublicIp": "18.205.160.183"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-87-43.ec2.internal",
+                                        "PrivateIpAddress": "172.31.87.43"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-372-ec2_instance_imdsv2_enabled"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "372_instance_green"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "required",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-03fb7c83fd5dbd509"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..3a838bc1e
--- /dev/null
+++ b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,175 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0110765bdc3a9df6e",
+                        "InstanceId": "i-0c061e6cfab91ce48",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 10,
+                            "day": 27,
+                            "hour": 12,
+                            "minute": 25,
+                            "second": 54,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-82-164.ec2.internal",
+                        "PrivateIpAddress": "172.31.82.164",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-3-83-119-127.compute-1.amazonaws.com",
+                        "PublicIpAddress": "3.83.119.127",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 12,
+                                        "minute": 25,
+                                        "second": 55,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0129bfb916a6eff56"
+                                }
+                            }
+                        ],
+                        "ClientToken": "D6A24D66-C02A-4D9D-A299-38222273820E",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-3-83-119-127.compute-1.amazonaws.com",
+                                    "PublicIp": "3.83.119.127"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2021,
+                                        "month": 10,
+                                        "day": 27,
+                                        "hour": 12,
+                                        "minute": 25,
+                                        "second": 54,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0bde8019312d3d29c",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:4f:26:97:a0:13",
+                                "NetworkInterfaceId": "eni-0f790724a5f2b90a1",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-82-164.ec2.internal",
+                                "PrivateIpAddress": "172.31.82.164",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-3-83-119-127.compute-1.amazonaws.com",
+                                            "PublicIp": "3.83.119.127"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-82-164.ec2.internal",
+                                        "PrivateIpAddress": "172.31.82.164"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "372_instance_red"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-372-ec2_instance_imdsv2_enabled"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-06fef03f08913510b"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/red_policy_test.py b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/red_policy_test.py
new file mode 100644
index 000000000..f616ebdff
--- /dev/null
+++ b/tests/ecc-aws-372-ec2_instance_imdsv2_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MetadataOptions']['HttpTokens'], 'optional')
\ No newline at end of file
diff --git a/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..9e58520ae
--- /dev/null
+++ b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,59 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "373_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/373_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 11,
+                "day": 30,
+                "hour": 9,
+                "minute": 41,
+                "second": 33,
+                "microsecond": 466000
+            },
+            "version": "1.21",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-373-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0ed6d99f34903cdef",
+                    "subnet-038c055d02259a017"
+                ],
+                "securityGroupIds": [],
+                "vpcId": "vpc-06a4bc72440e32088",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": true
+                    }
+                ]
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {},
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-373-eks_control_plane_logging_enabled",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..9100cf919
--- /dev/null
+++ b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "373_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..37ede6822
--- /dev/null
+++ b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,64 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "373_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/373_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 11,
+                "day": 30,
+                "hour": 9,
+                "minute": 48,
+                "second": 7,
+                "microsecond": 660000
+            },
+            "version": "1.21",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-373-cluster-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0d9fef870dd7f81c6",
+                    "subnet-0714aef691dd649aa"
+                ],
+                "securityGroupIds": [],
+                "vpcId": "vpc-0cb2f9bedb52396a4",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": true
+                    },
+                    {
+                        "types": [
+                            "authenticator"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {},
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-373-eks_control_plane_logging_enabled",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..139456c8f
--- /dev/null
+++ b/tests/ecc-aws-373-eks_control_plane_logging_enabled/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "373_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-373-eks_control_plane_logging_enabled/red_policy_test.py b/tests/ecc-aws-373-eks_control_plane_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..3d97253bd
--- /dev/null
+++ b/tests/ecc-aws-373-eks_control_plane_logging_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertListEqual(resources[0]['logging']['clusterLogging'][0]['types'], ['api', 'audit',  'controllerManager', 'scheduler'])
+        base_test.assertTrue(resources[0]['logging']['clusterLogging'][0]['enabled'])
+
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..5a8ac42df
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "374_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 10250,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 10250,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 443,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 443,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "FromPort": 10250,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 10250,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 443,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 443,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..82f4e64b0
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,70 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "374_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/374_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 2,
+                "hour": 11,
+                "minute": 9,
+                "second": 2,
+                "microsecond": 159000
+            },
+            "version": "1.21",
+            "endpoint": "https://58CCB58FBBBB4B0F2A5EE8AB4EC93316.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-373-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-07683bbdfcf893211",
+                    "subnet-0eb433159fb6f1181"
+                ],
+                "securityGroupIds": [
+                    "sg-02ca6b7ed9856bf13"
+                ],
+                "clusterSecurityGroupId": "sg-03650af0d1a5074b5",
+                "vpcId": "vpc-06040e942854784d7",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/58CCB58FBBBB4B0F2A5EE8AB4EC93316"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1USXdNakE1TVRVek5Gb1hEVE14TVRFek1EQTVNVFV6TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTHRjCkczU0FzOUNUWVJLQkFSdjMxYWJoaG1CbmZCNlB1Y1JxUzlGeDJMbk9mUVVHa0Z2OUcxRCtBTm5teVpTN3JFbXAKY1FDaGFQZXRMczVIRi92MGh1R2hWUWExM3ZQOThTYk5wVzJiTGZVSm96cnh2dzEzVGZTd1RMVEZJQ3VLSHNVRAp5UDBjbnpTTHUyQWVCYTJjUnl1a2ZsTytMdkxHbEdOeEc0YmEzRXdEMzhyUHpoSnhOaWJCNnB2NXQxeWJPYkt3Cmc5aW92a1lsT1hNa0N3Wk5IWFhFTlhIZnEraUZtWjZ6bGFXcml1eHFRZWlkK2NjYkV4UG9vYlBnVFpjYzJhSFUKQmJlSEIyN2grczQ4NCtOeU5PSTBDcW9aeUZvSm9obVVkVnIwNW9tOHVaZjlUcWZzWm5GOVJ3R29FUWR3TWNyWgpMVVNic3pwaDdIV3FUR21lUlBFQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZNZDNibTBPR3V2SmVJVU9JZ2Z3c3NmMXVVa05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDcCtpYU1YMXhNbGtiYnMvNWpWdUgrdHc4NWtuWEtJVTREVEpFOVpMQ2J1dkhFR3RjZQphOW91TUlWYzI0OHpIajBudWYzaWJ2eHpSVFhQbExqMUdYUUljbThjZEhVWWd0QjVxa1JHdmxya1BwZHJpUUlSCmFoYnNoaE9zL3pvYWc5eGNaMlhPL3JxVFZvVjI4ZWZuK1IyL3R6b3BqV1A3MkJYa2o3cS9pclNWZ0ViazA2TncKbWh3R21WT2gvKy81T25lTUg4Sjl6VkRQSWp1aEFjaEtxSkc4SXB6SEEyVEdVbTBvQ2VGT3JZSGN0V3NWTmxEQwo3RngrOFN4R25CNlYvR2JQYWFYc0JHb1YwQWh3MFNiM0pqSUtSNlQvNlNoUHJQUkJOV2t5dmdZMWpHZWFSUXFvCnBMZEJMUUdHOXc1SjFFZDlrMmltcnRJV0RURnhSOHpYc0I2VgotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-374-eks_clusters_security_group_traffic_restricted",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..1a58133f7
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "374_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..c465a44c5
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,149 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "374_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 22,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 22,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 443,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 443,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [
+                            {
+                                "CidrIpv6": "::/0"
+                            }
+                        ],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            },
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "374_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 10250,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 10250,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 443,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 443,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "FromPort": 10250,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 10250,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 443,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 443,
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..e7d38c3b2
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,70 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "374_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/374_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 2,
+                "hour": 11,
+                "minute": 8,
+                "second": 58,
+                "microsecond": 875000
+            },
+            "version": "1.21",
+            "endpoint": "https://D4F7A0808F0D798475FF45F3C53D0282.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-373-cluster-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0381be1af43d40a6d",
+                    "subnet-0d1cb874a81dba178"
+                ],
+                "securityGroupIds": [
+                    "sg-076576b07f66d92af"
+                ],
+                "clusterSecurityGroupId": "sg-071a7361ef43ecceb",
+                "vpcId": "vpc-0a42bd855d9ac3572",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/D4F7A0808F0D798475FF45F3C53D0282"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1USXdNakE1TVRZek1Gb1hEVE14TVRFek1EQTVNVFl6TUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEtrCkZ1QTZ6S0lYUFF2TWtqdUJMQTRyUEcrVDBNaXloYTY1d3ZTRXE0d25aMWtaUHF5M0lKeGRFUHcrREVXTUZlZXYKZkw1YWpEbWxNNnhoa2hPc2JoVVhWWTZDdTQvc3F6aWhCWGx1YWMvMDlVUDNYUWNSZ1J5bFAxck8zeHdkMlhDagp3b2gvWEh1SnhTNGNVaW9XNmRYTnFzaWhzSWdGNEhKTWxBUW9LMGRpWkNLQm1mdjRBSnpKMmYvKzJVNmVmZVd4CktZMkZGS0RQQloza25HM0RERk9SNkdTOERhY05ranQxQk9wZlQvRXVhT2Q1T0RJMUhLSFFOMDluQ1dCeWlSUC8KSEQyL1VNVGZRaTJpcHJ2MWJMYk85MlJWLzhHTy9ZbzdQbzk5M3VzQmp3b1lXTUFIMXR4VTF2dDlWbGxqOTFnKwpxNjBDUkdCYXUzbFZyVE8vc01NQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZLdnZJVTVFbGZRWjNmSThRb3huVkx6Qm4ydEVNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCZ1NqWUhQT1NscGd6bnVQcUhJbUc4OGpneW1EL3V3ZXVKNGdocUcvUHdCRGVaUGdIQgo1WmtCaXd3bHRjRzZvYm1ZYTU3d2k1b1NVaTJhS3Vmb3R1bHRMYmxIUkREMmVoY2FGMmNueG9xZitsUk5zQWxlCmVzbTg1cEthM2UyRE5yZWN3OVJKeGQxZVNTNjJidkdlZkNCOTNRUnBaY0VoYk9lUmtMSnJ5TUNvbWZ2U1RnRVUKYUtrT25ldXpnQlV2Vm5MQmV4bkN6MWVsYWEzV2phZFJyeEpveU55VTFTRVJvQ0M5Q1BjWXVVUjBpMUttMG5pQwp1WVR1bHZhbUluMTFtd0tVNk1MeXA5cjlHVHFJK0pCYlo0TGF6clc5OXVaeGZhK00zNmpXcnZFalpnN29GNmduCmZUZGZCZjBpOHErWjdZbUg0bmxDY2NwQW4xZHVXbnZXQWY2KwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-374-eks_clusters_security_group_traffic_restricted",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..f871184cb
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "374_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red_policy_test.py b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red_policy_test.py
new file mode 100644
index 000000000..7339f607f
--- /dev/null
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/red_policy_test.py
@@ -0,0 +1,10 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        vpc=resources[0]["resourcesVpcConfig"]["vpcId"]
+        ec2_client = local_session.client("ec2")  
+        security_goups = ec2_client.describe_security_groups(GroupIds=resources[0]["resourcesVpcConfig"]["securityGroupIds"])
+        base_test.assertNotEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["FromPort"], "10250")
+        base_test.assertNotEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["ToPort"], "10250")
+        base_test.assertNotIn("FromPort", security_goups["SecurityGroups"][0]["IpPermissionsEgress"][0])
diff --git a/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..5cde3abae
--- /dev/null
+++ b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "375_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/375_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 2,
+                "hour": 14,
+                "minute": 18,
+                "second": 50,
+                "microsecond": 373000
+            },
+            "version": "1.21",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-375-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-03303e83804bbc0b6",
+                    "subnet-06d6abc177b3d93a2"
+                ],
+                "securityGroupIds": [],
+                "vpcId": "vpc-03276a91e00adc630",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "status": "CREATING",
+            "certificateAuthority": {},
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-375-eks_secrets_encrypted",
+                "ComplianceStatus": "Green"
+            },
+            "encryptionConfig": [
+                {
+                    "resources": [
+                        "secrets"
+                    ],
+                    "provider": {
+                        "keyArn": "arn:aws:kms:us-east-1:111111111111:key/a8b3fbae-803d-4f56-bb90-89ef15766e10"
+                    }
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..761bbd03b
--- /dev/null
+++ b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "375_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..4dfcfe0bb
--- /dev/null
+++ b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "375_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/375_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 2,
+                "hour": 14,
+                "minute": 36,
+                "second": 12,
+                "microsecond": 423000
+            },
+            "version": "1.21",
+            "endpoint": "https://8BF1F12E1223B1FB42FC4B1BA8C3DD23.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-375-cluster-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-079ddb57fccf3467d",
+                    "subnet-060a836cf7c5e15f3"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-0533f54f22bbebb4c",
+                "vpcId": "vpc-0a6f5a50a92b71ab0",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/8BF1F12E1223B1FB42FC4B1BA8C3DD23"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeE1USXdNakV5TkRJMU4xb1hEVE14TVRFek1ERXlOREkxTjFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjBqCjFCZStHcnNPckQzYk5PWTZUdTdUV202VW91bkFzdDB0L29jOTduMmpjZ05UVGZ1WTNOUjBsVkNLWkM2M3doNmEKNGxKOVpRRmxzYWQ0cFpsSkJqK2xqTUNiZGo1QlEyT3ZxSmVmMkNxK1R0T2M5QUU4U1BUbFdhTGlCMWpnNGZ2WQo4UXZLRzNBcEQ3a3RKRWkxcnhXS3pHZVUxd2hXNnlxZHU2eXRSSk44VkpwSzVYdHZ4SXUrdlpmZ0FtQUVHMzhlCnRrVFFjRmxpNEk2ay83VUpkMDU0UmlKK2RuMFdZUnNnc0R5R3dqS1hzZExFOUFnQmNiNEZjMmZ6VVFJT3pXNUoKS3pUMzdycVQ4cEVCbVgvU0JNd253Uzg3cGp6c1J2Qy92SkRLeUlDdWpMN3BjMFhRQzhwV3pNS3dYR014VWpDMApJU1UzTDZDK2FnUDVSdnB5YVBNQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZIRndJT1k1NHJLZW42S3IwUmZDMEFUMVlEQ05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDT2NFNmhDemxJVklGMDdYT3FzZjVLb1NaTjkyTzFzcXhTUmwvbGR0RkdoM1hjdWJ2cQp3RlNndk1CZnh5K3V4NEdxK1ZZVUw5UHlmd3VYSS9oUzExNlNpYWZTK0tGNnNOREs3Rmw3NndOOG5HbG1KNk5YCmxhZ0ZleW1jVnQwYXVneDRGbXhmVGlJcTFkRUtRNzVMc0V1QVNINElVQ0lEQndldFhHdjVMZTZWdTFLRUYzelUKQXBwdmRDMGxPWUNIWXJaNnNRQnlSOTh4U0VkbEhOdUYvL0xOL0tucTV6VC96K01ZeXpHRUlyU1MydytEOGt3SApqdEtHa1JQdFdJSkJYdDA3L2tmZ0g0bmRDMEVYZjdhc2pQQTFyUlpETk9LbUNieFpteFh0QlBvNEpZdU5pZVhiCm03ZHcvRXJNQUxUcS9CWVBLVDUzS1RUcnlFa2J3UlVDd1RWbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.3",
+            "tags": {
+                "CustodianRule": "ecc-aws-375-eks_secrets_encrypted",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..6bc56f874
--- /dev/null
+++ b/tests/ecc-aws-375-eks_secrets_encrypted/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "375_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-375-eks_secrets_encrypted/red_policy_test.py b/tests/ecc-aws-375-eks_secrets_encrypted/red_policy_test.py
new file mode 100644
index 000000000..d08386de5
--- /dev/null
+++ b/tests/ecc-aws-375-eks_secrets_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("encryptionConfig", resources[0])
diff --git a/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..545ca000b
--- /dev/null
+++ b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/376_ecr_respository_green",
+                "registryId": "111111111111",
+                "repositoryName": "376_ecr_respository_green",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/376_ecr_respository_green",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 17,
+                    "minute": 26,
+                    "second": 3,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "IMMUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..901e56fae
--- /dev/null
+++ b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-green/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-376-ecr_immutable_image_tags"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..4151e0f17
--- /dev/null
+++ b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/376_ecr_respository_green",
+                "registryId": "111111111111",
+                "repositoryName": "376_ecr_respository_green",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/376_ecr_respository_green",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 17,
+                    "minute": 40,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..0dc0c515e
--- /dev/null
+++ b/tests/ecc-aws-376-ecr_immutable_image_tags/placebo-red/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-376-ecr_immutable_image_tags"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-376-ecr_immutable_image_tags/red_policy_test.py b/tests/ecc-aws-376-ecr_immutable_image_tags/red_policy_test.py
new file mode 100644
index 000000000..b6bc82f46
--- /dev/null
+++ b/tests/ecc-aws-376-ecr_immutable_image_tags/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['imageTagMutability'], "MUTABLE")
diff --git a/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..7b8eb47c3
--- /dev/null
+++ b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/377_ecr_respository_green",
+                "registryId": "111111111111",
+                "repositoryName": "377_ecr_respository_green",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/377_ecr_respository_green",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 14,
+                    "minute": 1,
+                    "second": 47,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "KMS",
+                    "kmsKey": "arn:aws:kms:us-east-1:111111111111:key/46799033-a498-4586-a8ac-e6c3857af4be"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..feeeaf3c9
--- /dev/null
+++ b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-377-ecr_repository_kms_encryption_enabled"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..5d985395c
--- /dev/null
+++ b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/377_ecr_respository_red",
+                "registryId": "111111111111",
+                "repositoryName": "377_ecr_respository_red",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/377_ecr_respository_red",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 14,
+                    "minute": 6,
+                    "second": 54,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..9c01e2497
--- /dev/null
+++ b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-377-ecr_repository_kms_encryption_enabled"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/red_policy_test.py b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..464a891b2
--- /dev/null
+++ b/tests/ecc-aws-377-ecr_repository_kms_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['encryptionConfiguration']['encryptionType'], "AES256")
diff --git a/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..465df10e0
--- /dev/null
+++ b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:eu-north-1:this:repository/378_ecr_respository_green",
+                "registryId": "this",
+                "repositoryName": "378_ecr_respository_green",
+                "repositoryUri": "this.dkr.ecr.eu-north-1.amazonaws.com/378_ecr_respository_green",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 30,
+                    "hour": 14,
+                    "minute": 31,
+                    "second": 38,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": true
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..c42bb257a
--- /dev/null
+++ b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-green/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..1a0328a3f
--- /dev/null
+++ b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:eu-north-1:this:repository/378_ecr_respository_red",
+                "registryId": "this",
+                "repositoryName": "378_ecr_respository_red",
+                "repositoryUri": "this.dkr.ecr.eu-north-1.amazonaws.com/378_ecr_respository_red",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 30,
+                    "hour": 14,
+                    "minute": 40,
+                    "second": 21,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..c42bb257a
--- /dev/null
+++ b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/placebo-red/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/red_policy_test.py b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/red_policy_test.py
new file mode 100644
index 000000000..d1c8afea3
--- /dev/null
+++ b/tests/ecc-aws-378-ecr_image_scanning_on_push_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['imageScanningConfiguration']['scanOnPush'])
\ No newline at end of file
diff --git a/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..806ed2329
--- /dev/null
+++ b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-379-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "green379",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "06:56-07:26",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-379-green",
+                        "ParameterApplyStatus": "applying"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:03:03-fri:03:33",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-PCDMM72THNPQMFAHMZIE5PS2WY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-379-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..ada14360c
--- /dev/null
+++ b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "logging_collector",
+                "ParameterValue": "1",
+                "Description": "Start a subprocess to capture stderr output and/or csvlogs into log files.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_age",
+                "ParameterValue": "60",
+                "Description": "(min) Automatic log file rotation will occur after N minutes.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-1440",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..9626f3d31
--- /dev/null
+++ b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-379-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "configuring-log-exports",
+                "MasterUsername": "root",
+                "DBName": "red379",
+                "Endpoint": {
+                    "Address": "database-379-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 27,
+                    "second": 46,
+                    "microsecond": 262000
+                },
+                "PreferredBackupWindow": "04:13-04:43",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-379-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:08:09-tue:08:39",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-AVYYRYTOIYMWPQ4KOVWEOZEZUU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-379-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..895459b22
--- /dev/null
+++ b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "logging_collector",
+                "ParameterValue": "1",
+                "Description": "Start a subprocess to capture stderr output and/or csvlogs into log files.",
+                "Source": "system",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": false,
+                "ApplyMethod": "pending-reboot"
+            },
+            {
+                "ParameterName": "log_rotation_age",
+                "ParameterValue": "120",
+                "Description": "(min) Automatic log file rotation will occur after N minutes.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "1-1440",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red_policy_test.py b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red_policy_test.py
new file mode 100644
index 000000000..b70f78049
--- /dev/null
+++ b/tests/ecc-aws-379-postgresql_log_rotation_age_flag_set_to_60/red_policy_test.py
@@ -0,0 +1,22 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="logging_collector":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+            elif parameter["ParameterName"]=="log_rotation_age":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertNotEqual(parameter['ParameterValue'], '60')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..df720ccfc
--- /dev/null
+++ b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-380-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "green380",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "06:57-07:27",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-380-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:07:38-wed:08:08",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-PO2ZAW6J7HY2724ET4OMHCIVTI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-380-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..055eb3245
--- /dev/null
+++ b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_rotation_size",
+                "ParameterValue": "1000000",
+                "Description": "(kB) Automatic log file rotation will occur after N kilobytes.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2097151",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e8c6b6a22
--- /dev/null
+++ b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-380-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "red380",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "04:55-05:25",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-380-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:05:58-sat:06:28",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-KWV7PCEEYN46BFP7OQQHUDTNYM",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-380-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..d7d5d2d77
--- /dev/null
+++ b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_rotation_size",
+                "Description": "(kB) Automatic log file rotation will occur after N kilobytes.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "0-2097151",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red_policy_test.py b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..894a3438a
--- /dev/null
+++ b/tests/ecc-aws-380-postgresql_log_rotation_size_flag_set_correctly/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_rotation_size":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e1e526d9f
--- /dev/null
+++ b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-381-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "green381",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:29-08:59",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-381-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:05:51-sat:06:21",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-CYCTUV2TWVZDNBLC2UHZYVZOHE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-381-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-381-postgresql_debug_print_parse_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..947040ff4
--- /dev/null
+++ b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_parse",
+                "ParameterValue": "0",
+                "Description": "Logs each querys parse tree.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..fd34dfe15
--- /dev/null
+++ b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,134 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-381-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "red381",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:41-09:11",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-381-red",
+                        "ParameterApplyStatus": "applying"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:10:27-sat:10:57",
+                "PendingModifiedValues": {
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-5PNCADPXAGASD6BUCPBJUE2GCA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-381-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-381-postgresql_debug_print_parse_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..4067629a3
--- /dev/null
+++ b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_parse",
+                "ParameterValue": "1",
+                "Description": "Logs each querys parse tree.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red_policy_test.py b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..0008ad281
--- /dev/null
+++ b/tests/ecc-aws-381-postgresql_debug_print_parse_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="debug_print_parse":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..d1640fa17
--- /dev/null
+++ b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-382-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green382",
+                "Endpoint": {
+                    "Address": "database-382-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 10,
+                    "minute": 51,
+                    "second": 8,
+                    "microsecond": 890000
+                },
+                "PreferredBackupWindow": "04:47-05:17",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-382-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:07:33-tue:08:03",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-AGBTVF2VMVX2QFXW5PXW322Y6I",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-382-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..70768a609
--- /dev/null
+++ b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_rewritten",
+                "ParameterValue": "0",
+                "Description": "Logs each querys rewritten parse tree.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..cb0b0d80c
--- /dev/null
+++ b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-382-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "red382",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:54-09:24",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-382-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:05:54-tue:06:24",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-YE4LKBVN5K4NCFJ6XCEQRGJHDQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-382-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..f33017ab8
--- /dev/null
+++ b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_rewritten",
+                "ParameterValue": "1",
+                "Description": "Logs each querys rewritten parse tree.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red_policy_test.py b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..6a778bdaf
--- /dev/null
+++ b/tests/ecc-aws-382-postgresql_debug_print_rewritten_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="debug_print_rewritten":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..41c046e73
--- /dev/null
+++ b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-383-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green383",
+                "Endpoint": {
+                    "Address": "database-383-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 10,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 53,
+                    "microsecond": 171000
+                },
+                "PreferredBackupWindow": "08:10-08:40",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-383-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:05:41-sun:06:11",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-KZH2AMLS72POC7KLDLBYV4PVX4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-383-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-383-postgresql_debug_print_plan_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..03312e2b1
--- /dev/null
+++ b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_plan",
+                "Description": "Logs each querys execution plan.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2a9de07f5
--- /dev/null
+++ b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-383-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red383",
+                "Endpoint": {
+                    "Address": "database-383-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 10,
+                    "hour": 12,
+                    "minute": 40,
+                    "second": 5,
+                    "microsecond": 939000
+                },
+                "PreferredBackupWindow": "05:20-05:50",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-383-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:09:57-fri:10:27",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-BA6GI56ZMFMLESQ3DFXN7BZ4PU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-383-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-383-postgresql_debug_print_plan_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..a4d0e1f01
--- /dev/null
+++ b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_print_plan",
+                "ParameterValue": "1",
+                "Description": "Logs each querys execution plan.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red_policy_test.py b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..947e9535c
--- /dev/null
+++ b/tests/ecc-aws-383-postgresql_debug_print_plan_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="debug_print_plan":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..c849dd381
--- /dev/null
+++ b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-384-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "green384",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "03:28-03:58",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-384-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:08:13-thu:08:43",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-SJHQ33YYYR3RBA23YQ2W4IQDA4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-384-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-384-postgresql_debug_pretty_print_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..0adb7ed15
--- /dev/null
+++ b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_pretty_print",
+                "ParameterValue": "1",
+                "Description": "Indents parse and plan tree displays.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..87437a59d
--- /dev/null
+++ b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-384-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "red384",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "08:31-09:01",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-384-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:05:42-thu:06:12",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-KBNDU5PDUPBPLO2OCBYACITLD4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-384-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-384-postgresql_debug_pretty_print_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..3e9689e22
--- /dev/null
+++ b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "debug_pretty_print",
+                "Description": "Indents parse and plan tree displays.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red_policy_test.py b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..4032b384e
--- /dev/null
+++ b/tests/ecc-aws-384-postgresql_debug_pretty_print_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="debug_pretty_print":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..5663078c9
--- /dev/null
+++ b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-385-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "green385",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "10:14-10:44",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-385-green",
+                        "ParameterApplyStatus": "applying"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:08:58-mon:09:28",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-EJTSQ3ZWYVICOPENTA2XHKO5JE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-385-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-385-postgresql_log_connections_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..e4f297bc6
--- /dev/null
+++ b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_connections",
+                "ParameterValue": "1",
+                "Description": "Logs each successful connection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e95563428
--- /dev/null
+++ b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,135 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-385-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "creating",
+                "MasterUsername": "root",
+                "DBName": "red385",
+                "AllocatedStorage": 10,
+                "PreferredBackupWindow": "03:46-04:16",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-385-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:06:06-wed:06:36",
+                "PendingModifiedValues": {
+                    "MasterUserPassword": "****",
+                    "PendingCloudwatchLogsExports": {
+                        "LogTypesToEnable": [
+                            "postgresql"
+                        ]
+                    }
+                },
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-EO5W5YQFR3YRHANAB6JCTU7PZY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-385-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-385-postgresql_log_connections_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..499c562b0
--- /dev/null
+++ b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_connections",
+                "Description": "Logs each successful connection.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/red_policy_test.py b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..970004acc
--- /dev/null
+++ b/tests/ecc-aws-385-postgresql_log_connections_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_connections":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..75d7309f3
--- /dev/null
+++ b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-386-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green386",
+                "Endpoint": {
+                    "Address": "database-386-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 8,
+                    "hour": 11,
+                    "minute": 50,
+                    "second": 30,
+                    "microsecond": 80000
+                },
+                "PreferredBackupWindow": "06:39-07:09",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-386-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:04:15-fri:04:45",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-3H3NJGC3LRLKLY6VGG2ET6FYWA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-386-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-386-postgresql_log_disconnections_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..9ea44b649
--- /dev/null
+++ b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_disconnections",
+                "ParameterValue": "1",
+                "Description": "Logs end of a session, including duration.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..002ed31b6
--- /dev/null
+++ b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-386-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red386",
+                "Endpoint": {
+                    "Address": "database-386-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 8,
+                    "hour": 12,
+                    "minute": 12,
+                    "second": 39,
+                    "microsecond": 655000
+                },
+                "PreferredBackupWindow": "08:47-09:17",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-386-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:06:10-tue:06:40",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-OTM3UDK2C3ASZ5ZO4CRFEDPGAA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-386-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-386-postgresql_log_disconnections_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..0ceb88281
--- /dev/null
+++ b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_disconnections",
+                "Description": "Logs end of a session, including duration.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red_policy_test.py b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..96220699b
--- /dev/null
+++ b/tests/ecc-aws-386-postgresql_log_disconnections_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_disconnections":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..6d46102eb
--- /dev/null
+++ b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-387-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green387",
+                "Endpoint": {
+                    "Address": "database-387-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 2,
+                    "day": 9,
+                    "hour": 11,
+                    "minute": 8,
+                    "second": 31,
+                    "microsecond": 538000
+                },
+                "PreferredBackupWindow": "10:02-10:32",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-387-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:29-sun:09:59",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-T6KLCQA7PFJO2YRFFT7VUCNA7Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-387-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..f2d80c4ec
--- /dev/null
+++ b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_error_verbosity",
+                "ParameterValue": "default",
+                "Description": "Sets the verbosity of logged messages.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "terse,default,verbose",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..0837b072a
--- /dev/null
+++ b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,147 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-387-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red387",
+                "Endpoint": {
+                    "Address": "database-387-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 2,
+                    "day": 9,
+                    "hour": 11,
+                    "minute": 0,
+                    "second": 47,
+                    "microsecond": 606000
+                },
+                "PreferredBackupWindow": "05:50-06:20",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-387-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:06:29-tue:06:59",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-V5Z65WYMPAXDRCO76LDPYJMCRM",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-387-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..6ee8d1ecc
--- /dev/null
+++ b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_error_verbosity",
+                "ParameterValue": "terse",
+                "Description": "Sets the verbosity of logged messages.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "terse,default,verbose",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red_policy_test.py b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..f2c66efcc
--- /dev/null
+++ b/tests/ecc-aws-387-postgresql_log_error_verbosity_flag_set_correctly/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_error_verbosity":
+              base_test.assertEqual(parameter['ParameterValue'], 'terse')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..692374557
--- /dev/null
+++ b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-388-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green388",
+                "Endpoint": {
+                    "Address": "database-388-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 8,
+                    "minute": 4,
+                    "second": 42,
+                    "microsecond": 899000
+                },
+                "PreferredBackupWindow": "09:48-10:18",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-388-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:08:12-sat:08:42",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-6VKEUGP6LPTW4CIPOD4BHMNGXY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-388-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-388-postgresql_log_hostname_flag_set_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..2d9e9bb32
--- /dev/null
+++ b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_hostname",
+                "ParameterValue": "0",
+                "Description": "Logs the host name in the connection logs.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..be8a2a77f
--- /dev/null
+++ b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-388-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green388",
+                "Endpoint": {
+                    "Address": "database-388-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 8,
+                    "minute": 17,
+                    "second": 42,
+                    "microsecond": 53000
+                },
+                "PreferredBackupWindow": "03:42-04:12",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-388-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:56-sun:10:26",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-BJ7ZWNDSDYNM76AEYDXPFGED7U",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-388-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-388-postgresql_log_hostname_flag_set_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..1ec61ee96
--- /dev/null
+++ b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_hostname",
+                "ParameterValue": "1",
+                "Description": "Logs the host name in the connection logs.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/red_policy_test.py b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..8c0d2f3fe
--- /dev/null
+++ b/tests/ecc-aws-388-postgresql_log_hostname_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_hostname":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..94c2b78fa
--- /dev/null
+++ b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-389-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green389",
+                "Endpoint": {
+                    "Address": "database-389-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 54,
+                    "microsecond": 763000
+                },
+                "PreferredBackupWindow": "04:59-05:29",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-389-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:09:45-tue:10:15",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-KOKHDYVC4JAEP7JMHIKNQJM644",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-389-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-389-postgresql_log_statement_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..49abcc651
--- /dev/null
+++ b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..dbdcadfd8
--- /dev/null
+++ b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-389-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green389",
+                "Endpoint": {
+                    "Address": "database-389-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 32,
+                    "second": 6,
+                    "microsecond": 405000
+                },
+                "PreferredBackupWindow": "09:39-10:09",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-389-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:08:27-thu:08:57",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-EFHPPX5VW5KIO56G6HAUUT3IRQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-389-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-389-postgresql_log_statement_flag_set_correctly"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..06c6c2331
--- /dev/null
+++ b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_statement",
+				"ParameterValue": "none",
+                "Description": "Sets the type of statements logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red_policy_test.py b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..54678e97f
--- /dev/null
+++ b/tests/ecc-aws-389-postgresql_log_statement_flag_set_correctly/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_statement":
+              base_test.assertEqual(parameter['ParameterValue'], 'none')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..8e620b59c
--- /dev/null
+++ b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-390-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green390",
+                "Endpoint": {
+                    "Address": "database-390-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 9,
+                    "second": 2,
+                    "microsecond": 471000
+                },
+                "PreferredBackupWindow": "04:39-05:09",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-390-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:09:35-thu:10:05",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-3QCV4UF5MZQAHVM2YAAAGE2UZA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-390-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..0d835ba99
--- /dev/null
+++ b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_destination",
+                "ParameterValue": "csvlog",
+                "Description": "Sets the destination for server log output.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "stderr,csvlog",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..b8367a18d
--- /dev/null
+++ b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-390-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red390",
+                "Endpoint": {
+                    "Address": "database-390-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 20,
+                    "second": 35,
+                    "microsecond": 68000
+                },
+                "PreferredBackupWindow": "04:35-05:05",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-390-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:03:13-tue:03:43",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-WR3KRPN3IEPRUMTQJJFFUEJTJY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-390-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..c5ee9bd1f
--- /dev/null
+++ b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_destination",
+                "ParameterValue": "stderr",
+                "Description": "Sets the destination for server log output.",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "stderr,csvlog",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red_policy_test.py b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red_policy_test.py
new file mode 100644
index 000000000..ed04fdd9a
--- /dev/null
+++ b/tests/ecc-aws-390-postgresql_log_destination_flag_set_to_csvlog/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_destination":
+              base_test.assertEqual(parameter['ParameterValue'], 'stderr')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..1343be4cd
--- /dev/null
+++ b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-391-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green391",
+                "Endpoint": {
+                    "Address": "database-391-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 10,
+                    "hour": 14,
+                    "minute": 29,
+                    "second": 27,
+                    "microsecond": 394000
+                },
+                "PreferredBackupWindow": "07:28-07:58",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-391-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:10:00-sun:10:30",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-XNIALJ6FY4SXJTPS3VIBLGQREM",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-391-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-391-postgresql_log_checkpoints_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..837a54a87
--- /dev/null
+++ b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_checkpoints",
+                "ParameterValue": "1",
+                "Description": "Logs each checkpoint.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..1bbd11f47
--- /dev/null
+++ b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-391-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red391",
+                "Endpoint": {
+                    "Address": "database-391-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 10,
+                    "hour": 14,
+                    "minute": 38,
+                    "second": 35,
+                    "microsecond": 421000
+                },
+                "PreferredBackupWindow": "05:54-06:24",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-391-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:08:44-mon:09:14",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-DDW5BFJ2FNZ5BM7HDWDUWUUG3Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-391-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-391-postgresql_log_checkpoints_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..578757352
--- /dev/null
+++ b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_checkpoints",
+                "ParameterValue": "0",
+                "Description": "Logs each checkpoint.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red_policy_test.py b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..545a1cf5f
--- /dev/null
+++ b/tests/ecc-aws-391-postgresql_log_checkpoints_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_checkpoints":
+              base_test.assertEqual(parameter['ParameterValue'], '0')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..0c1467311
--- /dev/null
+++ b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-392-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green392",
+                "Endpoint": {
+                    "Address": "database-392-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 7,
+                    "minute": 38,
+                    "second": 26,
+                    "microsecond": 17000
+                },
+                "PreferredBackupWindow": "09:53-10:23",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-392-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:03:30-sat:04:00",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-JI2X4DY2TYHVGOCTE3KB3UAGLE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-392-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-392-postgresql_log_lock_waits_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..b286b03ab
--- /dev/null
+++ b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_lock_waits",
+                "ParameterValue": "1",
+                "Description": "Logs long lock waits.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..595670aa4
--- /dev/null
+++ b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-392-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green392",
+                "Endpoint": {
+                    "Address": "database-392-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 7,
+                    "minute": 47,
+                    "second": 22,
+                    "microsecond": 278000
+                },
+                "PreferredBackupWindow": "06:55-07:25",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-392-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:04:23-fri:04:53",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-P263OQEACIY5I6N2WHEXTUELH4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-392-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-392-postgresql_log_lock_waits_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..94d572de3
--- /dev/null
+++ b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_lock_waits",
+                "Description": "Logs long lock waits.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red_policy_test.py b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..2a40420bd
--- /dev/null
+++ b/tests/ecc-aws-392-postgresql_log_lock_waits_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_lock_waits":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..6d7493a08
--- /dev/null
+++ b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-393-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green393",
+                "Endpoint": {
+                    "Address": "database-393-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 8,
+                    "minute": 6,
+                    "second": 18,
+                    "microsecond": 938000
+                },
+                "PreferredBackupWindow": "07:31-08:01",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-393-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:43-sun:10:13",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-GJYRQLYRLH32EHRVWFE7IA47K4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-393-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-393-postgresql_log_duration_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..3c45ed68a
--- /dev/null
+++ b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_duration",
+                "ParameterValue": "1",
+                "Description": "Logs the duration of each completed SQL statement.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..909d71382
--- /dev/null
+++ b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-393-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red393",
+                "Endpoint": {
+                    "Address": "database-393-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 8,
+                    "minute": 19,
+                    "second": 12,
+                    "microsecond": 307000
+                },
+                "PreferredBackupWindow": "07:13-07:43",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-393-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:08:53-thu:09:23",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ISLGF3RIJQOBSC4KJGDQIRK5FU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:this:db:database-393-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-393-postgresql_log_duration_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..eba77d045
--- /dev/null
+++ b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_duration",
+                "Description": "Logs the duration of each completed SQL statement.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/red_policy_test.py b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..da2cf4c75
--- /dev/null
+++ b/tests/ecc-aws-393-postgresql_log_duration_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_duration":
+              base_test.assertNotIn('ParameterValue', parameter)
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-green/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..64643bd5c
--- /dev/null
+++ b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0206989849558c776",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0206989849558c776",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 15,
+                    "minute": 7,
+                    "second": 6,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "disable",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-024aeb27445541133",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-394-transit_gateway_default_route_table_association_disabled"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "394_transit_gateway_green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-red/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..f2c1dc77d
--- /dev/null
+++ b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0505ab97b6ed981ea",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0505ab97b6ed981ea",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 14,
+                    "minute": 54,
+                    "second": 26,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-0ce1a9e217ef38428",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-0ce1a9e217ef38428",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-394-transit_gateway_default_route_table_association_disabled"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "394_transit_gateway_red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red_policy_test.py b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red_policy_test.py
new file mode 100644
index 000000000..277beadab
--- /dev/null
+++ b/tests/ecc-aws-394-transit_gateway_default_route_table_association_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Options']['DefaultRouteTableAssociation'], 'enable')
\ No newline at end of file
diff --git a/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-green/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..c3698f5e0
--- /dev/null
+++ b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-04bcbd9341fb96d26",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-04bcbd9341fb96d26",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 14,
+                    "second": 31,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-068b21ab47cd0e240",
+                    "DefaultRouteTablePropagation": "disable",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-395-transit_gateway_default_route_table_propagation_disabled"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "395_transit_gateway_green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-red/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..c9e062540
--- /dev/null
+++ b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0c0c23a8a0a89d18b",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0c0c23a8a0a89d18b",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 2,
+                    "second": 13,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-0f191b1c143bf6ee8",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-0f191b1c143bf6ee8",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-395-transit_gateway_default_route_table_propagation_disabled"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "395_transit_gateway_red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red_policy_test.py b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red_policy_test.py
new file mode 100644
index 000000000..83c1ceb55
--- /dev/null
+++ b/tests/ecc-aws-395-transit_gateway_default_route_table_propagation_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Options']['DefaultRouteTablePropagation'], 'enable')
\ No newline at end of file
diff --git a/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..2672647e9
--- /dev/null
+++ b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "fsfuo1h2be",
+                "name": "apiGatewayRestApi396Green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 57,
+                    "second": 41,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..053902a57
--- /dev/null
+++ b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "lv6kfo",
+                "stageName": "apiGatewayStage396Green",
+                "cacheClusterEnabled": false,
+                "cacheClusterStatus": "NOT_AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": false,
+                "webAclArn": "arn:aws:waf-regional:us-east-1:111111111111:webacl/1ef2359b-5855-4a4d-8343-cfbbbb4413bd",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 57,
+                    "second": 46,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 13,
+                    "minute": 0,
+                    "second": 13,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..27fff8592
--- /dev/null
+++ b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "f4g5el2gua",
+                "name": "apiGatewayRestApi396Red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 13,
+                    "minute": 3,
+                    "second": 16,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..45cc9dfd6
--- /dev/null
+++ b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "m4rdoa",
+                "stageName": "apiGatewayStage396Red",
+                "cacheClusterEnabled": false,
+                "cacheClusterStatus": "NOT_AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 13,
+                    "minute": 3,
+                    "second": 19,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 13,
+                    "minute": 3,
+                    "second": 19,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red_policy_test.py b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red_policy_test.py
new file mode 100644
index 000000000..c0928684c
--- /dev/null
+++ b/tests/ecc-aws-396-rest_api_gateway_is_protected_by_waf/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse('webAclArn' in resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..a5df1c51e
--- /dev/null
+++ b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "x89r2nl1l5",
+                "name": "apiGatewayRestApi397Green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 35,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "minimumCompressionSize": 100,
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..dad382cde
--- /dev/null
+++ b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "62og5r7o5d",
+                "name": "apiGatewayRestApi397Red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 12,
+                    "minute": 58,
+                    "second": 4,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red_policy_test.py b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red_policy_test.py
new file mode 100644
index 000000000..327a3c327
--- /dev/null
+++ b/tests/ecc-aws-397-rest_api_gateway_contend_encoding_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse('minimumCompressionSize' in resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..5bd0faf18
--- /dev/null
+++ b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "guctbzj8ma",
+                "name": "apiGatewayRestApi398Green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 30,
+                    "second": 49,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..3fcc69186
--- /dev/null
+++ b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "57dtkw",
+                "stageName": "apiGatewayStage398Green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 30,
+                    "second": 53,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 34,
+                    "second": 50,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..c982bb832
--- /dev/null
+++ b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+		"items": [
+            {
+                "id": "o682nmeg0k",
+                "name": "apiGatewayRestApi398Red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 4,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..bdb160794
--- /dev/null
+++ b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "iazd21",
+                "stageName": "apiGatewayStage398Red",
+                "cacheClusterEnabled": false,
+                "cacheClusterStatus": "NOT_AVAILABLE",
+                "methodSettings": {},
+                "tracingEnabled": false,
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 8,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 6,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-398-rest_api_gateway_cache_enabled/red_policy_test.py b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/red_policy_test.py
new file mode 100644
index 000000000..266fe788f
--- /dev/null
+++ b/tests/ecc-aws-398-rest_api_gateway_cache_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['cacheClusterEnabled'])
+        base_test.assertEqual(resources[0]['cacheClusterStatus'], "NOT_AVAILABLE")
\ No newline at end of file
diff --git a/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..c80b917c2
--- /dev/null
+++ b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "SSE-KMS",
+                "SseAwsKmsKeyId": "alias/aws/glue"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": false
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..15a04d4de
--- /dev/null
+++ b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "DISABLED"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": false
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red_policy_test.py b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red_policy_test.py
new file mode 100644
index 000000000..7ea973be3
--- /dev/null
+++ b/tests/ecc-aws-400-glue_data_catalog_encrypted_at_rest/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:glue-security-config']["CatalogEncryptionMode"], "DISABLED")
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..13ba8b06d
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "SSE-KMS",
+                "SseAwsKmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/7b3fe76a-62eb-40c1-b3d3-6de4085548c3"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": false
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..7fddd2b90
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "7b3fe76a-62eb-40c1-b3d3-6de4085548c3",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/7b3fe76a-62eb-40c1-b3d3-6de4085548c3",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 6,
+                "hour": 16,
+                "minute": 53,
+                "second": 41,
+                "microsecond": 588000
+            },
+            "Enabled": true,
+            "Description": "401_kms_key_green",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..e50fb444a
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..e4d01abf1
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/7b3fe76a-62eb-40c1-b3d3-6de4085548c3",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..c80b917c2
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "SSE-KMS",
+                "SseAwsKmsKeyId": "alias/aws/glue"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": false
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..affc9d71f
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "4113ce8f-1387-4755-96d8-bb8ca98c06b2",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/4113ce8f-1387-4755-96d8-bb8ca98c06b2",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 11,
+                "day": 11,
+                "hour": 11,
+                "minute": 50,
+                "second": 8,
+                "microsecond": 193000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my Glue data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..1fdf4cda4
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/glue",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/glue",
+                "TargetKeyId": "4113ce8f-1387-4755-96d8-bb8ca98c06b2",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 11,
+                    "minute": 50,
+                    "second": 8,
+                    "microsecond": 300000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 11,
+                    "minute": 50,
+                    "second": 8,
+                    "microsecond": 300000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red_policy_test.py b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red_policy_test.py
new file mode 100644
index 000000000..2b153ff82
--- /dev/null
+++ b/tests/ecc-aws-401-glue_data_catalog_encrypted_with_kms_customer_master_keys/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['c7n:glue-security-config']["SseAwsKmsKeyId"], "alias/aws/glue")
\ No newline at end of file
diff --git a/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..13fa3e7ef
--- /dev/null
+++ b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "402_security_configuration_green",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 14,
+                    "minute": 58,
+                    "second": 56,
+                    "microsecond": 989000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "DISABLED"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "DISABLED"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "CSE-KMS",
+                        "KmsKeyArn": "arn:aws:kms:us-east-1:111111111111:key/4113ce8f-1387-4755-96d8-bb8ca98c06b2"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..46946abf0
--- /dev/null
+++ b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "401_security_configuration_green",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 14,
+                    "minute": 40,
+                    "second": 48,
+                    "microsecond": 7000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "DISABLED"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "DISABLED"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-402-glue_job_bookmarks_encrypted/red_policy_test.py b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/red_policy_test.py
new file mode 100644
index 000000000..6644371db
--- /dev/null
+++ b/tests/ecc-aws-402-glue_job_bookmarks_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EncryptionConfiguration']["JobBookmarksEncryption"]['JobBookmarksEncryptionMode'], "DISABLED")
\ No newline at end of file
diff --git a/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..8a57c7c16
--- /dev/null
+++ b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-green/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "403_security_configuration_green",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 11,
+                    "minute": 4,
+                    "second": 33,
+                    "microsecond": 938000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "DISABLED"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "SSE-KMS",
+                        "KmsKeyArn": "arn:aws:kms:us-east-1:111111111111:key/4113ce8f-1387-4755-96d8-bb8ca98c06b2"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..06f090dcf
--- /dev/null
+++ b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/placebo-red/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "402_security_configuration_red",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 11,
+                    "minute": 7,
+                    "second": 24,
+                    "microsecond": 644000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "DISABLED"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "DISABLED"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/red_policy_test.py b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/red_policy_test.py
new file mode 100644
index 000000000..6e0a96f25
--- /dev/null
+++ b/tests/ecc-aws-403-glue_cloudwatch_logs_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EncryptionConfiguration']["CloudWatchEncryption"]['CloudWatchEncryptionMode'], "DISABLED")
\ No newline at end of file
diff --git a/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-green/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-green/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..c580c9529
--- /dev/null
+++ b/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-green/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "404_security_configuration_green",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 27,
+                    "second": 11,
+                    "microsecond": 644000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "SSE-KMS",
+                            "KmsKeyArn": "arn:aws:kms:us-east-1:111111111111:key/f53a0dc6-a32a-4c08-b26a-7fea5101f831"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "DISABLED"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-red/glue.GetSecurityConfigurations_1.json b/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-red/glue.GetSecurityConfigurations_1.json
new file mode 100644
index 000000000..0cc552277
--- /dev/null
+++ b/tests/ecc-aws-404-glue_s3_encryption_enabled/placebo-red/glue.GetSecurityConfigurations_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "404_security_configuration_red",
+                "CreatedTimeStamp": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 28,
+                    "second": 41,
+                    "microsecond": 519000
+                },
+                "EncryptionConfiguration": {
+                    "S3Encryption": [
+                        {
+                            "S3EncryptionMode": "DISABLED"
+                        }
+                    ],
+                    "CloudWatchEncryption": {
+                        "CloudWatchEncryptionMode": "DISABLED"
+                    },
+                    "JobBookmarksEncryption": {
+                        "JobBookmarksEncryptionMode": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "NextToken": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-404-glue_s3_encryption_enabled/red_policy_test.py b/tests/ecc-aws-404-glue_s3_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..135626105
--- /dev/null
+++ b/tests/ecc-aws-404-glue_s3_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EncryptionConfiguration']["S3Encryption"][0]['S3EncryptionMode'], "DISABLED")
\ No newline at end of file
diff --git a/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..7f03db2d7
--- /dev/null
+++ b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2OVK4QL88UR2U",
+            "Name": "405_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 8,
+                        "hour": 9,
+                        "minute": 13,
+                        "second": 6,
+                        "microsecond": 659000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 8,
+                        "hour": 9,
+                        "minute": 21,
+                        "second": 12,
+                        "microsecond": 533000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-0c77134f25e78bea9",
+                "RequestedEc2SubnetIds": [
+                    "subnet-0c77134f25e78bea9"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/405_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-015131dc26a7b7382",
+                "EmrManagedSlaveSecurityGroup": "sg-015131dc26a7b7382",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-405-emr_kerberos_authentication_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/405_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.224.61.61",
+            "Configurations": [],
+            "SecurityConfiguration": "405_kerberos_green",
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {
+                "Realm": "EC2.INTERNAL",
+                "KdcAdminPassword": "********",
+                "CrossRealmTrustPrincipalPassword": "********"
+            },
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OVK4QL88UR2U",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..34716f6d0
--- /dev/null
+++ b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2OVK4QL88UR2U",
+                "Name": "405_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 8,
+                            "hour": 9,
+                            "minute": 13,
+                            "second": 6,
+                            "microsecond": 659000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 8,
+                            "hour": 9,
+                            "minute": 21,
+                            "second": 12,
+                            "microsecond": 533000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OVK4QL88UR2U"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..2adce3505
--- /dev/null
+++ b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-1UPQAEVEY6GTX",
+            "Name": "405_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 8,
+                        "hour": 9,
+                        "minute": 29,
+                        "second": 46,
+                        "microsecond": 327000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 8,
+                        "hour": 9,
+                        "minute": 38,
+                        "second": 36,
+                        "microsecond": 378000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-08e233bb3bfd97b52",
+                "RequestedEc2SubnetIds": [
+                    "subnet-08e233bb3bfd97b52"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/405_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-0f866bc7a72a52756",
+                "EmrManagedSlaveSecurityGroup": "sg-0f866bc7a72a52756",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-405-emr_kerberos_authentication_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/405_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.162.143.81",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1UPQAEVEY6GTX",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..be1816393
--- /dev/null
+++ b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-1UPQAEVEY6GTX",
+                "Name": "405_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 8,
+                            "hour": 9,
+                            "minute": 29,
+                            "second": 46,
+                            "microsecond": 327000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 8,
+                            "hour": 9,
+                            "minute": 38,
+                            "second": 36,
+                            "microsecond": 378000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1UPQAEVEY6GTX"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-405-emr_kerberos_authentication_enabled/red_policy_test.py b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/red_policy_test.py
new file mode 100644
index 000000000..17c622027
--- /dev/null
+++ b/tests/ecc-aws-405-emr_kerberos_authentication_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn(resources[0]['Status']['State'], ['RUNNING', 'WAITING'])
+        base_test.assertNotIn('Realm', resources[0]['KerberosAttributes'])
\ No newline at end of file
diff --git a/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..0772e6950
--- /dev/null
+++ b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2OGQ4J02EXUSS",
+            "Name": "407_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 9,
+                        "hour": 16,
+                        "minute": 45,
+                        "second": 45,
+                        "microsecond": 307000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 9,
+                        "hour": 16,
+                        "minute": 54,
+                        "second": 30,
+                        "microsecond": 476000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-019be79ce6b44897b",
+                "RequestedEc2SubnetIds": [
+                    "subnet-019be79ce6b44897b"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/407_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-05df010e445ca430a",
+                "EmrManagedSlaveSecurityGroup": "sg-05df010e445ca430a",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-407-emr_clusters_in_vpc"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/407_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.161.52.76",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OGQ4J02EXUSS",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..64a2c2ee1
--- /dev/null
+++ b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2OGQ4J02EXUSS",
+                "Name": "407_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 9,
+                            "hour": 16,
+                            "minute": 45,
+                            "second": 45,
+                            "microsecond": 307000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 9,
+                            "hour": 16,
+                            "minute": 54,
+                            "second": 30,
+                            "microsecond": 476000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OGQ4J02EXUSS"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..248506345
--- /dev/null
+++ b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2OGQ4J02EXUSS",
+            "Name": "407_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 9,
+                        "hour": 16,
+                        "minute": 45,
+                        "second": 45,
+                        "microsecond": 307000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 9,
+                        "hour": 16,
+                        "minute": 54,
+                        "second": 30,
+                        "microsecond": 476000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "",
+                "RequestedEc2SubnetIds": [
+                    "subnet-019be79ce6b44897b"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/407_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-05df010e445ca430a",
+                "EmrManagedSlaveSecurityGroup": "sg-05df010e445ca430a",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-407-emr_clusters_in_vpc"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/407_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.161.52.76",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OGQ4J02EXUSS",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..697b56f02
--- /dev/null
+++ b/tests/ecc-aws-407-emr_clusters_in_vpc/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2OGQ4J02EXUSS",
+                "Name": "407_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 9,
+                            "hour": 16,
+                            "minute": 45,
+                            "second": 45,
+                            "microsecond": 307000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 9,
+                            "hour": 16,
+                            "minute": 54,
+                            "second": 30,
+                            "microsecond": 476000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2OGQ4J02EXUSS"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-407-emr_clusters_in_vpc/red_policy_test.py b/tests/ecc-aws-407-emr_clusters_in_vpc/red_policy_test.py
new file mode 100644
index 000000000..6c8155adb
--- /dev/null
+++ b/tests/ecc-aws-407-emr_clusters_in_vpc/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn(resources[0]['Status']['State'], ['RUNNING', 'WAITING'])
+        base_test.assertFalse(resources[0]['Ec2InstanceAttributes']['Ec2SubnetId'])
\ No newline at end of file
diff --git a/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..21c5b62a6
--- /dev/null
+++ b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2FRIQCC8THM8Y",
+            "Name": "408_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 16,
+                        "second": 11,
+                        "microsecond": 885000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 24,
+                        "second": 33,
+                        "microsecond": 172000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-02f5be8f872a28227",
+                "RequestedEc2SubnetIds": [
+                    "subnet-02f5be8f872a28227"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/408_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-08ac9ea3123e8afb5",
+                "EmrManagedSlaveSecurityGroup": "sg-08ac9ea3123e8afb5",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "LogUri": "s3n://bucket-408-green/",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-408-emr_logging_to_s3_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/408_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.175.224.114",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2FRIQCC8THM8Y",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..86c7e3a60
--- /dev/null
+++ b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2FRIQCC8THM8Y",
+                "Name": "408_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 10,
+                            "hour": 12,
+                            "minute": 16,
+                            "second": 11,
+                            "microsecond": 885000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 10,
+                            "hour": 12,
+                            "minute": 24,
+                            "second": 33,
+                            "microsecond": 172000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-2FRIQCC8THM8Y"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..fb9babd7d
--- /dev/null
+++ b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-50BFX4K1C0AG",
+            "Name": "408_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 28,
+                        "second": 5,
+                        "microsecond": 313000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 36,
+                        "second": 18,
+                        "microsecond": 900000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-08e08f5ce2a073471",
+                "RequestedEc2SubnetIds": [
+                    "subnet-08e08f5ce2a073471"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/408_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-00cf59432d073fe0c",
+                "EmrManagedSlaveSecurityGroup": "sg-00cf59432d073fe0c",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-408-emr_logging_to_s3_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/408_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "52.91.165.60",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-50BFX4K1C0AG",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..f74a76c77
--- /dev/null
+++ b/tests/ecc-aws-408-emr_logging_to_s3_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-50BFX4K1C0AG",
+                "Name": "408_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 10,
+                            "hour": 12,
+                            "minute": 28,
+                            "second": 5,
+                            "microsecond": 313000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2021,
+                            "month": 12,
+                            "day": 10,
+                            "hour": 12,
+                            "minute": 36,
+                            "second": 18,
+                            "microsecond": 900000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-50BFX4K1C0AG"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-408-emr_logging_to_s3_enabled/red_policy_test.py b/tests/ecc-aws-408-emr_logging_to_s3_enabled/red_policy_test.py
new file mode 100644
index 000000000..fa3f39bdb
--- /dev/null
+++ b/tests/ecc-aws-408-emr_logging_to_s3_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn(resources[0]['Status']['State'], ['RUNNING', 'WAITING'])
+        base_test.assertNotIn('LogUri', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-green/ec2.DescribeInternetGateways_1.json b/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-green/ec2.DescribeInternetGateways_1.json
new file mode 100644
index 000000000..2a020471f
--- /dev/null
+++ b/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-green/ec2.DescribeInternetGateways_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "InternetGateways": [
+            {
+                "Attachments": [
+                    {
+                        "State": "available",
+                        "VpcId": "vpc-12345asdfg"
+                    }
+                ],
+                "InternetGatewayId": "igw-0bd1f433b668d19b7",
+                "OwnerId": "this",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-409-vpc_unused_internet_gateway"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-red/ec2.DescribeInternetGateways_1.json b/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-red/ec2.DescribeInternetGateways_1.json
new file mode 100644
index 000000000..0fb9a159f
--- /dev/null
+++ b/tests/ecc-aws-409-vpc_unused_internet_gateway/placebo-red/ec2.DescribeInternetGateways_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "InternetGateways": [
+            {
+                "Attachments": [],
+                "InternetGatewayId": "igw-0adf5ce6ce66f4ec2",
+                "OwnerId": "this",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-409-vpc_unused_internet_gateway"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-409-vpc_unused_internet_gateway/red_policy_test.py b/tests/ecc-aws-409-vpc_unused_internet_gateway/red_policy_test.py
new file mode 100644
index 000000000..284c010b8
--- /dev/null
+++ b/tests/ecc-aws-409-vpc_unused_internet_gateway/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Attachments'])
\ No newline at end of file
diff --git a/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-green/ec2.DescribeVpnGateways_1.json b/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-green/ec2.DescribeVpnGateways_1.json
new file mode 100644
index 000000000..eb3afea36
--- /dev/null
+++ b/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-green/ec2.DescribeVpnGateways_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpnGateways": [
+            {
+                "State": "available",
+                "Type": "ipsec.1",
+                "VpcAttachments": [
+                    {
+                        "State": "attached",
+                        "VpcId": "vpc-12345asdfg"
+                    }
+                ],
+                "VpnGatewayId": "vgw-01f50e4293a33ac66",
+                "AmazonSideAsn": 64512,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "411-vpn-gateway-green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-red/ec2.DescribeVpnGateways_1.json b/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-red/ec2.DescribeVpnGateways_1.json
new file mode 100644
index 000000000..948cef346
--- /dev/null
+++ b/tests/ecc-aws-411-unused_virtual_private_gateways/placebo-red/ec2.DescribeVpnGateways_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpnGateways": [
+            {
+                "State": "available",
+                "Type": "ipsec.1",
+                "VpcAttachments": [],
+                "VpnGatewayId": "vgw-022d87200eaaad93b",
+                "AmazonSideAsn": 64512,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "411-vpn-gateway-red"
+                    }
+                ]
+            },
+            {
+                "State": "deleted",
+                "Type": "ipsec.1",
+                "VpcAttachments": [],
+                "VpnGatewayId": "vgw-0bd4d6754f02d0cff",
+                "AmazonSideAsn": 64512
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-411-unused_virtual_private_gateways/red_policy_test.py b/tests/ecc-aws-411-unused_virtual_private_gateways/red_policy_test.py
new file mode 100644
index 000000000..8180ea5c2
--- /dev/null
+++ b/tests/ecc-aws-411-unused_virtual_private_gateways/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['VpcAttachments'])
\ No newline at end of file
diff --git a/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..aafe371ca
--- /dev/null
+++ b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-413-elasticache-memcached-cluster-green",
+                "ConfigurationEndpoint": {
+                    "Address": "c7n-413-elasticache-memcached-cluster-green.ps5uie.cfg.use1.cache.amazonaws.com",
+                    "Port": 11211
+                },
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "memcached",
+                "EngineVersion": "1.6.6",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1c",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 9,
+                    "minute": 36,
+                    "second": 15,
+                    "microsecond": 831000
+                },
+                "PreferredMaintenanceWindow": "wed:06:00-wed:07:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.memcached1.6",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-413-elasticache-memcached-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..6cefb7ef1
--- /dev/null
+++ b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-413-elasticache-redis-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.m3.medium",
+                "Engine": "redis",
+                "EngineVersion": "5.0.6",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1d",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 9,
+                    "minute": 4,
+                    "second": 32,
+                    "microsecond": 145000
+                },
+                "PreferredMaintenanceWindow": "wed:07:00-wed:08:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis5.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "06:00-07:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-413-elasticache-redis-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/red_policy_test.py b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/red_policy_test.py
new file mode 100644
index 000000000..a35d88d23
--- /dev/null
+++ b/tests/ecc-aws-413-elasticache_previous_generation_instances_not_used/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['CacheNodeType'], "cache.m3.medium")
diff --git a/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..c84992d0e
--- /dev/null
+++ b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-414-elasticache-cluster-green",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 29,
+                    "hour": 10,
+                    "minute": 45,
+                    "second": 55,
+                    "microsecond": 227000
+                },
+                "PreferredMaintenanceWindow": "sat:06:00-sat:07:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 7,
+                "SnapshotWindow": "04:00-05:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-414-elasticache-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..c833f9abf
--- /dev/null
+++ b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-414-elasticache-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 29,
+                    "hour": 10,
+                    "minute": 59,
+                    "second": 8,
+                    "microsecond": 352000
+                },
+                "PreferredMaintenanceWindow": "thu:08:30-thu:09:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "04:00-05:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-414-elasticache-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-414-elasticache_automatic_backups/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-414-elasticache_automatic_backups/red_policy_test.py b/tests/ecc-aws-414-elasticache_automatic_backups/red_policy_test.py
new file mode 100644
index 000000000..9f76181d6
--- /dev/null
+++ b/tests/ecc-aws-414-elasticache_automatic_backups/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['SnapshotRetentionLimit'], 0)
\ No newline at end of file
diff --git a/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..9881c866f
--- /dev/null
+++ b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-415-elasticache-cluster-green",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1d",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 24,
+                    "hour": 8,
+                    "minute": 19,
+                    "second": 58,
+                    "microsecond": 520000
+                },
+                "PreferredMaintenanceWindow": "tue:03:30-tue:04:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-415-elasticache-group-green",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "07:30-08:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": true,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-415-elasticache-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            },
+            {
+                "CacheClusterId": "c7n-415-elasticache-group-green-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 24,
+                    "hour": 8,
+                    "minute": 15,
+                    "second": 31,
+                    "microsecond": 13000
+                },
+                "PreferredMaintenanceWindow": "tue:03:30-tue:04:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-415-elasticache-group-green",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "07:30-08:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": true,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-415-elasticache-group-green-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..1c627e825
--- /dev/null
+++ b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-415-elasticache-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1e",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 24,
+                    "hour": 8,
+                    "minute": 29,
+                    "second": 35,
+                    "microsecond": 550000
+                },
+                "PreferredMaintenanceWindow": "wed:09:00-wed:10:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-415-elasticache-group-red",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "06:00-07:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-415-elasticache-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            },
+            {
+                "CacheClusterId": "c7n-415-elasticache-group-red-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1c",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 24,
+                    "hour": 8,
+                    "minute": 24,
+                    "second": 55,
+                    "microsecond": 497000
+                },
+                "PreferredMaintenanceWindow": "wed:09:00-wed:10:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-415-elasticache-group-red",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "06:00-07:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-415-elasticache-group-red-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-415-elasticache_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-415-elasticache_encrypted_in_transit/red_policy_test.py b/tests/ecc-aws-415-elasticache_encrypted_in_transit/red_policy_test.py
new file mode 100644
index 000000000..3d9720e2c
--- /dev/null
+++ b/tests/ecc-aws-415-elasticache_encrypted_in_transit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 2)
+        base_test.assertFalse(resources[0]['AtRestEncryptionEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/elasticache.DescribeReplicationGroups_1.json b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/elasticache.DescribeReplicationGroups_1.json
new file mode 100644
index 000000000..9be2e5422
--- /dev/null
+++ b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/elasticache.DescribeReplicationGroups_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationGroups": [
+            {
+                "ReplicationGroupId": "c7n-416-elasticache-group-green",
+                "Description": "416_elasticache_group_green",
+                "GlobalReplicationGroupInfo": {},
+                "Status": "available",
+                "PendingModifiedValues": {},
+                "MemberClusters": [
+                    "c7n-416-elasticache-group-green-001"
+                ],
+                "NodeGroups": [
+                    {
+                        "NodeGroupId": "0001",
+                        "Status": "available",
+                        "PrimaryEndpoint": {
+                            "Address": "c7n-416-elasticache-group-green.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "ReaderEndpoint": {
+                            "Address": "c7n-416-elasticache-group-green-ro.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "NodeGroupMembers": [
+                            {
+                                "CacheClusterId": "c7n-416-elasticache-group-green-001",
+                                "CacheNodeId": "0001",
+                                "ReadEndpoint": {
+                                    "Address": "c7n-416-elasticache-group-green-001.ps5uie.0001.use1.cache.amazonaws.com",
+                                    "Port": 6379
+                                },
+                                "PreferredAvailabilityZone": "us-east-1b",
+                                "CurrentRole": "primary"
+                            }
+                        ]
+                    }
+                ],
+                "AutomaticFailover": "disabled",
+                "MultiAZ": "disabled",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "10:00-11:00",
+                "ClusterEnabled": false,
+                "CacheNodeType": "cache.t2.micro",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/39ccdea1-8af9-4d56-aed4-6ab25f22e1ef",
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-416-elasticache-group-green",
+                "LogDeliveryConfigurations": [],
+                "ReplicationGroupCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 57,
+                    "second": 36,
+                    "microsecond": 781000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ae90c3bb2
--- /dev/null
+++ b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-416-elasticache-group-green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-416-elasticache_encrypted_at_rest_using_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/elasticache.DescribeReplicationGroups_1.json b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/elasticache.DescribeReplicationGroups_1.json
new file mode 100644
index 000000000..ee96d2a3f
--- /dev/null
+++ b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/elasticache.DescribeReplicationGroups_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationGroups": [
+            {
+                "ReplicationGroupId": "c7n-416-elasticache-group-red",
+                "Description": "416_elasticache_group_red",
+                "GlobalReplicationGroupInfo": {},
+                "Status": "available",
+                "PendingModifiedValues": {},
+                "MemberClusters": [
+                    "c7n-416-elasticache-group-red-001"
+                ],
+                "NodeGroups": [
+                    {
+                        "NodeGroupId": "0001",
+                        "Status": "available",
+                        "PrimaryEndpoint": {
+                            "Address": "c7n-416-elasticache-group-red.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "ReaderEndpoint": {
+                            "Address": "c7n-416-elasticache-group-red-ro.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "NodeGroupMembers": [
+                            {
+                                "CacheClusterId": "c7n-416-elasticache-group-red-001",
+                                "CacheNodeId": "0001",
+                                "ReadEndpoint": {
+                                    "Address": "c7n-416-elasticache-group-red-001.ps5uie.0001.use1.cache.amazonaws.com",
+                                    "Port": 6379
+                                },
+                                "PreferredAvailabilityZone": "us-east-1e",
+                                "CurrentRole": "primary"
+                            }
+                        ]
+                    }
+                ],
+                "AutomaticFailover": "disabled",
+                "MultiAZ": "disabled",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "05:00-06:00",
+                "ClusterEnabled": false,
+                "CacheNodeType": "cache.t2.micro",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-416-elasticache-group-red",
+                "LogDeliveryConfigurations": [],
+                "ReplicationGroupCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 26,
+                    "second": 30,
+                    "microsecond": 447000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b5c5bff0
--- /dev/null
+++ b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-416-elasticache-group-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-416-elasticache_encrypted_at_rest_using_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red_policy_test.py b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red_policy_test.py
new file mode 100644
index 000000000..7f20def9b
--- /dev/null
+++ b/tests/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse('KmsKeyId' in resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/elasticache.DescribeReplicationGroups_1.json b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/elasticache.DescribeReplicationGroups_1.json
new file mode 100644
index 000000000..633d1071d
--- /dev/null
+++ b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/elasticache.DescribeReplicationGroups_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationGroups": [
+            {
+                "ReplicationGroupId": "c7n-418-elasticache-group-green",
+                "Description": "418_elasticache_group_green",
+                "GlobalReplicationGroupInfo": {},
+                "Status": "available",
+                "PendingModifiedValues": {},
+                "MemberClusters": [
+                    "c7n-418-elasticache-group-green-001",
+                    "c7n-418-elasticache-group-green-002"
+                ],
+                "NodeGroups": [
+                    {
+                        "NodeGroupId": "0001",
+                        "Status": "available",
+                        "PrimaryEndpoint": {
+                            "Address": "c7n-418-elasticache-group-green.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "ReaderEndpoint": {
+                            "Address": "c7n-418-elasticache-group-green-ro.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "NodeGroupMembers": [
+                            {
+                                "CacheClusterId": "c7n-418-elasticache-group-green-001",
+                                "CacheNodeId": "0001",
+                                "ReadEndpoint": {
+                                    "Address": "c7n-418-elasticache-group-green-001.ps5uie.0001.use1.cache.amazonaws.com",
+                                    "Port": 6379
+                                },
+                                "PreferredAvailabilityZone": "us-east-1a",
+                                "CurrentRole": "primary"
+                            },
+                            {
+                                "CacheClusterId": "c7n-418-elasticache-group-green-002",
+                                "CacheNodeId": "0001",
+                                "ReadEndpoint": {
+                                    "Address": "c7n-418-elasticache-group-green-002.ps5uie.0001.use1.cache.amazonaws.com",
+                                    "Port": 6379
+                                },
+                                "PreferredAvailabilityZone": "us-east-1b",
+                                "CurrentRole": "replica"
+                            }
+                        ]
+                    }
+                ],
+                "AutomaticFailover": "enabled",
+                "MultiAZ": "enabled",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "05:00-06:00",
+                "ClusterEnabled": false,
+                "CacheNodeType": "cache.t2.micro",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:replicationgroup:c7n-418-elasticache-group-green",
+                "LogDeliveryConfigurations": [],
+                "ReplicationGroupCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 12,
+                    "minute": 41,
+                    "second": 51,
+                    "microsecond": 145000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..77b1c11b6
--- /dev/null
+++ b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-418-elasticache-group-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-418-elasticache_redis_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/elasticache.DescribeReplicationGroups_1.json b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/elasticache.DescribeReplicationGroups_1.json
new file mode 100644
index 000000000..25b96f45c
--- /dev/null
+++ b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/elasticache.DescribeReplicationGroups_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationGroups": [
+            {
+                "ReplicationGroupId": "c7n-418-elasticache-group-red",
+                "Description": "418_elasticache_group_red",
+                "GlobalReplicationGroupInfo": {},
+                "Status": "available",
+                "PendingModifiedValues": {},
+                "MemberClusters": [
+                    "c7n-418-elasticache-group-red-001"
+                ],
+                "NodeGroups": [
+                    {
+                        "NodeGroupId": "0001",
+                        "Status": "available",
+                        "PrimaryEndpoint": {
+                            "Address": "c7n-418-elasticache-group-red.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "ReaderEndpoint": {
+                            "Address": "c7n-418-elasticache-group-red-ro.ps5uie.ng.0001.use1.cache.amazonaws.com",
+                            "Port": 6379
+                        },
+                        "NodeGroupMembers": [
+                            {
+                                "CacheClusterId": "c7n-418-elasticache-group-red-001",
+                                "CacheNodeId": "0001",
+                                "ReadEndpoint": {
+                                    "Address": "c7n-418-elasticache-group-red-001.ps5uie.0001.use1.cache.amazonaws.com",
+                                    "Port": 6379
+                                },
+                                "PreferredAvailabilityZone": "us-east-1f",
+                                "CurrentRole": "primary"
+                            }
+                        ]
+                    }
+                ],
+                "AutomaticFailover": "disabled",
+                "MultiAZ": "disabled",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "05:30-06:30",
+                "ClusterEnabled": false,
+                "CacheNodeType": "cache.t2.micro",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:replicationgroup:c7n-418-elasticache-group-red",
+                "LogDeliveryConfigurations": [],
+                "ReplicationGroupCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 12,
+                    "minute": 54,
+                    "second": 3,
+                    "microsecond": 719000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..32543b92e
--- /dev/null
+++ b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:replicationgroup:c7n-418-elasticache-group-red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-418-elasticache_redis_multi_az_enabled"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/red_policy_test.py b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/red_policy_test.py
new file mode 100644
index 000000000..65a656dc8
--- /dev/null
+++ b/tests/ecc-aws-418-elasticache_redis_multi_az_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MultiAZ'], "disabled")
\ No newline at end of file
diff --git a/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..09985b1a0
--- /dev/null
+++ b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-419-elasticache-group-green-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 8,
+                    "minute": 8,
+                    "second": 55,
+                    "microsecond": 728000
+                },
+                "PreferredMaintenanceWindow": "fri:04:00-fri:05:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "c7n-419-elasticache-subnet-green",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-419-elasticache-group-green",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "08:30-09:30",
+                "AuthTokenEnabled": true,
+                "AuthTokenLastModifiedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 8,
+                    "minute": 3,
+                    "second": 35,
+                    "microsecond": 887000
+                },
+                "TransitEncryptionEnabled": true,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-419-elasticache-group-green-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..7403874c4
--- /dev/null
+++ b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-419-elasticache-group-red-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 2,
+                    "hour": 8,
+                    "minute": 29,
+                    "second": 18,
+                    "microsecond": 132000
+                },
+                "PreferredMaintenanceWindow": "mon:08:30-mon:09:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-419-elasticache-group-red",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "05:00-06:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-419-elasticache-group-red-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-419-elasticache_redis_auth_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-419-elasticache_redis_auth_enabled/red_policy_test.py b/tests/ecc-aws-419-elasticache_redis_auth_enabled/red_policy_test.py
new file mode 100644
index 000000000..d6f8191b9
--- /dev/null
+++ b/tests/ecc-aws-419-elasticache_redis_auth_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AuthTokenEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-420-elasticache_latest_version/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-420-elasticache_latest_version/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..92165efc9
--- /dev/null
+++ b/tests/ecc-aws-420-elasticache_latest_version/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-420-elasticache-memcached-cluster-green",
+                "ConfigurationEndpoint": {
+                    "Address": "c7n-420-elasticache-memcached-cluster-green.ps5uie.cfg.use1.cache.amazonaws.com",
+                    "Port": 11211
+                },
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "memcached",
+                "EngineVersion": "1.6.17",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 1,
+                    "hour": 14,
+                    "minute": 30,
+                    "second": 9,
+                    "microsecond": 215000
+                },
+                "PreferredMaintenanceWindow": "wed:08:00-wed:09:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.memcached1.6",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-420-elasticache-memcached-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            },
+            {
+                "CacheClusterId": "c7n-420-elasticache-redis-cluster-green",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "7.0.7",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 1,
+                    "hour": 14,
+                    "minute": 30,
+                    "second": 46,
+                    "microsecond": 232000
+                },
+                "PreferredMaintenanceWindow": "tue:05:00-tue:06:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis7",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "09:00-10:00",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-420-elasticache-redis-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-420-elasticache_latest_version/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-420-elasticache_latest_version/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..0f6cca719
--- /dev/null
+++ b/tests/ecc-aws-420-elasticache_latest_version/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-420-elasticache-memcached-cluster-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-420-elasticache_latest_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-420-elasticache-redis-cluster-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-420-elasticache_latest_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-420-elasticache_latest_version/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-420-elasticache_latest_version/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..31a49a00d
--- /dev/null
+++ b/tests/ecc-aws-420-elasticache_latest_version/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-420-elasticache-memcached-cluster-red",
+                "ConfigurationEndpoint": {
+                    "Address": "c7n-420-elasticache-memcached-cluster-red.ps5uie.cfg.use1.cache.amazonaws.com",
+                    "Port": 11211
+                },
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "memcached",
+                "EngineVersion": "1.5.16",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 1,
+                    "hour": 8,
+                    "minute": 38,
+                    "second": 19,
+                    "microsecond": 270000
+                },
+                "PreferredMaintenanceWindow": "tue:04:30-tue:05:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.memcached1.5",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-420-elasticache-memcached-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            },
+            {
+                "CacheClusterId": "c7n-420-elasticache-redis-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "5.0.6",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 1,
+                    "hour": 8,
+                    "minute": 38,
+                    "second": 11,
+                    "microsecond": 952000
+                },
+                "PreferredMaintenanceWindow": "sat:07:30-sat:08:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis5.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "06:30-07:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:this:cluster:c7n-420-elasticache-redis-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-420-elasticache_latest_version/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-420-elasticache_latest_version/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-420-elasticache_latest_version/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-420-elasticache_latest_version/red_policy_test.py b/tests/ecc-aws-420-elasticache_latest_version/red_policy_test.py
new file mode 100644
index 000000000..362579145
--- /dev/null
+++ b/tests/ecc-aws-420-elasticache_latest_version/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 2)
+        base_test.assertIn(resources[0]['Engine'], ("redis", "memcached"))
+        base_test.assertIn(resources[0]['EngineVersion'], ("5.0.6", "1.5.16"))
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..9f22545c5
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,92 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-425-green",
+                "DomainName": "domain-425-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-425-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-425-green-och27f3366kuwlkls3qqwljn5u.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "LogPublishingOptions": {
+                    "INDEX_SLOW_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:425_cloudwatch_log_group_green",
+                        "Enabled": true
+                    },
+                    "SEARCH_SLOW_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:425_cloudwatch_log_group_green",
+                        "Enabled": true
+                    }
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20211203-P2",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 16,
+                        "hour": 0,
+                        "minute": 7,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLE_IN_PROGRESS"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..cb84af60e
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-425-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListTags_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..1de9aecef
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-425-elasticsearch_slow_logs_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..d070045d1
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-425-red",
+                "DomainName": "domain-425-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-425-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-425-red-wfvacrn2zsq3ksifayrmeyctuq.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "LogPublishingOptions": {
+                    "SEARCH_SLOW_LOGS": {
+                        "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:425_cloudwatch_log_group_red",
+                        "Enabled": true
+                    }
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20211203-P2",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 16,
+                        "hour": 0,
+                        "minute": 7,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLE_IN_PROGRESS"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..94ec052d5
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-425-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListTags_1.json b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..77d15c4da
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/placebo-red/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-425-elasticsearch_slow_logs_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/red_policy_test.py b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/red_policy_test.py
new file mode 100644
index 000000000..fcf5457b7
--- /dev/null
+++ b/tests/ecc-aws-425-elasticsearch_slow_logs_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['LogPublishingOptions']['SEARCH_SLOW_LOGS']['Enabled'])
+        base_test.assertNotIn('INDEX_SLOW_LOGS', resources[0]['LogPublishingOptions'])
+        
\ No newline at end of file
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green_policy_test.py b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green_policy_test.py
new file mode 100644
index 000000000..9166e32c5
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2022, 1, 20
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..def8f01ef
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "elasticache-group-427-green-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 30,
+                    "second": 51,
+                    "microsecond": 136000
+                },
+                "PreferredMaintenanceWindow": "fri:06:00-fri:07:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "elasticache-subnet-427-green",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "elasticache-group-427-green",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "04:30-05:30",
+                "AuthTokenEnabled": true,
+                "AuthTokenLastModifiedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 24,
+                    "second": 23,
+                    "microsecond": 646000
+                },
+                "TransitEncryptionEnabled": true,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:elasticache-group-427-green-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..af1f9492e
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:elasticache-group-427-green-001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-427-elasticache_auth_token_rotated_every_90_days"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..423aa922c
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "elasticache-group-427-red-001",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 30,
+                    "second": 51,
+                    "microsecond": 136000
+                },
+                "PreferredMaintenanceWindow": "fri:06:00-fri:07:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "elasticache-subnet-427-red",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "elasticache-group-427-red",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "04:30-05:30",
+                "AuthTokenEnabled": true,
+                "AuthTokenLastModifiedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 2,
+                    "hour": 9,
+                    "minute": 24,
+                    "second": 23,
+                    "microsecond": 646000
+                },
+                "TransitEncryptionEnabled": true,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:elasticache-group-427-red-001",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..30e7a06ab
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:elasticache-group-427-red-001",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-427-elasticache_auth_token_rotated_every_90_days"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/red_policy_test.py b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/red_policy_test.py
new file mode 100644
index 000000000..9bc0ac89e
--- /dev/null
+++ b/tests/ecc-aws-427-elasticache_auth_token_rotated_every_90_days/red_policy_test.py
@@ -0,0 +1,11 @@
+from datetime import datetime, timedelta
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        if 'AuthTokenLastModifiedDate' in resources[0]:
+            LastModifiedDate=datetime.fromisoformat(str(resources[0]['AuthTokenLastModifiedDate']))
+            time_now=datetime.fromisoformat('2022-01-19T02:00:00+00:00')
+            datatime90ago=time_now-timedelta(days=90)
+            base_test.assertFalse(LastModifiedDate>datatime90ago)
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..1d31de542
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-429-green",
+                "DomainName": "elasticsearch-429-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-429-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-429-green-h6qtor2ym4iakypi7mgj4by5wa.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "OpenSearch_1.1",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": true,
+                    "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d9a082dd-5f0b-4b2a-8647-29ffac537ddc"
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20220323-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..ea7fed50c
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-429-green",
+                "EngineType": "OpenSearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListTags_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..c07f3c1cb
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-432-elasticsearch_latest_version"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..2271ca285
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "d9a082dd-5f0b-4b2a-8647-29ffac537ddc",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/d9a082dd-5f0b-4b2a-8647-29ffac537ddc",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 6,
+                "day": 7,
+                "hour": 8,
+                "minute": 6,
+                "second": 41,
+                "microsecond": 691000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt Elasticsearch",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..b36fdd8bf
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/429-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/429-green",
+                "TargetKeyId": "d9a082dd-5f0b-4b2a-8647-29ffac537ddc",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 8,
+                    "minute": 6,
+                    "second": 54,
+                    "microsecond": 984000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 8,
+                    "minute": 6,
+                    "second": 54,
+                    "microsecond": 984000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..23690e639
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/d9a082dd-5f0b-4b2a-8647-29ffac537ddc",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-429-elasticsearch_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..76eab5958
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-429-red",
+                "DomainName": "elasticsearch-429-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-429-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-429-red-3vblzqwfgwgnbbhbha5xyw65zm.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "OpenSearch_1.1",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": true,
+                    "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/b0371366-f355-40c6-aa8d-ed45054edfea"
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20220323-P3",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..4388dc3f2
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-429-red",
+                "EngineType": "OpenSearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListTags_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..55cc98a91
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-429-elasticsearch_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..b25a4dd40
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "b0371366-f355-40c6-aa8d-ed45054edfea",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/b0371366-f355-40c6-aa8d-ed45054edfea",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 6,
+                "day": 3,
+                "hour": 9,
+                "minute": 48,
+                "second": 29,
+                "microsecond": 604000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..66e872e23
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/es",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/es",
+                "TargetKeyId": "b0371366-f355-40c6-aa8d-ed45054edfea",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 3,
+                    "hour": 9,
+                    "minute": 48,
+                    "second": 29,
+                    "microsecond": 704000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 3,
+                    "hour": 9,
+                    "minute": 48,
+                    "second": 29,
+                    "microsecond": 704000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..4826d683e
--- /dev/null
+++ b/tests/ecc-aws-429-elasticsearch_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        key_raw = resources[0]['EncryptionAtRestOptions']['KmsKeyId']
+        key_id = key_raw.split('/')
+        kms = local_session.client("kms").describe_key(KeyId=key_id[1])
+        base_test.assertEqual(kms['KeyMetadata']['KeyManager'], 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..caf626824
--- /dev/null
+++ b/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "430-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:e4967c43-e9e2-49fa-9096-d032e86b5402:autoScalingGroupName/430-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-00060946eb0d0d579",
+                    "LaunchTemplateName": "430_launch_template_green20211221143439095000000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-06360251119e1fc42",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-00060946eb0d0d579",
+                            "LaunchTemplateName": "430_launch_template_green20211221143439095000000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 34,
+                    "second": 42,
+                    "microsecond": 887000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "430-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "430-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-430-autoscaling_group_cooldown_period",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..effbb0525
--- /dev/null
+++ b/tests/ecc-aws-430-autoscaling_group_cooldown_period/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "430-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:bc9a8ad7-0721-468b-baa1-b52f7debb4c0:autoScalingGroupName/430-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-06bb17b25cddc40b6",
+                    "LaunchTemplateName": "430_launch_template_red20211221141133210800000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 0,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-06ec87ef8fcbdc7dc",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-06bb17b25cddc40b6",
+                            "LaunchTemplateName": "430_launch_template_red20211221141133210800000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 22,
+                    "second": 19,
+                    "microsecond": 261000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "430-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Red",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "430-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-430-autoscaling_group_cooldown_period",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-430-autoscaling_group_cooldown_period/red_policy_test.py b/tests/ecc-aws-430-autoscaling_group_cooldown_period/red_policy_test.py
new file mode 100644
index 000000000..468eebe06
--- /dev/null
+++ b/tests/ecc-aws-430-autoscaling_group_cooldown_period/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DefaultCooldown'], 0)
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..3de454fe5
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,82 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-431-green",
+                "DomainName": "elasticsearch-431-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-431-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-431-green-65eyd2gosqhpk4p33ywjfust4a.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t2.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20211203-P2",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 16,
+                        "hour": 0,
+                        "minute": 7,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "DISABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..75ddf7813
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-431-green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListTags_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..bbdfbb792
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "CsutodianRule",
+                "Value": "ecc-aws-431-elasticsearch_enforce_https"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..24a4793eb
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,81 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-431-red",
+                "DomainName": "elasticsearch-431-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-431-red",
+                "Created": true,
+                "Deleted": false,
+                "Processing": true,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 2,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "DISABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..e530ef836
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-431-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListTags_1.json b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-431-elasticsearch_enforces_https/red_policy_test.py b/tests/ecc-aws-431-elasticsearch_enforces_https/red_policy_test.py
new file mode 100644
index 000000000..c9199db71
--- /dev/null
+++ b/tests/ecc-aws-431-elasticsearch_enforces_https/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['DomainEndpointOptions']['EnforceHTTPS'])
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..8eab41b4c
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-432-green",
+                "DomainName": "elasticsearch-432-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-432-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-432-green-sqrl5fumngl6zniiccpgcym4py.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "OpenSearch_2.3",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20221114-P1",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 2,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..de8cc8154
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-432-green",
+                "EngineType": "OpenSearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListTags_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..c07f3c1cb
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-432-elasticsearch_latest_version"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..49ea24eaf
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,82 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-432-red",
+                "DomainName": "elasticsearch-432-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-432-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-432-red-h6asndcluofgetahpb7h6ule24.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.4",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20211203-P2",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 2021,
+                        "month": 12,
+                        "day": 15,
+                        "hour": 22,
+                        "minute": 7,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": false
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..ab378af80
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-432-red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListTags_1.json b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-432-elasticsearch_latest_version/red_policy_test.py b/tests/ecc-aws-432-elasticsearch_latest_version/red_policy_test.py
new file mode 100644
index 000000000..8b9c8bc76
--- /dev/null
+++ b/tests/ecc-aws-432-elasticsearch_latest_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['ElasticsearchVersion'], '7.4')
\ No newline at end of file
diff --git a/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..eadc44bba
--- /dev/null
+++ b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "433-autoscaling_group-green",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:5c3cefca-cff9-49f3-bb77-7463bd1da52b:autoScalingGroupName/433-autoscaling_group-green",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-042d6bbf9d94fcbbe",
+                    "LaunchTemplateName": "433_launch_template_green20211222085906338700000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [
+                    "elb-433-green"
+                ],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-0ff96f05a29c24584",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-042d6bbf9d94fcbbe",
+                            "LaunchTemplateName": "433_launch_template_green20211222085906338700000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 9,
+                    "minute": 5,
+                    "second": 13,
+                    "microsecond": 669000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "433-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "433-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-433-autoscaling_group_has_associated_elb",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..45ec07bc1
--- /dev/null
+++ b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "433-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:79bff9d3-70b7-4943-95e4-43fc111ea7d3:autoScalingGroupName/433-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0c027a70b9146d0fa",
+                    "LaunchTemplateName": "433_launch_template_red20211222105840756300000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-07dafb6814a90e703",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0c027a70b9146d0fa",
+                            "LaunchTemplateName": "433_launch_template_red20211222105840756300000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 10,
+                    "minute": 58,
+                    "second": 44,
+                    "microsecond": 593000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "433-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Red",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "433-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-433-autoscaling_group_has_associated_elb",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-433-autoscaling_group_has_associated_elb/red_policy_test.py b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/red_policy_test.py
new file mode 100644
index 000000000..67e077b24
--- /dev/null
+++ b/tests/ecc-aws-433-autoscaling_group_has_associated_elb/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("elb-433-green", resources[0]['LoadBalancerNames'])
+        base_test.assertFalse(resources[0]['TargetGroupARNs'])
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..1dcfa5646
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "390325fc-0f58-4982-9ff9-391a3c9724ce",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/390325fc-0f58-4982-9ff9-391a3c9724ce",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 14,
+                "hour": 14,
+                "minute": 20,
+                "second": 59,
+                "microsecond": 602000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my X-Ray data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/xray.GetEncryptionConfig_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/xray.GetEncryptionConfig_1.json
new file mode 100644
index 000000000..6286127c1
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-green/xray.GetEncryptionConfig_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "EncryptionConfig": {
+            "KeyId": "arn:aws:kms:us-east-1:111111111111:key/24296bc8-70ef-478b-b02a-cdb4febb5b1d",
+            "Status": "ACTIVE",
+            "Type": "KMS"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..1dcfa5646
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "390325fc-0f58-4982-9ff9-391a3c9724ce",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/390325fc-0f58-4982-9ff9-391a3c9724ce",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 14,
+                "hour": 14,
+                "minute": 20,
+                "second": 59,
+                "microsecond": 602000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my X-Ray data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/xray.GetEncryptionConfig_1.json b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/xray.GetEncryptionConfig_1.json
new file mode 100644
index 000000000..2e80ecd8e
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/placebo-red/xray.GetEncryptionConfig_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "EncryptionConfig": {
+            "KeyId": "arn:aws:kms:us-east-1:111111111111:key/390325fc-0f58-4982-9ff9-391a3c9724ce",
+            "Status": "ACTIVE",
+            "Type": "KMS"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..8f1fce4f1
--- /dev/null
+++ b/tests/ecc-aws-434-xray-encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        emr_client = local_session.client("kms")
+        key_id = resources[0]['c7n:XrayEncryptionConfig']['KeyId']
+        key_manager = emr_client.describe_key(KeyId=key_id)['KeyMetadata']['KeyManager']
+        base_test.assertEqual(key_manager, 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/green_policy_test.py b/tests/ecc-aws-435-workspaces_unused_instances/green_policy_test.py
new file mode 100644
index 000000000..a0e337a94
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2022, 5, 6
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..37ff184d4
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "Workstation"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspacesConnectionStatus_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspacesConnectionStatus_1.json
new file mode 100644
index 000000000..23b2214ac
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspacesConnectionStatus_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "WorkspacesConnectionStatus": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "ConnectionState": "UNKNOWN",
+                "ConnectionStateCheckTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 37,
+                    "second": 57,
+                    "microsecond": 351000
+                },
+                "LastKnownUserConnectionTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 17,
+                    "second": 53,
+                    "microsecond": 300000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..2434c7628
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-green/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.147",
+                "State": "STOPPED",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-23DUBZT8WO8KH",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..37ff184d4
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "Workstation"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspacesConnectionStatus_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspacesConnectionStatus_1.json
new file mode 100644
index 000000000..428825180
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspacesConnectionStatus_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "WorkspacesConnectionStatus": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "ConnectionState": "UNKNOWN",
+                "ConnectionStateCheckTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 37,
+                    "second": 57,
+                    "microsecond": 351000
+                },
+                "LastKnownUserConnectionTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 17,
+                    "second": 53,
+                    "microsecond": 300000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..2434c7628
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/placebo-red/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.147",
+                "State": "STOPPED",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-23DUBZT8WO8KH",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-435-workspaces_unused_instances/red_policy_test.py b/tests/ecc-aws-435-workspaces_unused_instances/red_policy_test.py
new file mode 100644
index 000000000..0a76c68a3
--- /dev/null
+++ b/tests/ecc-aws-435-workspaces_unused_instances/red_policy_test.py
@@ -0,0 +1,11 @@
+from datetime import datetime, timedelta
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+
+        LastAccessedDate=datetime.fromisoformat(str(resources[0]['c7n:ConnectionStatus']['LastKnownUserConnectionTimestamp']))
+        time_now=datetime.fromisoformat('2022-05-06T02:00:00+00:00')
+        datatime90ago=time_now-timedelta(days=90)
+        base_test.assertFalse(LastAccessedDate>datatime90ago)
diff --git a/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..7fb8e8eb3
--- /dev/null
+++ b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "436-autoscaling_group-green",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:9925da25-c21e-4d92-b9fd-add3bb464d9f:autoScalingGroupName/436-autoscaling_group-green",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0e4f9d5babfba1e70",
+                    "LaunchTemplateName": "436_launch_template_green20220105122123112600000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1b"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-08ede805a9ef084e9",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0e4f9d5babfba1e70",
+                            "LaunchTemplateName": "436_launch_template_green20220105122123112600000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 12,
+                    "minute": 21,
+                    "second": 34,
+                    "microsecond": 924000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "subnet-09dc664fda671eb29,subnet-068d37386329a3f55",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "436-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "436-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-436-autoscaling_group_utilize_multi_az",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..707f44a6b
--- /dev/null
+++ b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "436-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:1d56d30f-64a8-47ac-bb80-d4a4c1a1fa6e:autoScalingGroupName/436-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0918721e0a861a175",
+                    "LaunchTemplateName": "436_launch_template_red20220105121018905300000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-0a587b6f229302c89",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0918721e0a861a175",
+                            "LaunchTemplateName": "436_launch_template_red20220105121018905300000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 12,
+                    "minute": 10,
+                    "second": 22,
+                    "microsecond": 835000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "436-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Red",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "436-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-436-autoscaling_group_utilize_multi_az",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/red_policy_test.py b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/red_policy_test.py
new file mode 100644
index 000000000..b48f6805e
--- /dev/null
+++ b/tests/ecc-aws-436-autoscaling_group_utilize_multi_az/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(len(resources[0]['AvailabilityZones']), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..438dccf91
--- /dev/null
+++ b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-437-workspaces_instances_are_healthy"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..2434c7628
--- /dev/null
+++ b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-green/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.147",
+                "State": "STOPPED",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-23DUBZT8WO8KH",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..7a1ffd947
--- /dev/null
+++ b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-437-workspaces_instances_are_healthy"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..882843969
--- /dev/null
+++ b/tests/ecc-aws-437-workspaces_instances_are_healthy/placebo-red/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-j9cvh4174",
+                "DirectoryId": "d-90674a5da3",
+                "UserName": "Administrator",
+                "IpAddress": "10.0.2.82",
+                "State": "UNHEALTHY",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-08c5a699d0020dc32",
+                "ErrorMessage": "There was an error rebooting the WorkSpace. Please try again.",
+                "ComputerName": "A-1HKONV4L1JJSN",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/768d611d-3174-4d0e-a05e-0b4071af1ef5",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                  "RunningMode": "AUTO_STOP",
+                  "RunningModeAutoStopTimeoutInMinutes": 60,
+                  "RootVolumeSizeGib": 80,
+                  "UserVolumeSizeGib": 50,
+                  "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-437-workspaces_instances_are_healthy/red_policy_test.py b/tests/ecc-aws-437-workspaces_instances_are_healthy/red_policy_test.py
new file mode 100644
index 000000000..bea954255
--- /dev/null
+++ b/tests/ecc-aws-437-workspaces_instances_are_healthy/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['State'],"UNHEALTHY")
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..3b8f89aa9
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "438-autoscaling_group-green",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:cea6996b-3c55-4e96-a3bd-c15af2348299:autoScalingGroupName/438-autoscaling_group-green",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-09b004b0407b37db3",
+                    "LaunchTemplateName": "438_launch_template_green20220106084231448800000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1b"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-070b4453951a2e130",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1b",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-09b004b0407b37db3",
+                            "LaunchTemplateName": "438_launch_template_green20220106084231448800000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 42,
+                    "second": 42,
+                    "microsecond": 601000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "subnet-0545555bd7bd54dfa,subnet-0a4c29b9790e5f311",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "438-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "438-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-438-autoscaling_group_has_valid_configuration",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeImages_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..054a66b59
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeImages_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2021-12-09T19:30:44.000Z",
+                "ImageId": "ami-0e9ec365374bb782e",
+                "ImageLocation": "amazon/amzn2-ami-ecs-gpu-hvm-2.0.20211209-x86_64-ebs",
+                "ImageType": "machine",
+                "Public": true,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-0aed7bc8b6acd13fc",
+                            "VolumeSize": 30,
+                            "VolumeType": "gp2",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "Amazon Linux AMI 2.0.20211209 x86_64 ECS HVM GP2",
+                "EnaSupport": true,
+                "Hypervisor": "xen",
+                "ImageOwnerAlias": "amazon",
+                "Name": "amzn2-ami-ecs-gpu-hvm-2.0.20211209-x86_64-ebs",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "VirtualizationType": "hvm"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..85c56d116
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeLaunchTemplateVersions_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeLaunchTemplateVersions_1.json
new file mode 100644
index 000000000..949fd3433
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeLaunchTemplateVersions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchTemplateVersions": [
+            {
+                "LaunchTemplateId": "lt-09b004b0407b37db3",
+                "LaunchTemplateName": "438_launch_template_green20220106084231448800000001",
+                "VersionNumber": 1,
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 42,
+                    "second": 32,
+                    "microsecond": 0
+                },
+                "CreatedBy": "arn:aws:iam::111111111111:user/test",
+                "DefaultVersion": true,
+                "LaunchTemplateData": {
+                    "ImageId": "ami-0e9ec365374bb782e",
+                    "InstanceType": "t2.micro",
+                    "UserData": ""
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..8aecbe7ab
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSubnets_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..5c811abac
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/ec2.DescribeSubnets_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "AvailabilityZoneId": "use1-az6",
+                "AvailableIpAddressCount": 251,
+                "CidrBlock": "192.168.0.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": false,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-0545555bd7bd54dfa",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-0545555bd7bd54dfa"
+            },
+            {
+                "AvailabilityZone": "us-east-1b",
+                "AvailabilityZoneId": "use1-az1",
+                "AvailableIpAddressCount": 250,
+                "CidrBlock": "192.168.1.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": false,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-0a4c29b9790e5f311",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-0a4c29b9790e5f311"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..6f375bf28
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..d9553d7f9
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/c7n-target-group/9d1ad7ad3d3ccde3",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetGroups_1.json
new file mode 100644
index 000000000..f16b054cb
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetGroups_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "TargetGroups": [
+            {
+                "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/c7n-target-group/9d1ad7ad3d3ccde3",
+                "TargetGroupName": "c7n-target-group",
+                "Protocol": "HTTP",
+                "Port": 80,
+                "VpcId": "vpc-12345asdfg",
+                "HealthCheckProtocol": "HTTP",
+                "HealthCheckPort": "traffic-port",
+                "HealthCheckEnabled": true,
+                "HealthCheckIntervalSeconds": 30,
+                "HealthCheckTimeoutSeconds": 5,
+                "HealthyThresholdCount": 5,
+                "UnhealthyThresholdCount": 2,
+                "HealthCheckPath": "/",
+                "Matcher": {
+                    "HttpCode": "200"
+                },
+                "LoadBalancerArns": [],
+                "TargetType": "instance",
+                "ProtocolVersion": "HTTP1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetHealth_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetHealth_1.json
new file mode 100644
index 000000000..76e13b33b
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-green/elasticloadbalancing.DescribeTargetHealth_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TargetHealthDescriptions": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..a04683977
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "438-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:87e75b08-436b-492a-8123-274793ee7ac2:autoScalingGroupName/438-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0c2a3106fe4b09ba3",
+                    "LaunchTemplateName": "438_launch_template_red20220106072325529300000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-03353fab7829be7be",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0c2a3106fe4b09ba3",
+                            "LaunchTemplateName": "438_launch_template_red20220106072325529300000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 29,
+                    "microsecond": 269000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "subnet-8158d8de",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "438-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Red",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "438-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-438-autoscaling_group_has_valid_configuration",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeImages_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..054a66b59
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeImages_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2021-12-09T19:30:44.000Z",
+                "ImageId": "ami-0e9ec365374bb782e",
+                "ImageLocation": "amazon/amzn2-ami-ecs-gpu-hvm-2.0.20211209-x86_64-ebs",
+                "ImageType": "machine",
+                "Public": true,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-0aed7bc8b6acd13fc",
+                            "VolumeSize": 30,
+                            "VolumeType": "gp2",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "Amazon Linux AMI 2.0.20211209 x86_64 ECS HVM GP2",
+                "EnaSupport": true,
+                "Hypervisor": "xen",
+                "ImageOwnerAlias": "amazon",
+                "Name": "amzn2-ami-ecs-gpu-hvm-2.0.20211209-x86_64-ebs",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "VirtualizationType": "hvm"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..85c56d116
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeLaunchTemplateVersions_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeLaunchTemplateVersions_1.json
new file mode 100644
index 000000000..b989fe49e
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeLaunchTemplateVersions_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchTemplateVersions": [
+            {
+                "LaunchTemplateId": "lt-0c2a3106fe4b09ba3",
+                "LaunchTemplateName": "438_launch_template_red20220106072325529300000001",
+                "VersionNumber": 1,
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 26,
+                    "microsecond": 0
+                },
+                "CreatedBy": "arn:aws:iam::111111111111:user/test",
+                "DefaultVersion": true,
+                "LaunchTemplateData": {
+                    "ImageId": "ami-0e9ec365374bb782e",
+                    "InstanceType": "t2.micro",
+                    "KeyName": "438_key_pair_red",
+                    "UserData": ""
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..8aecbe7ab
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSubnets_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..caf712ec3
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/ec2.DescribeSubnets_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "AvailabilityZoneId": "use1-az6",
+                "AvailableIpAddressCount": 4090,
+                "CidrBlock": "172.31.32.0/20",
+                "DefaultForAz": true,
+                "MapPublicIpOnLaunch": true,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-8158d8de",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-8158d8de"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..6f375bf28
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..d9553d7f9
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/c7n-target-group/9d1ad7ad3d3ccde3",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetGroups_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetGroups_1.json
new file mode 100644
index 000000000..f16b054cb
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetGroups_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "TargetGroups": [
+            {
+                "TargetGroupArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:targetgroup/c7n-target-group/9d1ad7ad3d3ccde3",
+                "TargetGroupName": "c7n-target-group",
+                "Protocol": "HTTP",
+                "Port": 80,
+                "VpcId": "vpc-12345asdfg",
+                "HealthCheckProtocol": "HTTP",
+                "HealthCheckPort": "traffic-port",
+                "HealthCheckEnabled": true,
+                "HealthCheckIntervalSeconds": 30,
+                "HealthCheckTimeoutSeconds": 5,
+                "HealthyThresholdCount": 5,
+                "UnhealthyThresholdCount": 2,
+                "HealthCheckPath": "/",
+                "Matcher": {
+                    "HttpCode": "200"
+                },
+                "LoadBalancerArns": [],
+                "TargetType": "instance",
+                "ProtocolVersion": "HTTP1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetHealth_1.json b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetHealth_1.json
new file mode 100644
index 000000000..76e13b33b
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/placebo-red/elasticloadbalancing.DescribeTargetHealth_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TargetHealthDescriptions": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/red_policy_test.py b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/red_policy_test.py
new file mode 100644
index 000000000..2db0a7412
--- /dev/null
+++ b/tests/ecc-aws-438-autoscaling_group_has_valid_configuration/red_policy_test.py
@@ -0,0 +1,10 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTupleEqual(resources[0]['Invalid'][0], ('invalid-key-pair', "438_key_pair_red"))
+        
+        ec2_client = local_session.client("ec2")
+        key_pairs = ec2_client.describe_key_pairs()
+        for key_pair in key_pairs['KeyPairs']:
+            base_test.assertNotEqual(key_pair['KeyName'],"438_key_pair_red")
\ No newline at end of file
diff --git a/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..a84d75c8f
--- /dev/null
+++ b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-439-workspaces_storage_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..1a40a669f
--- /dev/null
+++ b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-green/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.147",
+                "State": "REBOOTING",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-23DUBZT8WO8KH",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..a84d75c8f
--- /dev/null
+++ b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-439-workspaces_storage_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "Workspace-c7n"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..71f0db7cd
--- /dev/null
+++ b/tests/ecc-aws-439-workspaces_storage_encrypted/placebo-red/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.88",
+                "State": "STOPPING",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-3OVDZ4D7ZWYJU",
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-439-workspaces_storage_encrypted/red_policy_test.py b/tests/ecc-aws-439-workspaces_storage_encrypted/red_policy_test.py
new file mode 100644
index 000000000..c0aa18abe
--- /dev/null
+++ b/tests/ecc-aws-439-workspaces_storage_encrypted/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('RootVolumeEncryptionEnabled',resources[0])
+        base_test.assertNotIn('UserVolumeEncryptionEnabled',resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.GetBackupPlan_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.GetBackupPlan_1.json
new file mode 100644
index 000000000..d2fca4d6e
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.GetBackupPlan_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupPlan": {
+            "BackupPlanName": "440_backup_plan_green",
+            "Rules": [
+                {
+                    "RuleName": "440_backup_rule_green",
+                    "TargetBackupVaultName": "440_backup_vault_green",
+                    "ScheduleExpression": "cron(0 12 * * ? *)",
+                    "StartWindowMinutes": 60,
+                    "CompletionWindowMinutes": 180,
+                    "Lifecycle": {
+                        "MoveToColdStorageAfterDays": 90,
+                        "DeleteAfterDays": 180
+                    },
+                    "RuleId": "ee1fda97-c523-4b6d-8b4f-cf8f626ba1ec",
+                    "EnableContinuousBackup": false
+                }
+            ]
+        },
+        "BackupPlanId": "d91b1c98-74e7-4201-bf7a-f6a96ce30e6a",
+        "BackupPlanArn": "arn:aws:backup:us-east-1:111111111111:backup-plan:d91b1c98-74e7-4201-bf7a-f6a96ce30e6a",
+        "VersionId": "OTM1NGZkMzQtYWM1NC00ODZjLTkzZjktNjlkMTA0NzRmODhh",
+        "CreationDate": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 6,
+            "hour": 13,
+            "minute": 17,
+            "second": 15,
+            "microsecond": 495000
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListBackupPlans_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListBackupPlans_1.json
new file mode 100644
index 000000000..1e44c2c4b
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListBackupPlans_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupPlansList": [
+            {
+                "BackupPlanArn": "arn:aws:backup:us-east-1:111111111111:backup-plan:d91b1c98-74e7-4201-bf7a-f6a96ce30e6a",
+                "BackupPlanId": "d91b1c98-74e7-4201-bf7a-f6a96ce30e6a",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 13,
+                    "minute": 17,
+                    "second": 15,
+                    "microsecond": 495000
+                },
+                "VersionId": "OTM1NGZkMzQtYWM1NC00ODZjLTkzZjktNjlkMTA0NzRmODhh",
+                "BackupPlanName": "440_backup_plan_green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListTags_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListTags_1.json
new file mode 100644
index 000000000..1b039749a
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-green/backup.ListTags_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {
+            "ComplianceStatus": "Green",
+            "CustodianRule": "ecc-aws-440-backup_service_compliant_lifecycle_enabled"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.GetBackupPlan_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.GetBackupPlan_1.json
new file mode 100644
index 000000000..0f1820b8f
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.GetBackupPlan_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupPlan": {
+            "BackupPlanName": "440_backup_plan_red",
+            "Rules": [
+                {
+                    "RuleName": "440_backup_rule_red",
+                    "TargetBackupVaultName": "440_backup_vault_red",
+                    "ScheduleExpression": "cron(0 12 * * ? *)",
+                    "StartWindowMinutes": 60,
+                    "CompletionWindowMinutes": 180,
+                    "Lifecycle": {
+                        "MoveToColdStorageAfterDays": 365
+                    },
+                    "RuleId": "af8d0776-b385-465d-bc58-2443de9442a2",
+                    "EnableContinuousBackup": false
+                }
+            ]
+        },
+        "BackupPlanId": "ceed06ad-bfcc-406e-914f-3ad817eacd25",
+        "BackupPlanArn": "arn:aws:backup:us-east-1:111111111111:backup-plan:ceed06ad-bfcc-406e-914f-3ad817eacd25",
+        "VersionId": "MDljZmQ1Y2ItYTgyOC00MWY3LTkxZWMtNjk2ZWUyZjc4OWZk",
+        "CreationDate": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 6,
+            "hour": 13,
+            "minute": 41,
+            "second": 49,
+            "microsecond": 310000
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListBackupPlans_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListBackupPlans_1.json
new file mode 100644
index 000000000..1aa9e7651
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListBackupPlans_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupPlansList": [
+            {
+                "BackupPlanArn": "arn:aws:backup:us-east-1:111111111111:backup-plan:ceed06ad-bfcc-406e-914f-3ad817eacd25",
+                "BackupPlanId": "ceed06ad-bfcc-406e-914f-3ad817eacd25",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 13,
+                    "minute": 41,
+                    "second": 49,
+                    "microsecond": 310000
+                },
+                "VersionId": "MDljZmQ1Y2ItYTgyOC00MWY3LTkxZWMtNjk2ZWUyZjc4OWZk",
+                "BackupPlanName": "440_backup_plan_red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListTags_1.json b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListTags_1.json
new file mode 100644
index 000000000..8707d55a8
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/placebo-red/backup.ListTags_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {
+            "ComplianceStatus": "Red",
+            "CustodianRule": "ecc-aws-440-backup_service_compliant_lifecycle_enabled"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red_policy_test.py b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red_policy_test.py
new file mode 100644
index 000000000..d964f01e5
--- /dev/null
+++ b/tests/ecc-aws-440-backup_service_compliant_lifecycle_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Rules'][0]['Lifecycle']['MoveToColdStorageAfterDays'], 365)
+        base_test.assertNotIn('DeleteAfterDays', resources[0]['Rules'][0]['Lifecycle'])
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/backup.ListBackupVaults_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/backup.ListBackupVaults_1.json
new file mode 100644
index 000000000..d8cf1a11a
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/backup.ListBackupVaults_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupVaultList": [
+            {
+                "BackupVaultName": "442_backup_vault_green",
+                "BackupVaultArn": "arn:aws:backup:us-east-1:111111111111:backup-vault:442_backup_vault_green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 17,
+                    "minute": 24,
+                    "second": 17,
+                    "microsecond": 708000
+                },
+                "EncryptionKeyArn": "arn:aws:kms:us-east-1:111111111111:key/4fc2ab93-1f3f-4637-9fc8-5c624d4a56bd",
+                "NumberOfRecoveryPoints": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..9965035ce
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "4fc2ab93-1f3f-4637-9fc8-5c624d4a56bd",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/4fc2ab93-1f3f-4637-9fc8-5c624d4a56bd",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 1,
+                "day": 6,
+                "hour": 17,
+                "minute": 24,
+                "second": 7,
+                "microsecond": 602000
+            },
+            "Enabled": true,
+            "Description": "442_kms_key_green",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..714846f53
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/442_kms_alias_green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/442_kms_alias_green",
+                "TargetKeyId": "4fc2ab93-1f3f-4637-9fc8-5c624d4a56bd",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 17,
+                    "minute": 24,
+                    "second": 17,
+                    "microsecond": 479000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 17,
+                    "minute": 24,
+                    "second": 17,
+                    "microsecond": 479000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..762a4dee9
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:backup:us-east-1:111111111111:backup-vault:442_backup_vault_green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-442-backups_encrypted_with_kms_customer_master_keys"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_2.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_2.json
new file mode 100644
index 000000000..d48e38a8a
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-green/tagging.GetResources_2.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/4fc2ab93-1f3f-4637-9fc8-5c624d4a56bd",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-442-backups_encrypted_with_kms_customer_master_keys"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/backup.ListBackupVaults_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/backup.ListBackupVaults_1.json
new file mode 100644
index 000000000..1fe506729
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/backup.ListBackupVaults_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BackupVaultList": [
+            {
+                "BackupVaultName": "442_backup_vault_red",
+                "BackupVaultArn": "arn:aws:backup:us-east-1:111111111111:backup-vault:442_backup_vault_red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 17,
+                    "minute": 7,
+                    "second": 2,
+                    "microsecond": 937000
+                },
+                "EncryptionKeyArn": "arn:aws:kms:us-east-1:111111111111:key/86cac66f-e240-46a4-a5c6-527c91f61644",
+                "NumberOfRecoveryPoints": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..216f3e21d
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "86cac66f-e240-46a4-a5c6-527c91f61644",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/86cac66f-e240-46a4-a5c6-527c91f61644",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 3,
+                "day": 12,
+                "hour": 14,
+                "minute": 21,
+                "second": 30,
+                "microsecond": 822000
+            },
+            "Enabled": true,
+            "Description": "Default master key that protects my Backup data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..107a19f86
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/backup",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/backup",
+                "TargetKeyId": "86cac66f-e240-46a4-a5c6-527c91f61644",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 21,
+                    "second": 30,
+                    "microsecond": 990000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 21,
+                    "second": 30,
+                    "microsecond": 990000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d9c7fba81
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:backup:us-east-1:111111111111:backup-vault:442_backup_vault_red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-442-backups_encrypted_with_kms_customer_master_keys"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red_policy_test.py b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red_policy_test.py
new file mode 100644
index 000000000..fae459fb3
--- /dev/null
+++ b/tests/ecc-aws-442-backups_encrypted_with_kms_customer_master_keys/red_policy_test.py
@@ -0,0 +1,11 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        KeyArn = resources[0]['EncryptionKeyArn']
+        
+        kms_client = local_session.client("kms")
+        aliases = kms_client.list_aliases()
+        for alias_arn in aliases['Aliases'][0]['AliasArn']:
+            if alias_arn == KeyArn:
+                base_test.assertEqual(alias_arn, "alias/aws/backup")
diff --git a/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..4af1057a4
--- /dev/null
+++ b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,152 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 4,
+            "Items": [
+                {
+                    "Id": "E10ZBFZYJKFIT4",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E10ZBFZYJKFIT4",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 5,
+                        "day": 20,
+                        "hour": 12,
+                        "minute": 32,
+                        "second": 8,
+                        "microsecond": 908000
+                    },
+                    "DomainName": "d2zjnj8yzns2rx.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "ec2-23-22-229-158.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "https-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1.2"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "https-only",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "CA",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..a33967d64
--- /dev/null
+++ b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E10ZBFZYJKFIT4",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..8ab4092f5
--- /dev/null
+++ b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,152 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 4,
+            "Items": [
+                {
+                    "Id": "E32QEHSIE8V7TF",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E32QEHSIE8V7TF",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 5,
+                        "day": 20,
+                        "hour": 13,
+                        "minute": 32,
+                        "second": 12,
+                        "microsecond": 356000
+                    },
+                    "DomainName": "d2ohku0rzi86fg.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "ec2-3-84-182-11.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "https-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1.1"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "CA",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..811ecaa57
--- /dev/null
+++ b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E32QEHSIE8V7TF",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red_policy_test.py b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red_policy_test.py
new file mode 100644
index 000000000..67da1b85a
--- /dev/null
+++ b/tests/ecc-aws-444-use_secure_ssl_protocols_between_cloudfront_origin/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Origins']['Items'][0]['CustomOriginConfig']['OriginSslProtocols']['Items'][0], 'TLSv1.1')
\ No newline at end of file
diff --git a/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..c1ebf7f11
--- /dev/null
+++ b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220105094629190700000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database445green",
+                "Endpoint": {
+                    "Address": "terraform-20220105094629190700000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 9,
+                    "minute": 51,
+                    "second": 10,
+                    "microsecond": 84000
+                },
+                "PreferredBackupWindow": "05:33-06:03",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql8.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:50-fri:09:20",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "8.0.27",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-8-0",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-T5LX7JU3VK4S6WMVVMIMI3OOQQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220105094629190700000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-445-rds_mysql_instances_latest_major_version"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..ceb47ce2d
--- /dev/null
+++ b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220105102159676600000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database445red",
+                "Endpoint": {
+                    "Address": "terraform-20220105102159676600000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 10,
+                    "minute": 26,
+                    "second": 18,
+                    "microsecond": 514000
+                },
+                "PreferredBackupWindow": "07:30-08:00",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:05:28-sat:05:58",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-UXH6HILJLFHHMI2MD7YVHXZFSI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220105102159676600000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-445-rds_mysql_instances_latest_major_version"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/red_policy_test.py b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/red_policy_test.py
new file mode 100644
index 000000000..ee104da93
--- /dev/null
+++ b/tests/ecc-aws-445-rds_mysql_instances_latest_major_version/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn(resources[0]['Engine'], 'mysql')
+        base_test.assertIn(resources[0]['EngineVersion'], "5.7.33")
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..68bfd7941
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "6cc71fec-e7a7-403d-a252-e64fd4df1e25",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/6cc71fec-e7a7-403d-a252-e64fd4df1e25",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 1,
+                "day": 6,
+                "hour": 9,
+                "minute": 25,
+                "second": 13,
+                "microsecond": 985000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt SQS",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..26e3208b7
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/447-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/447-green",
+                "TargetKeyId": "6cc71fec-e7a7-403d-a252-e64fd4df1e25",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 11,
+                    "minute": 23,
+                    "second": 45,
+                    "microsecond": 786000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 11,
+                    "minute": 23,
+                    "second": 45,
+                    "microsecond": 786000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..50d0c2caf
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:447_sqs_green",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1641461113",
+            "LastModifiedTimestamp": "1641464811",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"First\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"sqs:SendMessage\",\"Resource\":\"arn:aws:sqs:us-east-1:111111111111:447_sqs_green\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "KmsMasterKeyId": "arn:aws:kms:us-east-1:111111111111:key/6cc71fec-e7a7-403d-a252-e64fd4df1e25",
+            "KmsDataKeyReusePeriodSeconds": "300",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.ListQueues_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.ListQueues_1.json
new file mode 100644
index 000000000..24ae03078
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/447_sqs_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8908333e9
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:111111111111:447_sqs_green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-447-sqs_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..f8487f94c
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "e93a1f42-c284-46f0-8e7a-15fd35d5e15b",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/e93a1f42-c284-46f0-8e7a-15fd35d5e15b",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 9,
+                "day": 8,
+                "hour": 12,
+                "minute": 13,
+                "second": 15,
+                "microsecond": 90000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my SQS messages when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..64d328d84
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/sqs",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/sqs",
+                "TargetKeyId": "e93a1f42-c284-46f0-8e7a-15fd35d5e15b",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 8,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 15,
+                    "microsecond": 244000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 8,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 15,
+                    "microsecond": 244000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..450f48c24
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:447_sqs_red",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1641463954",
+            "LastModifiedTimestamp": "1641463984",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"First\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"sqs:SendMessage\",\"Resource\":\"arn:aws:sqs:us-east-1:111111111111:447_sqs_red\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "KmsMasterKeyId": "alias/aws/sqs",
+            "KmsDataKeyReusePeriodSeconds": "300",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.ListQueues_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.ListQueues_1.json
new file mode 100644
index 000000000..460ed3710
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/447_sqs_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..002614cef
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:111111111111:447_sqs_red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-447-sqs_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..a972d7db2
--- /dev/null
+++ b/tests/ecc-aws-447-sqs_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['KmsMasterKeyId'], 'alias/aws/sqs')
\ No newline at end of file
diff --git a/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..c13b111ab
--- /dev/null
+++ b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E2X73RA7NM0R9D",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E2X73RA7NM0R9D",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 1,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 37,
+                        "second": 50,
+                        "microsecond": 520000
+                    },
+                    "DomainName": "d27p48v1togff2.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myGreenS3",
+                                "DomainName": "bucket-325-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myGreenS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "https-only",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "CWENK3MXLAGV4",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "US",
+                                "GB",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..cd155241e
--- /dev/null
+++ b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E2X73RA7NM0R9D",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-448-cloudfront_distribution_fieldlevel_encryption"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..08ede73d3
--- /dev/null
+++ b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,141 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "EZLILM9DPTHL3",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/EZLILM9DPTHL3",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 1,
+                        "day": 10,
+                        "hour": 13,
+                        "minute": 3,
+                        "second": 34,
+                        "microsecond": 485000
+                    },
+                    "DomainName": "d1oum7dvml9j18.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "bucket-325-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "CA",
+                                "US",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..266cebad5
--- /dev/null
+++ b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/EZLILM9DPTHL3",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-448-cloudfront_distribution_fieldlevel_encryption"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red_policy_test.py b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red_policy_test.py
new file mode 100644
index 000000000..23c0378f1
--- /dev/null
+++ b/tests/ecc-aws-448-cloudfront_distribution_fieldlevel_encryption/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DefaultCacheBehavior']["FieldLevelEncryptionId"], "")
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..f27366be4
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:449_sqs_green",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1641920904",
+            "LastModifiedTimestamp": "1641920935",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"449_sqs_green\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111111111111:root\"},\"Action\":\"sqs:*\",\"Resource\":\"arn:aws:sqs:us-east-1:111111111111:449_sqs_green\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.ListQueues_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.ListQueues_1.json
new file mode 100644
index 000000000..b7fc7ef05
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/449_sqs_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..61be9d23f
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:111111111111:449_sqs_green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-449-sqs_not_open_to_everyone"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..32b050405
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:449_sqs_red",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1641921004",
+            "LastModifiedTimestamp": "1641921034",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "Policy": "{\"Version\":\"2012-10-17\",\"Id\":\"sqspolicy\",\"Statement\":[{\"Sid\":\"449_sqs_red\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"sqs:*\",\"Resource\":\"arn:aws:sqs:us-east-1:111111111111:449_sqs_red\"}]}",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.ListQueues_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.ListQueues_1.json
new file mode 100644
index 000000000..e5c870e91
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/449_sqs_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..9b4922954
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:111111111111:449_sqs_red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-449-sqs_not_open_to_everyone"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-449-sqs_not_open_to_everyone/red_policy_test.py b/tests/ecc-aws-449-sqs_not_open_to_everyone/red_policy_test.py
new file mode 100644
index 000000000..7019ec7d3
--- /dev/null
+++ b/tests/ecc-aws-449-sqs_not_open_to_everyone/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertRegexpMatches(resources[0]['Policy'], ".*\\\"Principal\\\":\\\"[*]\\\".*")
\ No newline at end of file
diff --git a/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..a744db4cb
--- /dev/null
+++ b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-451-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green451",
+                "Endpoint": {
+                    "Address": "database-451-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 15,
+                    "minute": 52,
+                    "second": 9,
+                    "microsecond": 819000
+                },
+                "PreferredBackupWindow": "10:22-10:52",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-451-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:04:23-fri:04:53",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-SGXE65UW67M6FKCUXCSKRQK5YU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-451-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..2fc1c2ddd
--- /dev/null
+++ b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_parser_stats",
+                "ParameterValue": "0",
+                "Description": "Writes parser performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..eb5584547
--- /dev/null
+++ b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-451-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red451",
+                "Endpoint": {
+                    "Address": "database-451-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 2,
+                    "second": 4,
+                    "microsecond": 886000
+                },
+                "PreferredBackupWindow": "10:04-10:34",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-451-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:04:59-sun:05:29",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-SD6R2U4GYOJJNZT6F3NLPVVYW4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-451-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..2c82c9647
--- /dev/null
+++ b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_parser_stats",
+                "ParameterValue": "1",
+                "Description": "Writes parser performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red_policy_test.py b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red_policy_test.py
new file mode 100644
index 000000000..e422c03e3
--- /dev/null
+++ b/tests/ecc-aws-451-postgresql_log_parser_stats_flag_is_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_planner_stats":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..056265994
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "452_cloudtrail_green",
+                "S3BucketName": "452-bucket-green",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/452_cloudtrail_green",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": true,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.GetEventSelectors_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.GetEventSelectors_1.json
new file mode 100644
index 000000000..efe348f3a
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/cloudtrail.GetEventSelectors_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/452_cloudtrail_green",
+        "EventSelectors": [
+            {
+                "ReadWriteType": "WriteOnly",
+                "IncludeManagementEvents": true,
+                "DataResources": [],
+                "ExcludeManagementEventSources": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..f3677b61c
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "452_cloudtrail_red",
+                "S3BucketName": "452-bucket-red",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/452_cloudtrail_red",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": true,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.GetEventSelectors_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.GetEventSelectors_1.json
new file mode 100644
index 000000000..609808c31
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/cloudtrail.GetEventSelectors_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/452_cloudtrail_red",
+        "EventSelectors": [
+            {
+                "ReadWriteType": "WriteOnly",
+                "IncludeManagementEvents": false,
+                "DataResources": [
+                    {
+                        "Type": "AWS::Lambda::Function",
+                        "Values": [
+                            "arn:aws:lambda"
+                        ]
+                    }
+                ],
+                "ExcludeManagementEventSources": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-452-cloudtrail_logs_management_events/red_policy_test.py b/tests/ecc-aws-452-cloudtrail_logs_management_events/red_policy_test.py
new file mode 100644
index 000000000..f186ec006
--- /dev/null
+++ b/tests/ecc-aws-452-cloudtrail_logs_management_events/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        Name = resources[0]['Name']
+        cloudtrail_client = local_session.client("cloudtrail")
+        IncludeManagementEvents = cloudtrail_client.get_event_selectors(TrailName=Name)['EventSelectors'][0]['IncludeManagementEvents']
+        base_test.assertFalse(IncludeManagementEvents)
+
diff --git a/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/events.ListEventBuses_1.json b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/events.ListEventBuses_1.json
new file mode 100644
index 000000000..3247bd78f
--- /dev/null
+++ b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/events.ListEventBuses_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "EventBuses": [
+            {
+                "Name": "default",
+                "Arn": "arn:aws:events:us-east-1:111111111111:event-bus/default"
+            },
+            {
+                "Name": "453_event_bus_green",
+                "Arn": "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_green",
+                "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"453_event_bus_policy_green\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"111111111111\"},\"Action\":\"events:DescribeEventBus\",\"Resource\":\"arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_green\"}]}"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..40976bfe3
--- /dev/null
+++ b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_green",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-453-event_bus_is_exposed_to_everyone"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/events.ListEventBuses_1.json b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/events.ListEventBuses_1.json
new file mode 100644
index 000000000..f0daff885
--- /dev/null
+++ b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/events.ListEventBuses_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "EventBuses": [
+            {
+                "Name": "default",
+                "Arn": "arn:aws:events:us-east-1:111111111111:event-bus/default"
+            },
+            {
+                "Name": "453_event_bus_red",
+                "Arn": "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_red",
+                "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"453_event_bus_policy_red\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"events:DescribeEventBus\",\"Resource\":\"arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_red\"}]}"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..e898b9c58
--- /dev/null
+++ b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:events:us-east-1:111111111111:event-bus/453_event_bus_red",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-453-event_bus_is_exposed_to_everyone"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/red_policy_test.py b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/red_policy_test.py
new file mode 100644
index 000000000..7019ec7d3
--- /dev/null
+++ b/tests/ecc-aws-453-event_bus_is_exposed_to_everyone/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertRegexpMatches(resources[0]['Policy'], ".*\\\"Principal\\\":\\\"[*]\\\".*")
\ No newline at end of file
diff --git a/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..263908346
--- /dev/null
+++ b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-454-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green454",
+                "Endpoint": {
+                    "Address": "database-454-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 10,
+                    "hour": 15,
+                    "minute": 43,
+                    "second": 20,
+                    "microsecond": 735000
+                },
+                "PreferredBackupWindow": "08:35-09:05",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-454-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:09:47-mon:10:17",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-7WP4HAMTXQ2RVACB23JUIQWX6Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-454-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-454-postgresql_log_planner_stats_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..c39998660
--- /dev/null
+++ b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_planner_stats",
+                "ParameterValue": "0",
+                "Description": "Writes planner performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..60daac2e7
--- /dev/null
+++ b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-454-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red454",
+                "Endpoint": {
+                    "Address": "database-454-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 10,
+                    "hour": 15,
+                    "minute": 11,
+                    "second": 19,
+                    "microsecond": 797000
+                },
+                "PreferredBackupWindow": "04:49-05:19",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-454-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:09:06-wed:09:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-2WUSOT7H6QACUSY77YM6K3QYIE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-454-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-454-postgresql_log_planner_stats_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..cf07e5c36
--- /dev/null
+++ b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_planner_stats",
+                "ParameterValue": "1",
+                "Description": "Writes planner performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red_policy_test.py b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..e422c03e3
--- /dev/null
+++ b/tests/ecc-aws-454-postgresql_log_planner_stats_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_planner_stats":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..60575b434
--- /dev/null
+++ b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-455-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green455",
+                "Endpoint": {
+                    "Address": "database-455-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 11,
+                    "hour": 11,
+                    "minute": 9,
+                    "second": 26,
+                    "microsecond": 249000
+                },
+                "PreferredBackupWindow": "03:42-04:12",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-455-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:04:43-tue:05:13",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-A6QP22D4XM4KQF26TIOWDRE7BY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-455-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-455-postgresql_log_executor_stats_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..02ddfe912
--- /dev/null
+++ b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_executor_stats",
+                "ParameterValue": "0",
+                "Description": "Writes executor performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..737d4905d
--- /dev/null
+++ b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-455-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red455",
+                "Endpoint": {
+                    "Address": "database-455-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 11,
+                    "hour": 11,
+                    "minute": 16,
+                    "second": 32,
+                    "microsecond": 453000
+                },
+                "PreferredBackupWindow": "04:58-05:28",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-455-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:05:55-tue:06:25",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-2TEO4434ETGELS2VU3PAMI5CAE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-455-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-455-postgresql_log_executor_stats_flag_disabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..e37ae0c03
--- /dev/null
+++ b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_executor_stats",
+                "ParameterValue": "1",
+                "Description": "Writes executor performance statistics to the server log.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red_policy_test.py b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..2a5b3a01e
--- /dev/null
+++ b/tests/ecc-aws-455-postgresql_log_executor_stats_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_executor_stats":
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..b9925d5c6
--- /dev/null
+++ b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-457-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green457",
+                "Endpoint": {
+                    "Address": "database-457-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 47,
+                    "second": 7,
+                    "microsecond": 136000
+                },
+                "PreferredBackupWindow": "06:08-06:38",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-457-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:04:36-thu:05:06",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-XTXOWJRJHVYV42YB3PCJEATFEQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-457-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..d144360ad
--- /dev/null
+++ b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_error_statement",
+                "ParameterValue": "error",
+                "Description": "Causes all statements generating error at or above this level to be logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal,panic",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e5945dadc
--- /dev/null
+++ b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-457-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "postgres",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red457",
+                "Endpoint": {
+                    "Address": "database-457-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 5432,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 55,
+                    "second": 48,
+                    "microsecond": 370000
+                },
+                "PreferredBackupWindow": "06:58-07:28",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-457-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:06:16-fri:06:46",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "13.3",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "postgresql-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:postgres-13",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-NBU2HKNS7TX6I5DBSXKMFW4FCU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-457-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..487311598
--- /dev/null
+++ b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_error_statement",
+                "ParameterValue": "info",
+                "Description": "Causes all statements generating error at or above this level to be logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "debug5,debug4,debug3,debug2,debug1,info,notice,warning,error,log,fatal,panic",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red_policy_test.py b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..e16e0daff
--- /dev/null
+++ b/tests/ecc-aws-457-postgresql_log_min_error_statement_flag_set_correctly/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "postgres")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_min_error_statement":
+              base_test.assertEqual(parameter['ParameterValue'], 'info')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.GetVaultAccessPolicy_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.GetVaultAccessPolicy_1.json
new file mode 100644
index 000000000..977e95d0e
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.GetVaultAccessPolicy_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "policy": {
+            "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"458_glacier_vault_green\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"arn:aws:iam::111111111111:root\"},\"Action\":\"glacier:ListVaults\",\"Resource\":\"arn:aws:glacier:us-east-1:111111111111:vaults/458_glacier_vault_green\"}]}"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListTagsForVault_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListTagsForVault_1.json
new file mode 100644
index 000000000..5d2e00d2c
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListTagsForVault_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {
+            "ComplianceStatus": "Green",
+            "CustodianRule": "ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListVaults_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListVaults_1.json
new file mode 100644
index 000000000..e434fee53
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-green/glacier.ListVaults_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "VaultList": [
+            {
+                "VaultARN": "arn:aws:glacier:us-east-1:111111111111:vaults/458_glacier_vault_green",
+                "VaultName": "458_glacier_vault_green",
+                "CreationDate": "2022-01-18T09:24:33.697Z",
+                "NumberOfArchives": 0,
+                "SizeInBytes": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.GetVaultAccessPolicy_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.GetVaultAccessPolicy_1.json
new file mode 100644
index 000000000..bfb87bc4f
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.GetVaultAccessPolicy_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "policy": {
+            "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"458_glacier_vault_red\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"glacier:ListVaults\",\"Resource\":\"arn:aws:glacier:us-east-1:111111111111:vaults/458_glacier_vault_red\"}]}"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListTagsForVault_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListTagsForVault_1.json
new file mode 100644
index 000000000..379e38555
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListTagsForVault_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {
+            "ComplianceStatus": "Red",
+            "CustodianRule": "ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListVaults_1.json b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListVaults_1.json
new file mode 100644
index 000000000..c707c410a
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/placebo-red/glacier.ListVaults_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "VaultList": [
+            {
+                "VaultARN": "arn:aws:glacier:us-east-1:111111111111:vaults/458_glacier_vault_red",
+                "VaultName": "458_glacier_vault_red",
+                "CreationDate": "2022-01-18T09:54:53.926Z",
+                "NumberOfArchives": 0,
+                "SizeInBytes": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red_policy_test.py b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red_policy_test.py
new file mode 100644
index 000000000..69b8dead2
--- /dev/null
+++ b/tests/ecc-aws-458-glacier_vault_access_policy_does_not_allow_actions_from_all_principals/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        glacier_client = local_session.client("glacier")
+        Name = resources[0]['VaultName']
+        policy = glacier_client.get_vault_access_policy(accountId='-', vaultName=Name)['policy']['Policy']
+        base_test.assertRegexpMatches(policy, ".*\\\"Principal\\\":\\\"[*]\\\".*")
+        
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorderStatus_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
new file mode 100644
index 000000000..347284e78
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorderStatus_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecordersStatus": [
+            {
+                "name": "default",
+                "lastStartTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 13,
+                    "minute": 12,
+                    "second": 34,
+                    "microsecond": 605000
+                },
+                "recording": true,
+                "lastStatus": "SUCCESS",
+                "lastStatusChangeTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 13,
+                    "minute": 12,
+                    "second": 46,
+                    "microsecond": 171000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorders_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorders_1.json
new file mode 100644
index 000000000..a62deea53
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeConfigurationRecorders_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecorders": [
+            {
+                "name": "default",
+                "roleARN": "arn:aws:iam::111111111111:role/459_role_green",
+                "recordingGroup": {
+                    "allSupported": false,
+                    "includeGlobalResourceTypes": false,
+                    "resourceTypes": [
+                        "AWS::RDS::DBInstance"
+                    ]
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeDeliveryChannels_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeDeliveryChannels_1.json
new file mode 100644
index 000000000..0fac8a540
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-green/config.DescribeDeliveryChannels_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryChannels": [
+            {
+                "name": "default",
+                "s3BucketName": "bucket-459-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorderStatus_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
new file mode 100644
index 000000000..7dfaffefd
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorderStatus_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecordersStatus": [
+            {
+                "name": "default",
+                "lastStartTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 13,
+                    "minute": 37,
+                    "second": 53,
+                    "microsecond": 915000
+                },
+                "recording": true,
+                "lastStatus": "FAILURE",
+                "lastErrorCode": "AccessDenied",
+                "lastErrorMessage": "Unable to assume role: arn:aws:iam::111111111111:role/459_role_red",
+                "lastStatusChangeTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 30,
+                    "hour": 13,
+                    "minute": 59,
+                    "second": 19,
+                    "microsecond": 775000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorders_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorders_1.json
new file mode 100644
index 000000000..909ac65c7
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeConfigurationRecorders_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "ConfigurationRecorders": [
+            {
+                "name": "default",
+                "roleARN": "arn:aws:iam::111111111111:role/459_role_red",
+                "recordingGroup": {
+                    "allSupported": true,
+                    "includeGlobalResourceTypes": false,
+                    "resourceTypes": []
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeDeliveryChannels_1.json b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeDeliveryChannels_1.json
new file mode 100644
index 000000000..45b8f0675
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/placebo-red/config.DescribeDeliveryChannels_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryChannels": [
+            {
+                "name": "default",
+                "s3BucketName": "bucket-459-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-459-config_delivery_failed/red_policy_test.py b/tests/ecc-aws-459-config_delivery_failed/red_policy_test.py
new file mode 100644
index 000000000..5dd3f9bfd
--- /dev/null
+++ b/tests/ecc-aws-459-config_delivery_failed/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['status']['lastStatus'], 'FAILURE')
\ No newline at end of file
diff --git a/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..2aaac3389
--- /dev/null
+++ b/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-461-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 17,
+                    "minute": 51,
+                    "second": 39,
+                    "microsecond": 671000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:13:07-sat:13:37",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.7",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:UM3S7JB7K5M7NGHUWRC3JIOIG3IS2Y2O2R24FYA",
+                "ReplicationInstancePrivateIpAddress": "172.31.8.162",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.8.162"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..9337be4c9
--- /dev/null
+++ b/tests/ecc-aws-461-dms_latest_version/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-461-dms_latest_version"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..0f3a834a1
--- /dev/null
+++ b/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-461-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 11,
+                    "hour": 14,
+                    "minute": 22,
+                    "second": 48,
+                    "microsecond": 615000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:10:42-fri:11:12",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.2",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:K66KNPLYAMBNS3VGY5D5IPEZB7TRIKBOFHREJSQ",
+                "ReplicationInstancePrivateIpAddress": "172.31.94.218",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.94.218"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..402a1499f
--- /dev/null
+++ b/tests/ecc-aws-461-dms_latest_version/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-461-dms_latest_version"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-461-dms_latest_version/red_policy_test.py b/tests/ecc-aws-461-dms_latest_version/red_policy_test.py
new file mode 100644
index 000000000..0fcf3dd25
--- /dev/null
+++ b/tests/ecc-aws-461-dms_latest_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EngineVersion'], '3.4.2')
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..395cef2af
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/464-sagemaker-notebook-instance-green",
+        "NotebookInstanceName": "464-sagemaker-notebook-instance-green",
+        "NotebookInstanceStatus": "InService",
+        "Url": "464-sagemaker-notebook-instance-green-8t7o.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/464_role_green",
+        "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/f693fa1e-ae7d-4666-acf4-434926f1abcb",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 18,
+            "hour": 7,
+            "minute": 31,
+            "second": 27,
+            "microsecond": 93000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 18,
+            "hour": 7,
+            "minute": 24,
+            "second": 56,
+            "microsecond": 126000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al1-v1",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..684d56cd8
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "464-sagemaker-notebook-instance-green",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/464-sagemaker-notebook-instance-green",
+                "NotebookInstanceStatus": "InService",
+                "Url": "464-sagemaker-notebook-instance-green-8t7o.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 24,
+                    "second": 56,
+                    "microsecond": 126000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 31,
+                    "second": 27,
+                    "microsecond": 93000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..b3e8c62d6
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-464-sagemaker_instances_encrypted"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..752c76108
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/464-sagemaker-notebook-instance-red",
+        "NotebookInstanceName": "464-sagemaker-notebook-instance-red",
+        "NotebookInstanceStatus": "InService",
+        "Url": "464-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/464_role_red",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 18,
+            "hour": 7,
+            "minute": 39,
+            "second": 3,
+            "microsecond": 148000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 1,
+            "day": 18,
+            "hour": 7,
+            "minute": 33,
+            "second": 39,
+            "microsecond": 774000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al1-v1",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..b2cc99f36
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "464-sagemaker-notebook-instance-red",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/464-sagemaker-notebook-instance-red",
+                "NotebookInstanceStatus": "InService",
+                "Url": "464-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 33,
+                    "second": 39,
+                    "microsecond": 774000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 39,
+                    "second": 3,
+                    "microsecond": 148000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..7739b57ed
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..90bbf2fde
--- /dev/null
+++ b/tests/ecc-aws-464-sagemaker_instances_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsKeyId', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..90470cb81
--- /dev/null
+++ b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-469-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 0,
+                    "second": 24,
+                    "microsecond": 320000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1e",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:25-fri:08:55",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.6",
+                "AutoMinorVersionUpgrade": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:P34GLXGKPJOMYJBPTNF3WWR7NTX5UJA2ISBHGPY",
+                "ReplicationInstancePrivateIpAddress": "172.31.63.157",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.63.157"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..82685ebcb
--- /dev/null
+++ b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-469-dms_auto_minor_version_upgrade"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..aeab923d6
--- /dev/null
+++ b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-469-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 18,
+                    "second": 54,
+                    "microsecond": 148000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "thu:11:52-thu:12:22",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.2",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:NSKH4LYP2M2TQWZJPJV7KJ7MWRASC3OALFZXIXY",
+                "ReplicationInstancePrivateIpAddress": "172.31.84.78",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.84.78"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..e1987395d
--- /dev/null
+++ b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-469-dms_auto_minor_version_upgrade"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-469-dms_auto_minor_version_upgrade/red_policy_test.py b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/red_policy_test.py
new file mode 100644
index 000000000..94ab24e94
--- /dev/null
+++ b/tests/ecc-aws-469-dms_auto_minor_version_upgrade/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AutoMinorVersionUpgrade'])
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..33cd48cbd
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-470-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 8,
+                    "hour": 9,
+                    "minute": 22,
+                    "second": 20,
+                    "microsecond": 200000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:13:00-sat:13:30",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.6",
+                "AutoMinorVersionUpgrade": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/f21e45e3-97ad-471e-ba12-63a9504d53f8",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:Z66J4BNIX2YB4A3RC7X44ABA63RMCXBAL6JHI3Q",
+                "ReplicationInstancePrivateIpAddress": "172.31.42.104",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.42.104"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..95959498e
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..fc025440b
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "f21e45e3-97ad-471e-ba12-63a9504d53f8",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/f21e45e3-97ad-471e-ba12-63a9504d53f8",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 6,
+                "day": 8,
+                "hour": 9,
+                "minute": 15,
+                "second": 56,
+                "microsecond": 983000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt DMS",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..913113fed
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/470-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/470-green",
+                "TargetKeyId": "f21e45e3-97ad-471e-ba12-63a9504d53f8",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 8,
+                    "hour": 9,
+                    "minute": 16,
+                    "second": 10,
+                    "microsecond": 263000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 8,
+                    "hour": 9,
+                    "minute": 16,
+                    "second": 10,
+                    "microsecond": 263000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..7db3bf162
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/f21e45e3-97ad-471e-ba12-63a9504d53f8",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..8e364f066
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-470-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 8,
+                    "hour": 9,
+                    "minute": 35,
+                    "second": 29,
+                    "microsecond": 267000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:10:23-sat:10:53",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.6",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:B2PVGUB6DPROVYNCLJ5FUVK2S3AXR5KEQ4PFG5I",
+                "ReplicationInstancePrivateIpAddress": "172.31.85.131",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.85.131"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..824b99128
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..8690d119d
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "e56f2d19-2ba5-4c25-829a-44ad8f133131",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 10,
+                "day": 25,
+                "hour": 13,
+                "minute": 14,
+                "second": 20,
+                "microsecond": 307000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my DMS replication instance volumes when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..bc9228738
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/dms",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/dms",
+                "TargetKeyId": "e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 13,
+                    "minute": 14,
+                    "second": 20,
+                    "microsecond": 431000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 13,
+                    "minute": 14,
+                    "second": 20,
+                    "microsecond": 431000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..d82ef9487
--- /dev/null
+++ b/tests/ecc-aws-470-dms_replication_instances_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        key_raw = resources[0]['KmsKeyId']
+        key_id = key_raw.split('/')
+        kms = local_session.client("kms").describe_key(KeyId=key_id[1])
+        base_test.assertEqual(kms['KeyMetadata']['KeyManager'], 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..cc7a10acc
--- /dev/null
+++ b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-471-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN471",
+                "Endpoint": {
+                    "Address": "database-471-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 13,
+                    "minute": 20,
+                    "second": 46,
+                    "microsecond": 441000
+                },
+                "PreferredBackupWindow": "09:20-09:50",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-471-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:04:18-sat:04:48",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-JG4AQVBSJ6KV74M46KTPNWRDLE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-471-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-471-oracle_audit_sys_operations_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..2db59c881
--- /dev/null
+++ b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_sys_operations",
+                "ParameterValue": "TRUE",
+                "Description": "enable sys auditing",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..3c99fdaab
--- /dev/null
+++ b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-471-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED471",
+                "Endpoint": {
+                    "Address": "database-471-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 18,
+                    "hour": 13,
+                    "minute": 43,
+                    "second": 47,
+                    "microsecond": 731000
+                },
+                "PreferredBackupWindow": "09:20-09:50",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-471-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:06:29-wed:06:59",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-MSOLTJB34ZSF733TW7DFD2Q25A",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-471-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-471-oracle_audit_sys_operations_flag_enabled"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..579ddff35
--- /dev/null
+++ b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_sys_operations",
+                "ParameterValue": "FALSE",
+                "Description": "enable sys auditing",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red_policy_test.py b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..ec86e987d
--- /dev/null
+++ b/tests/ecc-aws-471-oracle_audit_sys_operations_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="audit_sys_operations":
+              base_test.assertEqual(parameter['ParameterValue'], 'FALSE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..a37c04f5a
--- /dev/null
+++ b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-472-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN472",
+                "Endpoint": {
+                    "Address": "database-472-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 12,
+                    "minute": 8,
+                    "second": 27,
+                    "microsecond": 622000
+                },
+                "PreferredBackupWindow": "09:39-10:09",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-472-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:03-fri:08:33",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-ZRYALPDIJHEHTZKNUWODBIR4QY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-472-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-472-oracle_audit_trail_flag_set_correctly"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..26f255d7b
--- /dev/null
+++ b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_trail",
+                "ParameterValue": "XML",
+                "Description": "enable system auditing",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "list",
+                "AllowedValues": "DB,OS,NONE,XML,EXTENDED",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..eadac55d6
--- /dev/null
+++ b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-472-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED472",
+                "Endpoint": {
+                    "Address": "database-472-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 6,
+                    "hour": 12,
+                    "minute": 24,
+                    "second": 38,
+                    "microsecond": 86000
+                },
+                "PreferredBackupWindow": "09:50-10:20",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-472-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:07:12-fri:07:42",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-JKMR4G3VE35W63RO235CSUF5EE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-472-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-472-oracle_audit_trail_flag_set_correctly"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..cba555231
--- /dev/null
+++ b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_trail",
+                "ParameterValue": "NONE",
+                "Description": "enable system auditing",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "list",
+                "AllowedValues": "DB,OS,NONE,XML,EXTENDED",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red_policy_test.py b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..993923555
--- /dev/null
+++ b/tests/ecc-aws-472-oracle_audit_trail_flag_set_correctly/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="audit_trail":
+              base_test.assertEqual(parameter['ParameterValue'], 'NONE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..9b3a77218
--- /dev/null
+++ b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-473-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN473",
+                "Endpoint": {
+                    "Address": "database-473-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 10,
+                    "hour": 8,
+                    "minute": 37,
+                    "second": 2,
+                    "microsecond": 11000
+                },
+                "PreferredBackupWindow": "04:47-05:17",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-473-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:08:54-wed:09:24",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-YOQKIHILZTFPX7OT647B2CA4XA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-473-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-473-oracle_global_names_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..845292feb
--- /dev/null
+++ b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "global_names",
+                "ParameterValue": "TRUE",
+                "Description": "enforce that database links have same name as remote database",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..d1bc17337
--- /dev/null
+++ b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-473-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED473",
+                "Endpoint": {
+                    "Address": "database-473-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 10,
+                    "hour": 8,
+                    "minute": 23,
+                    "second": 20,
+                    "microsecond": 753000
+                },
+                "PreferredBackupWindow": "03:21-03:51",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-473-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:07:12-sun:07:42",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-Z277DJVBNNSA7O7GVAZCGKQJ4Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-473-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-473-oracle_global_names_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..4bc384b76
--- /dev/null
+++ b/tests/ecc-aws-473-oracle_global_names_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "global_names",
+                "ParameterValue": "FALSE",
+                "Description": "enforce that database links have same name as remote database",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-473-oracle_global_names_flag_enabled/red_policy_test.py b/tests/ecc-aws-473-oracle_global_names_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..957e8340d
--- /dev/null
+++ b/tests/ecc-aws-473-oracle_global_names_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="global_names":
+              base_test.assertEqual(parameter['ParameterValue'], 'FALSE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..acafd0141
--- /dev/null
+++ b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-474-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN474",
+                "Endpoint": {
+                    "Address": "database-474-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 8,
+                    "minute": 37,
+                    "second": 52,
+                    "microsecond": 935000
+                },
+                "PreferredBackupWindow": "09:59-10:29",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-474-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:08:08-sun:08:38",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-FNUOBTXOKJBYPGMXSXRLAY62OA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-474-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-474-oracle_remote_listener_flag_empty"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..78732ffa4
--- /dev/null
+++ b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "remote_listener",
+                "Description": "remote listener",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..4ee427238
--- /dev/null
+++ b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-474-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED474",
+                "Endpoint": {
+                    "Address": "database-474-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 58,
+                    "second": 8,
+                    "microsecond": 515000
+                },
+                "PreferredBackupWindow": "07:46-08:16",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-474-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:09:21-sat:09:51",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-VU3IK4J62OSZLMSO3Q3ZFVOTT4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-474-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-474-oracle_remote_listener_flag_empty"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..c9daef858
--- /dev/null
+++ b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "remote_listener",
+                "ParameterValue": "10.0.159.100:1521",
+                "Description": "remote listener",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-474-oracle_remote_listener_flag_empty/red_policy_test.py b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/red_policy_test.py
new file mode 100644
index 000000000..84a060c93
--- /dev/null
+++ b/tests/ecc-aws-474-oracle_remote_listener_flag_empty/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="remote_listener":
+              base_test.assertEqual(parameter['ParameterValue'], '10.0.159.100:1521')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..d4e453517
--- /dev/null
+++ b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-475-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN475",
+                "Endpoint": {
+                    "Address": "database-475-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 24,
+                    "second": 1,
+                    "microsecond": 937000
+                },
+                "PreferredBackupWindow": "03:23-03:53",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-475-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "wed:06:22-wed:06:52",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-TYQBVONQEAW4IWHHAETTZG73AE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-475-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-475-oracle_sec_max_failed_attempts_flag_is_3_or_less"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..80d08446e
--- /dev/null
+++ b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_max_failed_login_attempts",
+                "ParameterValue": "2",
+                "Description": "maximum number of failed login attempts on a connection",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "1-100000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..22cc934ad
--- /dev/null
+++ b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-475-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED475",
+                "Endpoint": {
+                    "Address": "database-475-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 9,
+                    "second": 14,
+                    "microsecond": 683000
+                },
+                "PreferredBackupWindow": "06:21-06:51",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-475-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:04:40-mon:05:10",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-TRTW3JHCYFDFO4WCBTHH74RVU4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-475-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-475-oracle_sec_max_failed_attempts_flag_is_3_or_less"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..ec15c83bc
--- /dev/null
+++ b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_max_failed_login_attempts",
+                "ParameterValue": "4",
+                "Description": "maximum number of failed login attempts on a connection",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "integer",
+                "AllowedValues": "1-100000",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red_policy_test.py b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red_policy_test.py
new file mode 100644
index 000000000..de7d32aff
--- /dev/null
+++ b/tests/ecc-aws-475-oracle_sec_max_failed_login_attempts_flag_is_3_or_less/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sec_max_failed_login_attempts":
+              base_test.assertEqual(parameter['ParameterValue'], '4')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..6fcd45060
--- /dev/null
+++ b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-476-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN476",
+                "Endpoint": {
+                    "Address": "database-476-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 28,
+                    "hour": 12,
+                    "minute": 57,
+                    "second": 19,
+                    "microsecond": 780000
+                },
+                "PreferredBackupWindow": "08:20-08:50",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-476-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:06:53-sun:07:23",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-BY2DI4UNHACTEWKPRO3YJLSDDQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-476-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..9273adead
--- /dev/null
+++ b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_protocol_error_further_action",
+                "ParameterValue": "(DROP,3)",
+                "Description": "TTC protocol error continue action",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..f9e2b039b
--- /dev/null
+++ b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-476-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED476",
+                "Endpoint": {
+                    "Address": "database-476-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 28,
+                    "hour": 13,
+                    "minute": 16,
+                    "second": 56,
+                    "microsecond": 351000
+                },
+                "PreferredBackupWindow": "04:42-05:12",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-476-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:05:26-sat:05:56",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-NBXSEI3RWFECBDGNFCKUWRNPSI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-476-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..03987b85e
--- /dev/null
+++ b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_protocol_error_further_action",
+                "ParameterValue": "(DROP,15)",
+                "Description": "TTC protocol error continue action",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red_policy_test.py b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red_policy_test.py
new file mode 100644
index 000000000..091eef563
--- /dev/null
+++ b/tests/ecc-aws-476-oracle_sec_protocol_error_further_action_flag_set_to_drop_3/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sec_protocol_error_further_action":
+              base_test.assertEqual(parameter['ParameterValue'], '(DROP,15)')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..254d501de
--- /dev/null
+++ b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-477-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN477",
+                "Endpoint": {
+                    "Address": "database-477-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 37,
+                    "second": 19,
+                    "microsecond": 518000
+                },
+                "PreferredBackupWindow": "05:45-06:15",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-477-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:03:20-tue:03:50",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-BE6MVQFZ5EXS74IWNE7PZASGBI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-477-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..feb13a806
--- /dev/null
+++ b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_protocol_error_trace_action",
+                "ParameterValue": "LOG",
+                "Description": "TTC protocol error action",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "NONE,TRACE,LOG,ALERT",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..d3ee704bb
--- /dev/null
+++ b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-477-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED477",
+                "Endpoint": {
+                    "Address": "database-477-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 13,
+                    "minute": 30,
+                    "second": 51,
+                    "microsecond": 419000
+                },
+                "PreferredBackupWindow": "05:16-05:46",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-477-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:07:38-mon:08:08",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-CYGME7DOPX4AWJXUJEERBR5B64",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-477-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..4a0de1057
--- /dev/null
+++ b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_protocol_error_trace_action",
+                "ParameterValue": "NONE",
+                "Description": "TTC protocol error action",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "NONE,TRACE,LOG,ALERT",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red_policy_test.py b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red_policy_test.py
new file mode 100644
index 000000000..5c95dbf21
--- /dev/null
+++ b/tests/ecc-aws-477-oracle_sec_protocol_error_trace_action_flag_set_to_log/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sec_protocol_error_trace_action":
+              base_test.assertEqual(parameter['ParameterValue'], 'NONE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..1832ac72d
--- /dev/null
+++ b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-478-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN478",
+                "Endpoint": {
+                    "Address": "database-478-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 10,
+                    "minute": 4,
+                    "second": 13,
+                    "microsecond": 47000
+                },
+                "PreferredBackupWindow": "10:10-10:40",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-478-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:05:06-fri:05:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-2Z3HNAMO2KCTRDNCKBCECFILZ4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-478-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..57fda02c3
--- /dev/null
+++ b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_return_server_release_banner",
+                "ParameterValue": "FALSE",
+                "Description": "whether the server retruns the complete version information",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2ce42c72a
--- /dev/null
+++ b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-478-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED478",
+                "Endpoint": {
+                    "Address": "database-478-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 4,
+                    "second": 35,
+                    "microsecond": 15000
+                },
+                "PreferredBackupWindow": "08:39-09:09",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-478-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:10:06-sun:10:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-GLNYRHP6SOBELUTJEHLRAV6CO4",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-478-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..40e7f00df
--- /dev/null
+++ b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sec_return_server_release_banner",
+                "ParameterValue": "TRUE",
+                "Description": "whether the server retruns the complete version information",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red_policy_test.py b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red_policy_test.py
new file mode 100644
index 000000000..30f9875f5
--- /dev/null
+++ b/tests/ecc-aws-478-oracle_sec_return_server_release_banner_flag_disabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sec_return_server_release_banner":
+              base_test.assertEqual(parameter['ParameterValue'], 'TRUE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..180a8af66
--- /dev/null
+++ b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-479-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN479",
+                "Endpoint": {
+                    "Address": "database-479-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 42,
+                    "second": 36,
+                    "microsecond": 811000
+                },
+                "PreferredBackupWindow": "08:11-08:41",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-479-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:04:30-mon:05:00",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-JBPYTZUASZSTPCO4NMSTD3WFRQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-479-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-479-oracle_sql92_security_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..2799edec8
--- /dev/null
+++ b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sql92_security",
+                "ParameterValue": "TRUE",
+                "Description": "require select privilege for searched update/delete",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2f2f448f9
--- /dev/null
+++ b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,146 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-479-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED479",
+                "Endpoint": {
+                    "Address": "database-479-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 44,
+                    "second": 13,
+                    "microsecond": 433000
+                },
+                "PreferredBackupWindow": "04:56-05:26",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-479-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:03:00-tue:03:30",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-USSXVLM5FAP3NRZ3LZI7R672NI",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-479-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-479-oracle_sql92_security_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..d6f3b187a
--- /dev/null
+++ b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sql92_security",
+                "ParameterValue": "FALSE",
+                "Description": "require select privilege for searched update/delete",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/red_policy_test.py b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..584e60eb3
--- /dev/null
+++ b/tests/ecc-aws-479-oracle_sql92_security_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sql92_security":
+              base_test.assertEqual(parameter['ParameterValue'], 'FALSE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..2369ef995
--- /dev/null
+++ b/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-480-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN480",
+                "Endpoint": {
+                    "Address": "database-480-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 13,
+                    "hour": 11,
+                    "minute": 7,
+                    "second": 23,
+                    "microsecond": 792000
+                },
+                "PreferredBackupWindow": "03:34-04:04",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-480-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:07:09-tue:07:39",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-OTVR67WI5RXJR6TENY7KMBXRUQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-480-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-480-oracle_trace_files_public"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..7809bbb4e
--- /dev/null
+++ b/tests/ecc-aws-480-oracle_trace_files_public/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "_trace_files_public",
+                "ParameterValue": "FALSE",
+                "Description": "Create publicly accessible trace files",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..952d96c98
--- /dev/null
+++ b/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-480-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED480",
+                "Endpoint": {
+                    "Address": "database-480-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 13,
+                    "hour": 10,
+                    "minute": 52,
+                    "second": 12,
+                    "microsecond": 981000
+                },
+                "PreferredBackupWindow": "03:40-04:10",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-480-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:07:49-tue:08:19",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-6L7MNHMTJ4XPQ5GMDEBBNPATYA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-480-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-480-oracle_trace_files_public"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..8ad472d4c
--- /dev/null
+++ b/tests/ecc-aws-480-oracle_trace_files_public/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "_trace_files_public",
+                "ParameterValue": "TRUE",
+                "Description": "Create publicly accessible trace files",
+                "Source": "user",
+                "ApplyType": "static",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-480-oracle_trace_files_public/red_policy_test.py b/tests/ecc-aws-480-oracle_trace_files_public/red_policy_test.py
new file mode 100644
index 000000000..ef74b1b67
--- /dev/null
+++ b/tests/ecc-aws-480-oracle_trace_files_public/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="_trace_files_public":
+              base_test.assertEqual(parameter['ParameterValue'], 'TRUE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..f0b7c2667
--- /dev/null
+++ b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-481-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "GREEN481",
+                "Endpoint": {
+                    "Address": "database-481-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 11,
+                    "hour": 12,
+                    "minute": 53,
+                    "second": 41,
+                    "microsecond": 854000
+                },
+                "PreferredBackupWindow": "08:57-09:27",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-481-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:06:32-sat:07:02",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-HRT3BZHE4QLKCNZ5RRQ6EKYMQY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-481-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-481-oracle_resource_limit_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..d343b3166
--- /dev/null
+++ b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "resource_limit",
+                "ParameterValue": "TRUE",
+                "Description": "master switch for resource limit",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..89890c809
--- /dev/null
+++ b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-481-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "oracle-ee",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "RED481",
+                "Endpoint": {
+                    "Address": "database-481-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 1521,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 11,
+                    "hour": 12,
+                    "minute": 55,
+                    "second": 7,
+                    "microsecond": 412000
+                },
+                "PreferredBackupWindow": "08:08-08:38",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-481-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:08:50-fri:09:20",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "12.1.0.2.v25",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "bring-your-own-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:oracle-ee-12-1",
+                        "Status": "in-sync"
+                    }
+                ],
+                "CharacterSetName": "AL32UTF8",
+                "NcharCharacterSetName": "AL16UTF16",
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-SFQEX5KQF5XAPETGS2K53DKM7Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-481-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-481-oracle_resource_limit_flag_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..6e09d6ae1
--- /dev/null
+++ b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "resource_limit",
+                "ParameterValue": "FALSE",
+                "Description": "master switch for resource limit",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "TRUE,FALSE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/red_policy_test.py b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/red_policy_test.py
new file mode 100644
index 000000000..b8aa59008
--- /dev/null
+++ b/tests/ecc-aws-481-oracle_resource_limit_flag_enabled/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "oracle-ee")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="resource_limit":
+              base_test.assertEqual(parameter['ParameterValue'], 'FALSE')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..617a708de
--- /dev/null
+++ b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,70 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-482-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 10,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 12,
+                    "microsecond": 871000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-08137cd7e984a088d",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "subnet-group-green",
+                    "ReplicationSubnetGroupDescription": "482_subnet_group_green",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-0416d4086612ad876",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-0a6fbf587e7317747",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:06:31-sat:07:01",
+                "PendingModifiedValues": {},
+                "MultiAZ": true,
+                "EngineVersion": "3.4.3",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:ITACAYO2QJ7TFBPZOTKFBCBZZMSZJITDABDO4BI",
+                "ReplicationInstancePrivateIpAddress": "10.0.2.49",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "10.0.2.49",
+                    "10.0.1.122"
+                ],
+                "PubliclyAccessible": false,
+                "SecondaryAvailabilityZone": "us-east-1a"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..5a2d67fb7
--- /dev/null
+++ b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-482-dms_multi_az_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..847006d26
--- /dev/null
+++ b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-482-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 10,
+                    "hour": 13,
+                    "minute": 24,
+                    "second": 23,
+                    "microsecond": 511000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "mon:12:33-mon:13:03",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.3",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:O37Q5PJB2FPNR6ITVCAY2MKRFICHKVIMBG2R6CY",
+                "ReplicationInstancePrivateIpAddress": "172.31.89.243",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.89.243"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..d8f8a4919
--- /dev/null
+++ b/tests/ecc-aws-482-dms_multi_az_enabled/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-482-dms_multi_az_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-482-dms_multi_az_enabled/red_policy_test.py b/tests/ecc-aws-482-dms_multi_az_enabled/red_policy_test.py
new file mode 100644
index 000000000..84e53714c
--- /dev/null
+++ b/tests/ecc-aws-482-dms_multi_az_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['MultiAZ'])
\ No newline at end of file
diff --git a/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/ec2.DescribeVolumes_1.json b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..59681ea75
--- /dev/null
+++ b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/ec2.DescribeVolumes_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 38,
+                    "second": 48,
+                    "microsecond": 60000
+                },
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d2d582a6-bd6d-4fe5-b70b-578c18df007b",
+                "Size": 5,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-04e8fbe64e16f6c9d",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-487-ebs_volume_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "487-ebs-volume-green"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..de9e91832
--- /dev/null
+++ b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/487-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/487-green",
+                "TargetKeyId": "d2d582a6-bd6d-4fe5-b70b-578c18df007b",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 38,
+                    "second": 47,
+                    "microsecond": 800000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 38,
+                    "second": 47,
+                    "microsecond": 800000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/ec2.DescribeVolumes_1.json b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..664e067b1
--- /dev/null
+++ b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/ec2.DescribeVolumes_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 12,
+                    "minute": 38,
+                    "second": 8,
+                    "microsecond": 964000
+                },
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d790d044-f208-4947-a2d3-8622db8d40b4",
+                "Size": 5,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-0d6e91f4d601cc2b5",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "Name",
+                        "Value": "487-ebs-volume-red"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-487-ebs_volume_encrypted_with_kms_cmk"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..b2a0f3a59
--- /dev/null
+++ b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/ebs",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/ebs",
+                "TargetKeyId": "d790d044-f208-4947-a2d3-8622db8d40b4",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 11,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 10,
+                    "microsecond": 281000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 11,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 10,
+                    "microsecond": 281000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..1a1ce2e28
--- /dev/null
+++ b/tests/ecc-aws-487-ebs_volume_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        kms = local_session.client("kms").list_aliases()["Aliases"][0]
+        base_test.assertEqual(kms['AliasName'], 'alias/aws/ebs')
\ No newline at end of file
diff --git a/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-green/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-green/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..0949b918d
--- /dev/null
+++ b/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-green/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "",
+                "Encrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d790d044-f208-4947-a2d3-8622db8d40b4",
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-0e21550e6d1c36a27",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 29,
+                    "hour": 12,
+                    "minute": 9,
+                    "second": 50,
+                    "microsecond": 757000
+                },
+                "State": "completed",
+                "VolumeId": "vol-04d0b73725dd0cb07",
+                "VolumeSize": 8,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-488-ebs_snapshot_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-red/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-red/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..c8f059178
--- /dev/null
+++ b/tests/ecc-aws-488-ebs_snapshot_encrypted/placebo-red/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "",
+                "Encrypted": false,
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-0c41856bb82129315",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 4,
+                    "day": 29,
+                    "hour": 12,
+                    "minute": 28,
+                    "second": 58,
+                    "microsecond": 597000
+                },
+                "State": "completed",
+                "VolumeId": "vol-0dd4472eca325be73",
+                "VolumeSize": 8,
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-488-ebs_snapshot_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-488-ebs_snapshot_encrypted/red_policy_test.py b/tests/ecc-aws-488-ebs_snapshot_encrypted/red_policy_test.py
new file mode 100644
index 000000000..024d9f09e
--- /dev/null
+++ b/tests/ecc-aws-488-ebs_snapshot_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Encrypted'])
\ No newline at end of file
diff --git a/tests/ecc-aws-489-unused_ebs_volumes/placebo-green/ec2.DescribeVolumes_1.json b/tests/ecc-aws-489-unused_ebs_volumes/placebo-green/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..80749cae3
--- /dev/null
+++ b/tests/ecc-aws-489-unused_ebs_volumes/placebo-green/ec2.DescribeVolumes_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [
+                    {
+                        "AttachTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 5,
+                            "day": 10,
+                            "hour": 11,
+                            "minute": 1,
+                            "second": 34,
+                            "microsecond": 0
+                        },
+                        "Device": "/dev/sdh",
+                        "InstanceId": "i-0e1c293a86f7252fa",
+                        "State": "attached",
+                        "VolumeId": "vol-0eae961b45e89549d",
+                        "DeleteOnTermination": false
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 10,
+                    "hour": 11,
+                    "minute": 0,
+                    "second": 50,
+                    "microsecond": 926000
+                },
+                "Encrypted": false,
+                "Size": 1,
+                "SnapshotId": "",
+                "State": "in-use",
+                "VolumeId": "vol-0eae961b45e89549d",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-489-unused_ebs_volumes"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "489-unused_ebs_volumes_green"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-489-unused_ebs_volumes/placebo-red/ec2.DescribeVolumes_1.json b/tests/ecc-aws-489-unused_ebs_volumes/placebo-red/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..203f89ac9
--- /dev/null
+++ b/tests/ecc-aws-489-unused_ebs_volumes/placebo-red/ec2.DescribeVolumes_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 10,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 59,
+                    "microsecond": 318000
+                },
+                "Encrypted": false,
+                "Size": 1,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-0fc93138234fd6974",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-489-unused_ebs_volumes"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "489-unused_ebs_volumes_red"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-489-unused_ebs_volumes/red_policy_test.py b/tests/ecc-aws-489-unused_ebs_volumes/red_policy_test.py
new file mode 100644
index 000000000..284c010b8
--- /dev/null
+++ b/tests/ecc-aws-489-unused_ebs_volumes/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Attachments'])
\ No newline at end of file
diff --git a/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..792acb29d
--- /dev/null
+++ b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,188 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-007868005aea67c54",
+                        "InstanceId": "i-0a4232c7b83eb907d",
+                        "InstanceType": "t2.micro",
+                        "KeyName": "490_key_pair_green",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 30,
+                            "hour": 11,
+                            "minute": 27,
+                            "second": 9,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-84-218.ec2.internal",
+                        "PrivateIpAddress": "172.31.84.218",
+                        "ProductCodes": [],
+                        "PublicDnsName": "",
+                        "State": {
+                            "Code": 80,
+                            "Name": "stopped"
+                        },
+                        "StateTransitionReason": "User initiated (2023-01-30 11:27:42 GMT)",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 30,
+                                        "hour": 11,
+                                        "minute": 27,
+                                        "second": 10,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0b011749864434073"
+                                }
+                            }
+                        ],
+                        "ClientToken": "terraform-20230130112708609200000001",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 30,
+                                        "hour": 11,
+                                        "minute": 27,
+                                        "second": 9,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0c951658b7522a260",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:a5:56:f3:8d:91",
+                                "NetworkInterfaceId": "eni-06e2f1de81e6ea75d",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-84-218.ec2.internal",
+                                "PrivateIpAddress": "172.31.84.218",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-84-218.ec2.internal",
+                                        "PrivateIpAddress": "172.31.84.218"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "StateReason": {
+                            "Code": "Client.UserInitiatedShutdown",
+                            "Message": "Client.UserInitiatedShutdown: User initiated shutdown"
+                        },
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "490_instance_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-490-unused_ec2_access_keys"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled",
+                            "HttpProtocolIpv6": "disabled",
+                            "InstanceMetadataTags": "disabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        },
+                        "PlatformDetails": "Linux/UNIX",
+                        "UsageOperation": "RunInstances",
+                        "UsageOperationUpdateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 30,
+                            "hour": 11,
+                            "minute": 27,
+                            "second": 9,
+                            "microsecond": 0
+                        },
+                        "PrivateDnsNameOptions": {
+                            "HostnameType": "ip-name",
+                            "EnableResourceNameDnsARecord": false,
+                            "EnableResourceNameDnsAAAARecord": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-06961491b495472e2"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..e3ee29f26
--- /dev/null
+++ b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-green/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [
+            {
+                "KeyPairId": "key-0fca51e80f9141258",
+                "KeyFingerprint": "96:1f:0b:38:82:1a:c7:74:16:02:c5:a0:2d:a2:b6:ec",
+                "KeyName": "490_key_pair_green",
+                "KeyType": "rsa",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-490-unused_ec2_access_keys"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..2329fd365
--- /dev/null
+++ b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-02c123e4776d323d0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..f0a0fc6eb
--- /dev/null
+++ b/tests/ecc-aws-490-unused_ec2_access_keys/placebo-red/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [
+            {
+                "KeyPairId": "key-00d4788b8e7ac672e",
+                "KeyFingerprint": "43:db:a7:9c:b5:bd:92:ac:08:7a:74:e9:c8:74:17:05",
+                "KeyName": "490_key_pair_red",
+                "KeyType": "rsa",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-490-unused_ec2_access_keys"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-490-unused_ec2_access_keys/red_policy_test.py b/tests/ecc-aws-490-unused_ec2_access_keys/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-490-unused_ec2_access_keys/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..e357ea1d3
--- /dev/null
+++ b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-492-green",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green492",
+                "Endpoint": {
+                    "Address": "database-492-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 48,
+                    "second": 44,
+                    "microsecond": 680000
+                },
+                "PreferredBackupWindow": "07:19-07:49",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-492-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:08:51-sun:09:21",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "8.0.28",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-8-0",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-IPGMSNTIE3J2YAQEQ5OWOF4Y6Y",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-492-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..96ef069d9
--- /dev/null
+++ b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sql_mode",
+                "ParameterValue": "ALLOW_INVALID_DATES,STRICT_ALL_TABLES,IGNORE_SPACE",
+                "Description": "Current SQL Server Mode.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "list",
+                "AllowedValues": "ALLOW_INVALID_DATES,ANSI_QUOTES,ERROR_FOR_DIVISION_BY_ZERO,HIGH_NOT_PRECEDENCE,IGNORE_SPACE,NO_AUTO_VALUE_ON_ZERO,NO_BACKSLASH_ESCAPES,NO_DIR_IN_CREATE,NO_ENGINE_SUBSTITUTION,NO_UNSIGNED_SUBTRACTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY,PAD_CHAR_TO_FULL_LENGTH,PIPES_AS_CONCAT,REAL_AS_FLOAT,STRICT_ALL_TABLES,STRICT_TRANS_TABLES,ANSI,TRADITIONAL",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..1fb8ca6f7
--- /dev/null
+++ b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-492-red",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "modifying",
+                "MasterUsername": "root",
+                "DBName": "red492",
+                "Endpoint": {
+                    "Address": "database-492-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 18,
+                    "second": 12,
+                    "microsecond": 284000
+                },
+                "PreferredBackupWindow": "03:53-04:23",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-492-red",
+                        "ParameterApplyStatus": "applying"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:03:18-sat:03:48",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "8.0.28",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-8-0",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-VJXITAJTFMJ7D2PVK5SAOOPJOU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:database-492-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..eb42eb703
--- /dev/null
+++ b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "sql_mode",
+                "ParameterValue": "NO_BACKSLASH_ESCAPES",
+                "Description": "Current SQL Server Mode.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "list",
+                "AllowedValues": "ALLOW_INVALID_DATES,ANSI_QUOTES,ERROR_FOR_DIVISION_BY_ZERO,HIGH_NOT_PRECEDENCE,IGNORE_SPACE,NO_AUTO_VALUE_ON_ZERO,NO_BACKSLASH_ESCAPES,NO_DIR_IN_CREATE,NO_ENGINE_SUBSTITUTION,NO_UNSIGNED_SUBTRACTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY,PAD_CHAR_TO_FULL_LENGTH,PIPES_AS_CONCAT,REAL_AS_FLOAT,STRICT_ALL_TABLES,STRICT_TRANS_TABLES,ANSI,TRADITIONAL",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red_policy_test.py b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red_policy_test.py
new file mode 100644
index 000000000..c9d0e591d
--- /dev/null
+++ b/tests/ecc-aws-492-mysql_sql_mode_flag_contains_strict_all_tables/red_policy_test.py
@@ -0,0 +1,18 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "mysql")
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="sql_mode":
+              base_test.assertEqual(parameter['ParameterValue'], 'NO_BACKSLASH_ESCAPES')
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/green_policy_test.py b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/green_policy_test.py
new file mode 100644
index 000000000..07abc7151
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2022, 6, 7
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/workspaces.DescribeWorkspaceImages_1.json b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/workspaces.DescribeWorkspaceImages_1.json
new file mode 100644
index 000000000..77fc4e35f
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-green/workspaces.DescribeWorkspaceImages_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "ImageId": "wsi-wtp207q3f",
+                "Name": "493_workspace_image_green",
+                "Description": "493_workspace_image_green",
+                "OperatingSystem": {
+                    "Type": "LINUX"
+                },
+                "State": "PENDING",
+                "RequiredTenancy": "DEFAULT",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 18,
+                    "minute": 10,
+                    "second": 43,
+                    "microsecond": 35000
+                },
+                "OwnerAccountId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/workspaces.DescribeWorkspaceImages_1.json b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/workspaces.DescribeWorkspaceImages_1.json
new file mode 100644
index 000000000..5b9e6823f
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/placebo-red/workspaces.DescribeWorkspaceImages_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "ImageId": "wsi-wtp207q3f",
+                "Name": "493_workspace_image_red",
+                "Description": "493_workspace_image_red",
+                "OperatingSystem": {
+                    "Type": "LINUX"
+                },
+                "State": "PENDING",
+                "RequiredTenancy": "DEFAULT",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 18,
+                    "minute": 10,
+                    "second": 43,
+                    "microsecond": 35000
+                },
+                "OwnerAccountId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/red_policy_test.py b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/red_policy_test.py
new file mode 100644
index 000000000..8d16d4ce4
--- /dev/null
+++ b/tests/ecc-aws-493-workspaces_images_not_older_than_90_days/red_policy_test.py
@@ -0,0 +1,11 @@
+from datetime import datetime, timedelta
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+
+        LastAccessedDate=datetime.fromisoformat(str(resources[0]['Created']))
+        time_now=datetime.fromisoformat('2022-05-06T02:00:00+00:00')
+        datatime90ago=time_now-timedelta(days=90)
+        base_test.assertFalse(LastAccessedDate>datatime90ago)
diff --git a/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f4261ffd0
--- /dev/null
+++ b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:directory/d-90674b7222",
+                "Tags": [
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-494-workspaces_web_access_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
new file mode 100644
index 000000000..9579e382c
--- /dev/null
+++ b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "Directories": [
+            {
+                "DirectoryId": "d-90674b7222",
+                "Alias": "d-90674b7222",
+                "DirectoryName": "workspaces.example.com",
+                "RegistrationCode": "SLiad+8FFLEB",
+                "SubnetIds": [
+                    "subnet-0035427bfbdccb158",
+                    "subnet-03ca90690d1c151dc"
+                ],
+                "DnsIpAddresses": [
+                    "10.0.1.175",
+                    "10.0.2.165"
+                ],
+                "CustomerUserName": "Administrator",
+                "IamRoleId": "arn:aws:iam::111111111111:role/workspaces_DefaultRole",
+                "DirectoryType": "MicrosoftAD",
+                "WorkspaceSecurityGroupId": "sg-06c533c8f4105f4f1",
+                "State": "REGISTERED",
+                "WorkspaceCreationProperties": {
+                    "EnableWorkDocs": false,
+                    "EnableInternetAccess": true,
+                    "UserEnabledAsLocalAdministrator": true,
+                    "EnableMaintenanceMode": true
+                },
+                "WorkspaceAccessProperties": {
+                    "DeviceTypeWindows": "ALLOW",
+                    "DeviceTypeOsx": "ALLOW",
+                    "DeviceTypeWeb": "DENY",
+                    "DeviceTypeIos": "ALLOW",
+                    "DeviceTypeAndroid": "ALLOW",
+                    "DeviceTypeChromeOs": "ALLOW",
+                    "DeviceTypeZeroClient": "ALLOW",
+                    "DeviceTypeLinux": "DENY"
+                },
+                "Tenancy": "SHARED",
+                "SelfservicePermissions": {
+                    "RestartWorkspace": "ENABLED",
+                    "IncreaseVolumeSize": "DISABLED",
+                    "ChangeComputeType": "DISABLED",
+                    "SwitchRunningMode": "DISABLED",
+                    "RebuildWorkspace": "DISABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..7861de5a2
--- /dev/null
+++ b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:directory/d-90674b7222",
+                "Tags": [
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-494-workspaces_web_access_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
new file mode 100644
index 000000000..c45ffb15e
--- /dev/null
+++ b/tests/ecc-aws-494-workspaces_web_access_disabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "Directories": [
+            {
+                "DirectoryId": "d-90674b7222",
+                "Alias": "d-90674b7222",
+                "DirectoryName": "workspaces.example.com",
+                "RegistrationCode": "SLiad+8FFLEB",
+                "SubnetIds": [
+                    "subnet-0035427bfbdccb158",
+                    "subnet-03ca90690d1c151dc"
+                ],
+                "DnsIpAddresses": [
+                    "10.0.1.175",
+                    "10.0.2.165"
+                ],
+                "CustomerUserName": "Administrator",
+                "IamRoleId": "arn:aws:iam::111111111111:role/workspaces_DefaultRole",
+                "DirectoryType": "MicrosoftAD",
+                "WorkspaceSecurityGroupId": "sg-06c533c8f4105f4f1",
+                "State": "REGISTERED",
+                "WorkspaceCreationProperties": {
+                    "EnableWorkDocs": false,
+                    "EnableInternetAccess": true,
+                    "UserEnabledAsLocalAdministrator": true,
+                    "EnableMaintenanceMode": true
+                },
+                "WorkspaceAccessProperties": {
+                    "DeviceTypeWindows": "ALLOW",
+                    "DeviceTypeOsx": "ALLOW",
+                    "DeviceTypeWeb": "ALLOW",
+                    "DeviceTypeIos": "ALLOW",
+                    "DeviceTypeAndroid": "ALLOW",
+                    "DeviceTypeChromeOs": "ALLOW",
+                    "DeviceTypeZeroClient": "ALLOW",
+                    "DeviceTypeLinux": "DENY"
+                },
+                "Tenancy": "SHARED",
+                "SelfservicePermissions": {
+                    "RestartWorkspace": "ENABLED",
+                    "IncreaseVolumeSize": "DISABLED",
+                    "ChangeComputeType": "DISABLED",
+                    "SwitchRunningMode": "DISABLED",
+                    "RebuildWorkspace": "DISABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-494-workspaces_web_access_disabled/red_policy_test.py b/tests/ecc-aws-494-workspaces_web_access_disabled/red_policy_test.py
new file mode 100644
index 000000000..ebf8fe7a8
--- /dev/null
+++ b/tests/ecc-aws-494-workspaces_web_access_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['WorkspaceAccessProperties']['DeviceTypeWeb'],"ALLOW")
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..349eb2d24
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 14,
+                    "minute": 18,
+                    "second": 32,
+                    "microsecond": 818000
+                },
+                "FileSystemId": "fs-0e6e727c7f8f39ae4",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "CREATING",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-0be80c5b3411b7b8e"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0ddd566aef2fea365",
+                    "eni-0d96aad9b693b1272"
+                ],
+                "DNSName": "fs-0e6e727c7f8f39ae4.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/af354f6b-2244-43ef-94dc-d728a40d1396",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0e6e727c7f8f39ae4",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "495_fsx_ontap_file_system_green"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "3:07:30",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "bx557bmv",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..e29207b76
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "af354f6b-2244-43ef-94dc-d728a40d1396",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/af354f6b-2244-43ef-94dc-d728a40d1396",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 1,
+                "day": 14,
+                "hour": 14,
+                "minute": 8,
+                "second": 44,
+                "microsecond": 819000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt FSx",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..dea8e5846
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/495-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/495-green",
+                "TargetKeyId": "af354f6b-2244-43ef-94dc-d728a40d1396",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 14,
+                    "minute": 8,
+                    "second": 55,
+                    "microsecond": 468000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 14,
+                    "minute": 8,
+                    "second": 55,
+                    "microsecond": 468000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..3988db802
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/af354f6b-2244-43ef-94dc-d728a40d1396",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..221edb63c
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 13,
+                    "minute": 9,
+                    "second": 12,
+                    "microsecond": 151000
+                },
+                "FileSystemId": "fs-0c5c4adce0912a580",
+                "FileSystemType": "ONTAP",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 1024,
+                "StorageType": "SSD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-002fc0f883c0ba578",
+                    "subnet-065145625125676be"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0f9e40ae38a3e7c30",
+                    "eni-0e0d50737d676d0b9"
+                ],
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0c5c4adce0912a580",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..8d288d49b
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 12,
+                "day": 17,
+                "hour": 10,
+                "minute": 39,
+                "second": 30,
+                "microsecond": 375000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my FSx resources when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..def5972ab
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/fsx",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/fsx",
+                "TargetKeyId": "dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 39,
+                    "second": 30,
+                    "microsecond": 559000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 39,
+                    "second": 30,
+                    "microsecond": 559000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..297d34511
--- /dev/null
+++ b/tests/ecc-aws-495-fsx_all_types_of_file_systems_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        kms_client = local_session.client("kms")
+        key_id = resources[0]['KmsKeyId']
+        key_manager = kms_client.describe_key(KeyId=key_id)['KeyMetadata']['KeyManager']
+        base_test.assertEqual(key_manager, 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.DescribeDeliveryStream_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.DescribeDeliveryStream_1.json
new file mode 100644
index 000000000..5bb3f472a
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.DescribeDeliveryStream_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryStreamDescription": {
+            "DeliveryStreamName": "496_kinesis_firehose_green",
+            "DeliveryStreamARN": "arn:aws:firehose:us-east-1:111111111111:deliverystream/496_kinesis_firehose_green",
+            "DeliveryStreamStatus": "ACTIVE",
+            "DeliveryStreamEncryptionConfiguration": {
+                "KeyType": "AWS_OWNED_CMK",
+                "Status": "ENABLED"
+            },
+            "DeliveryStreamType": "DirectPut",
+            "VersionId": "2",
+            "CreateTimestamp": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 19,
+                "hour": 9,
+                "minute": 51,
+                "second": 31,
+                "microsecond": 925000
+            },
+            "LastUpdateTimestamp": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 19,
+                "hour": 9,
+                "minute": 55,
+                "second": 11,
+                "microsecond": 394000
+            },
+            "Destinations": [
+                {
+                    "DestinationId": "destinationId-111111111111",
+                    "S3DestinationDescription": {
+                        "RoleARN": "arn:aws:iam::111111111111:role/496_firehose_role_green",
+                        "BucketARN": "arn:aws:s3:::496-s3-bucket-green",
+                        "Prefix": "",
+                        "BufferingHints": {
+                            "SizeInMBs": 5,
+                            "IntervalInSeconds": 300
+                        },
+                        "CompressionFormat": "UNCOMPRESSED",
+                        "EncryptionConfiguration": {
+                            "NoEncryptionConfig": "NoEncryption"
+                        },
+                        "CloudWatchLoggingOptions": {
+                            "Enabled": false
+                        }
+                    },
+                    "ExtendedS3DestinationDescription": {
+                        "RoleARN": "arn:aws:iam::111111111111:role/496_firehose_role_green",
+                        "BucketARN": "arn:aws:s3:::496-s3-bucket-green",
+                        "Prefix": "",
+                        "BufferingHints": {
+                            "SizeInMBs": 5,
+                            "IntervalInSeconds": 300
+                        },
+                        "CompressionFormat": "UNCOMPRESSED",
+                        "EncryptionConfiguration": {
+                            "NoEncryptionConfig": "NoEncryption"
+                        },
+                        "CloudWatchLoggingOptions": {
+                            "Enabled": false
+                        },
+                        "ProcessingConfiguration": {
+                            "Enabled": false,
+                            "Processors": []
+                        },
+                        "S3BackupMode": "Disabled",
+                        "DataFormatConversionConfiguration": {
+                            "Enabled": false
+                        }
+                    }
+                }
+            ],
+            "HasMoreDestinations": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.ListDeliveryStreams_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.ListDeliveryStreams_1.json
new file mode 100644
index 000000000..5cbf6da21
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/firehose.ListDeliveryStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryStreamNames": [
+            "496_kinesis_firehose_green"
+        ],
+        "HasMoreDeliveryStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..3d865675a
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:firehose:us-east-1:111111111111:deliverystream/496_kinesis_firehose_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.DescribeDeliveryStream_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.DescribeDeliveryStream_1.json
new file mode 100644
index 000000000..b4e74a111
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.DescribeDeliveryStream_1.json
@@ -0,0 +1,72 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryStreamDescription": {
+            "DeliveryStreamName": "496_kinesis_firehose_red",
+            "DeliveryStreamARN": "arn:aws:firehose:us-east-1:111111111111:deliverystream/496_kinesis_firehose_red",
+            "DeliveryStreamStatus": "ACTIVE",
+            "DeliveryStreamEncryptionConfiguration": {
+                "Status": "DISABLED"
+            },
+            "DeliveryStreamType": "DirectPut",
+            "VersionId": "1",
+            "CreateTimestamp": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 19,
+                "hour": 10,
+                "minute": 0,
+                "second": 9,
+                "microsecond": 709000
+            },
+            "Destinations": [
+                {
+                    "DestinationId": "destinationId-111111111111",
+                    "S3DestinationDescription": {
+                        "RoleARN": "arn:aws:iam::111111111111:role/496_firehose_role_red",
+                        "BucketARN": "arn:aws:s3:::496-s3-bucket-red",
+                        "Prefix": "",
+                        "BufferingHints": {
+                            "SizeInMBs": 5,
+                            "IntervalInSeconds": 300
+                        },
+                        "CompressionFormat": "UNCOMPRESSED",
+                        "EncryptionConfiguration": {
+                            "NoEncryptionConfig": "NoEncryption"
+                        },
+                        "CloudWatchLoggingOptions": {
+                            "Enabled": false
+                        }
+                    },
+                    "ExtendedS3DestinationDescription": {
+                        "RoleARN": "arn:aws:iam::111111111111:role/496_firehose_role_red",
+                        "BucketARN": "arn:aws:s3:::496-s3-bucket-red",
+                        "Prefix": "",
+                        "BufferingHints": {
+                            "SizeInMBs": 5,
+                            "IntervalInSeconds": 300
+                        },
+                        "CompressionFormat": "UNCOMPRESSED",
+                        "EncryptionConfiguration": {
+                            "NoEncryptionConfig": "NoEncryption"
+                        },
+                        "CloudWatchLoggingOptions": {
+                            "Enabled": false
+                        },
+                        "ProcessingConfiguration": {
+                            "Enabled": false,
+                            "Processors": []
+                        },
+                        "S3BackupMode": "Disabled",
+                        "DataFormatConversionConfiguration": {
+                            "Enabled": false
+                        }
+                    }
+                }
+            ],
+            "HasMoreDestinations": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.ListDeliveryStreams_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.ListDeliveryStreams_1.json
new file mode 100644
index 000000000..e8eefc339
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/firehose.ListDeliveryStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "DeliveryStreamNames": [
+            "496_kinesis_firehose_red"
+        ],
+        "HasMoreDeliveryStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..dc965f088
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:firehose:us-east-1:111111111111:deliverystream/496_kinesis_firehose_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red_policy_test.py b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red_policy_test.py
new file mode 100644
index 000000000..e226bb840
--- /dev/null
+++ b/tests/ecc-aws-496-kinesis_firehose_delivery_streams_encrypted_using_SSE/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DeliveryStreamEncryptionConfiguration']['Status'], 'DISABLED')
+
+
diff --git a/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..e887e4fe3
--- /dev/null
+++ b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "497_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:497_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/497_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-11-07T15:10:48.756+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "Active"
+                },
+                "RevisionId": "58d0a117-8c13-43ec-b656-de488d200e97",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..0fa2808ea
--- /dev/null
+++ b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:497_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-497-lambda_active_tracing_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..2a195d8e9
--- /dev/null
+++ b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "497_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:497_lambda_red",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/497_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-11-07T14:42:13.621+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "31f1b839-cdbf-4d92-9f3b-d8faa54268c6",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..034fd1493
--- /dev/null
+++ b/tests/ecc-aws-497-lambda_active_tracing_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:497_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-497-lambda_active_tracing_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-497-lambda_active_tracing_enabled/red_policy_test.py b/tests/ecc-aws-497-lambda_active_tracing_enabled/red_policy_test.py
new file mode 100644
index 000000000..065d9082d
--- /dev/null
+++ b/tests/ecc-aws-497-lambda_active_tracing_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['TracingConfig']['Mode'], "PassThrough")
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.DescribeEndpointConfig_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.DescribeEndpointConfig_1.json
new file mode 100644
index 000000000..c59b18743
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.DescribeEndpointConfig_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "EndpointConfigName": "499-endpoint-configuration-green",
+        "EndpointConfigArn": "arn:aws:sagemaker:us-east-1:111111111111:endpoint-config/499-endpoint-configuration-green",
+        "ProductionVariants": [
+            {
+                "VariantName": "499-variant-green",
+                "ModelName": "sagemaker-model-499-green",
+                "InitialInstanceCount": 1,
+                "InstanceType": "ml.t2.medium",
+                "InitialVariantWeight": 1.0
+            }
+        ],
+        "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/14319b4b-1850-408d-9c80-0cfee9f1b275",
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 18,
+            "hour": 12,
+            "minute": 29,
+            "second": 57,
+            "microsecond": 997000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListEndpointConfigs_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListEndpointConfigs_1.json
new file mode 100644
index 000000000..9994d5559
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListEndpointConfigs_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "EndpointConfigs": [
+            {
+                "EndpointConfigName": "499-endpoint-configuration-green",
+                "EndpointConfigArn": "arn:aws:sagemaker:us-east-1:111111111111:endpoint-config/499-endpoint-configuration-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 57,
+                    "microsecond": 997000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..9052ac2db
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-499-sagemaker_endpoint_configuration_encrypted"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..91a326b4b
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "14319b4b-1850-408d-9c80-0cfee9f1b275",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/14319b4b-1850-408d-9c80-0cfee9f1b275",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 18,
+                "hour": 12,
+                "minute": 29,
+                "second": 47,
+                "microsecond": 251000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt Sagemaker",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..0b3847c02
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/499-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/499-green",
+                "TargetKeyId": "14319b4b-1850-408d-9c80-0cfee9f1b275",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 51,
+                    "microsecond": 549000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 51,
+                    "microsecond": 549000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..036b642d4
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/14319b4b-1850-408d-9c80-0cfee9f1b275",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-499-sagemaker_endpoint_configuration_encrypted"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.DescribeEndpointConfig_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.DescribeEndpointConfig_1.json
new file mode 100644
index 000000000..4baed86f8
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.DescribeEndpointConfig_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "EndpointConfigName": "499-endpoint-configuration-red",
+        "EndpointConfigArn": "arn:aws:sagemaker:us-east-1:111111111111:endpoint-config/499-endpoint-configuration-red",
+        "ProductionVariants": [
+            {
+                "VariantName": "499-variant-red",
+                "ModelName": "sagemaker-model-499-red",
+                "InitialInstanceCount": 1,
+                "InstanceType": "ml.t2.medium",
+                "InitialVariantWeight": 1.0
+            }
+        ],
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 18,
+            "hour": 12,
+            "minute": 27,
+            "second": 12,
+            "microsecond": 613000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListEndpointConfigs_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListEndpointConfigs_1.json
new file mode 100644
index 000000000..091bfe045
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListEndpointConfigs_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "EndpointConfigs": [
+            {
+                "EndpointConfigName": "499-endpoint-configuration-red",
+                "EndpointConfigArn": "arn:aws:sagemaker:us-east-1:111111111111:endpoint-config/499-endpoint-configuration-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 12,
+                    "minute": 27,
+                    "second": 12,
+                    "microsecond": 613000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..c0390fe35
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-499-sagemaker_endpoint_configuration_encrypted"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red_policy_test.py b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red_policy_test.py
new file mode 100644
index 000000000..90bbf2fde
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsKeyId', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..780ee0357
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "99222bcf-f5ab-49ee-a01a-2c89b05a60ce",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/99222bcf-f5ab-49ee-a01a-2c89b05a60ce",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 1,
+                "hour": 13,
+                "minute": 15,
+                "second": 36,
+                "microsecond": 296000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt Lambda Variables",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..4155eace7
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/500-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/500-green",
+                "TargetKeyId": "99222bcf-f5ab-49ee-a01a-2c89b05a60ce",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 1,
+                    "hour": 13,
+                    "minute": 15,
+                    "second": 49,
+                    "microsecond": 598000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 1,
+                    "hour": 13,
+                    "minute": 15,
+                    "second": 49,
+                    "microsecond": 598000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..17e0e7fc7
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "500_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:500_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/500_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-07-01T13:15:49.645+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "Environment": {
+                    "Variables": {
+                        "foo": "bar"
+                    }
+                },
+                "KMSKeyArn": "arn:aws:kms:us-east-1:111111111111:key/99222bcf-f5ab-49ee-a01a-2c89b05a60ce",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "b5391f4c-5680-4b23-893e-c9bb2f88f66e",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8aa6fbcba
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:500_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-500-lambda_variables_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..6b33f4e8b
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {},
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..d59ae8471
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/lambda",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/lambda",
+                "TargetKeyId": "faaf1764-ee12-4b85-b185-46202b1a87e8",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 4,
+                    "microsecond": 435000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 4,
+                    "microsecond": 435000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..8786ec3d7
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "500_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:500_lambda_red",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/500_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-07-01T13:17:48.007+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "Environment": {
+                    "Variables": {
+                        "foo": "bar"
+                    }
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "c7379517-55c5-4b13-9724-2d0bd48163ae",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..5a158ee1f
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:500_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-500-lambda_variables_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..3e32528fd
--- /dev/null
+++ b/tests/ecc-aws-500-lambda_variables_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KMSKeyArn', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..98eebb3d2
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/501-sagemaker-notebook-instance-green",
+        "NotebookInstanceName": "501-sagemaker-notebook-instance-green",
+        "NotebookInstanceStatus": "InService",
+        "Url": "501-sagemaker-notebook-instance-green.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/501_role_green",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 19,
+            "hour": 8,
+            "minute": 50,
+            "second": 20,
+            "microsecond": 585000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 19,
+            "hour": 8,
+            "minute": 45,
+            "second": 7,
+            "microsecond": 67000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Disabled",
+        "PlatformIdentifier": "notebook-al1-v1",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..63e60ef44
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "501-sagemaker-notebook-instance-green",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/501-sagemaker-notebook-instance-green",
+                "NotebookInstanceStatus": "InService",
+                "Url": "501-sagemaker-notebook-instance-green.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 45,
+                    "second": 7,
+                    "microsecond": 67000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 50,
+                    "second": 20,
+                    "microsecond": 585000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..e507a7fde
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-501-sagemaker_instance_root_disabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..18274f649
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/501-sagemaker-notebook-instance-red",
+        "NotebookInstanceName": "501-sagemaker-notebook-instance-red",
+        "NotebookInstanceStatus": "InService",
+        "Url": "501-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/501_role_red",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 19,
+            "hour": 9,
+            "minute": 18,
+            "second": 8,
+            "microsecond": 460000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 19,
+            "hour": 9,
+            "minute": 15,
+            "second": 3,
+            "microsecond": 852000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al1-v1",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..94c639bcb
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "501-sagemaker-notebook-instance-red",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/501-sagemaker-notebook-instance-red",
+                "NotebookInstanceStatus": "InService",
+                "Url": "501-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 15,
+                    "second": 3,
+                    "microsecond": 852000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 18,
+                    "second": 8,
+                    "microsecond": 460000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..618cf7bdd
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-501-sagemaker_instance_root_disabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-501-sagemaker_instance_root_disabled/red_policy_test.py b/tests/ecc-aws-501-sagemaker_instance_root_disabled/red_policy_test.py
new file mode 100644
index 000000000..3d7e3536d
--- /dev/null
+++ b/tests/ecc-aws-501-sagemaker_instance_root_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['RootAccess'], "Enabled")
\ No newline at end of file
diff --git a/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..4356d1033
--- /dev/null
+++ b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": true,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-502-green:b-4a3b8bee-616c-4df7-9869-05ad75627af3",
+        "BrokerId": "b-4a3b8bee-616c-4df7-9869-05ad75627af3",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-4a3b8bee-616c-4df7-9869-05ad75627af3-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.83.210"
+            }
+        ],
+        "BrokerName": "mq-broker-502-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 6,
+            "day": 10,
+            "hour": 8,
+            "minute": 27,
+            "second": 9,
+            "microsecond": 244000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-4a3b8bee-616c-4df7-9869-05ad75627af3/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-4a3b8bee-616c-4df7-9869-05ad75627af3/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "22:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-cd7af8ec"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-502-mq_brocker_auto_minor_version_upgrade_enabled",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..40811eb77
--- /dev/null
+++ b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-502-green:b-4a3b8bee-616c-4df7-9869-05ad75627af3",
+                "BrokerId": "b-4a3b8bee-616c-4df7-9869-05ad75627af3",
+                "BrokerName": "mq-broker-502-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 10,
+                    "hour": 8,
+                    "minute": 27,
+                    "second": 9,
+                    "microsecond": 244000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..db60a75e7
--- /dev/null
+++ b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-502-red:b-11770e45-f1df-483e-8ea5-9dfda5f578b9",
+        "BrokerId": "b-11770e45-f1df-483e-8ea5-9dfda5f578b9",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-11770e45-f1df-483e-8ea5-9dfda5f578b9-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.13.168"
+            }
+        ],
+        "BrokerName": "mq-broker-502-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 6,
+            "day": 10,
+            "hour": 8,
+            "minute": 41,
+            "second": 31,
+            "microsecond": 583000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-11770e45-f1df-483e-8ea5-9dfda5f578b9/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-11770e45-f1df-483e-8ea5-9dfda5f578b9/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "WEDNESDAY",
+            "TimeOfDay": "20:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-b045c2d6"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-502-mq_brocker_auto_minor_version_upgrade_enabled",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..458b2c0cb
--- /dev/null
+++ b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-502-red:b-11770e45-f1df-483e-8ea5-9dfda5f578b9",
+                "BrokerId": "b-11770e45-f1df-483e-8ea5-9dfda5f578b9",
+                "BrokerName": "mq-broker-502-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 10,
+                    "hour": 8,
+                    "minute": 41,
+                    "second": 31,
+                    "microsecond": 583000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red_policy_test.py b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red_policy_test.py
new file mode 100644
index 000000000..94ab24e94
--- /dev/null
+++ b/tests/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AutoMinorVersionUpgrade'])
\ No newline at end of file
diff --git a/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..7d37d3481
--- /dev/null
+++ b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-503-green:b-4bf8ed93-f06d-4bea-a05e-667da3923fb6",
+        "BrokerId": "b-4bf8ed93-f06d-4bea-a05e-667da3923fb6",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-4bf8ed93-f06d-4bea-a05e-667da3923fb6-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.22.180"
+            }
+        ],
+        "BrokerName": "mq-broker-503-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 6,
+            "hour": 7,
+            "minute": 45,
+            "second": 17,
+            "microsecond": 282000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": true,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-4bf8ed93-f06d-4bea-a05e-667da3923fb6/audit",
+            "General": true,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-4bf8ed93-f06d-4bea-a05e-667da3923fb6/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "22:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-fa9dcab7"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-503-mq_broker_logging_enabled",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..6670fecc3
--- /dev/null
+++ b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-503-green:b-4bf8ed93-f06d-4bea-a05e-667da3923fb6",
+                "BrokerId": "b-4bf8ed93-f06d-4bea-a05e-667da3923fb6",
+                "BrokerName": "mq-broker-503-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 7,
+                    "minute": 45,
+                    "second": 17,
+                    "microsecond": 282000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..8f0d9d082
--- /dev/null
+++ b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-503-red:b-27cea85d-a028-405a-925f-755e4ba36285",
+        "BrokerId": "b-27cea85d-a028-405a-925f-755e4ba36285",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-27cea85d-a028-405a-925f-755e4ba36285-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.12.233"
+            }
+        ],
+        "BrokerName": "mq-broker-503-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 6,
+            "hour": 8,
+            "minute": 26,
+            "second": 23,
+            "microsecond": 631000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-27cea85d-a028-405a-925f-755e4ba36285/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-27cea85d-a028-405a-925f-755e4ba36285/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "21:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-b045c2d6"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-503-mq_broker_logging_enabled",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..c37f7c633
--- /dev/null
+++ b/tests/ecc-aws-503-mq_broker_logging_enabled/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-503-red:b-27cea85d-a028-405a-925f-755e4ba36285",
+                "BrokerId": "b-27cea85d-a028-405a-925f-755e4ba36285",
+                "BrokerName": "mq-broker-503-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 8,
+                    "minute": 26,
+                    "second": 23,
+                    "microsecond": 631000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-503-mq_broker_logging_enabled/red_policy_test.py b/tests/ecc-aws-503-mq_broker_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..285ee92d1
--- /dev/null
+++ b/tests/ecc-aws-503-mq_broker_logging_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Logs']['Audit'])
+        base_test.assertFalse(resources[0]['Logs']['General'])
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.DescribeModel_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.DescribeModel_1.json
new file mode 100644
index 000000000..ea4f09fc8
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.DescribeModel_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ModelName": "sagemaker-model-504-green",
+        "PrimaryContainer": {
+            "Image": "111111111111.dkr.ecr.us-east-1.amazonaws.com/kmeans:1",
+            "Mode": "SingleModel",
+            "Environment": {}
+        },
+        "ExecutionRoleArn": "arn:aws:iam::111111111111:role/terraform-20220518072534568600000001",
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 18,
+            "hour": 7,
+            "minute": 25,
+            "second": 43,
+            "microsecond": 351000
+        },
+        "ModelArn": "arn:aws:sagemaker:us-east-1:111111111111:model/sagemaker-model-504-green",
+        "EnableNetworkIsolation": true,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListModels_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListModels_1.json
new file mode 100644
index 000000000..e99410dbe
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListModels_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Models": [
+            {
+                "ModelName": "sagemaker-model-504-green",
+                "ModelArn": "arn:aws:sagemaker:us-east-1:111111111111:model/sagemaker-model-504-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 25,
+                    "second": 43,
+                    "microsecond": 351000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..9caa8fd52
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-504-sagemaker_network_isolation_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.DescribeModel_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.DescribeModel_1.json
new file mode 100644
index 000000000..9050279dc
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.DescribeModel_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ModelName": "sagemaker-model-504-red",
+        "PrimaryContainer": {
+            "Image": "111111111111.dkr.ecr.us-east-1.amazonaws.com/kmeans:1",
+            "Mode": "SingleModel",
+            "Environment": {}
+        },
+        "ExecutionRoleArn": "arn:aws:iam::111111111111:role/terraform-20220518072933971300000001",
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 5,
+            "day": 18,
+            "hour": 7,
+            "minute": 29,
+            "second": 41,
+            "microsecond": 979000
+        },
+        "ModelArn": "arn:aws:sagemaker:us-east-1:111111111111:model/sagemaker-model-504-red",
+        "EnableNetworkIsolation": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListModels_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListModels_1.json
new file mode 100644
index 000000000..826b75770
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListModels_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Models": [
+            {
+                "ModelName": "sagemaker-model-504-red",
+                "ModelArn": "arn:aws:sagemaker:us-east-1:111111111111:model/sagemaker-model-504-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 7,
+                    "minute": 29,
+                    "second": 41,
+                    "microsecond": 979000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..4bca4987c
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-504-sagemaker_network_isolation_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-504-sagemaker_network_isolation_enabled/red_policy_test.py b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/red_policy_test.py
new file mode 100644
index 000000000..42bf467b4
--- /dev/null
+++ b/tests/ecc-aws-504-sagemaker_network_isolation_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['EnableNetworkIsolation'])
\ No newline at end of file
diff --git a/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListDomains_1.json b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..97a86d5dd
--- /dev/null
+++ b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": true,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListDomains_1.json b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..f61b1637b
--- /dev/null
+++ b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/red_policy_test.py b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/red_policy_test.py
new file mode 100644
index 000000000..cd2e74ff0
--- /dev/null
+++ b/tests/ecc-aws-505-route53_domain_automatic_renewal_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['AutoRenew'], False)
+
diff --git a/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..d890b263a
--- /dev/null
+++ b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-506-green:b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc",
+        "BrokerId": "b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.80.133"
+            }
+        ],
+        "BrokerName": "mq-broker-506-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 4,
+            "hour": 12,
+            "minute": 4,
+            "second": 14,
+            "microsecond": 362000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "WEDNESDAY",
+            "TimeOfDay": "19:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-cd7af8ec"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-506-mq_broker_not_publicly_accessible",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..e1c787a88
--- /dev/null
+++ b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-506-green:b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc",
+                "BrokerId": "b-e9b850b7-6eeb-42ce-b333-38c6c4b47ebc",
+                "BrokerName": "mq-broker-506-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 4,
+                    "hour": 12,
+                    "minute": 4,
+                    "second": 14,
+                    "microsecond": 362000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..1b596117d
--- /dev/null
+++ b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-506-red:b-6defee1a-5f5d-45c0-8713-d57166f68f2f",
+        "BrokerId": "b-6defee1a-5f5d-45c0-8713-d57166f68f2f",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-6defee1a-5f5d-45c0-8713-d57166f68f2f-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "54.225.214.189"
+            }
+        ],
+        "BrokerName": "mq-broker-506-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 4,
+            "hour": 12,
+            "minute": 9,
+            "second": 14,
+            "microsecond": 871000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-6defee1a-5f5d-45c0-8713-d57166f68f2f/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-6defee1a-5f5d-45c0-8713-d57166f68f2f/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "THURSDAY",
+            "TimeOfDay": "22:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": true,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-247c052a"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-506-mq_broker_not_publicly_accessible",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..caeee13cc
--- /dev/null
+++ b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-506-red:b-6defee1a-5f5d-45c0-8713-d57166f68f2f",
+                "BrokerId": "b-6defee1a-5f5d-45c0-8713-d57166f68f2f",
+                "BrokerName": "mq-broker-506-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 4,
+                    "hour": 12,
+                    "minute": 9,
+                    "second": 14,
+                    "microsecond": 871000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-506-mq_broker_not_publicly_accessible/red_policy_test.py b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/red_policy_test.py
new file mode 100644
index 000000000..6d5d8c040
--- /dev/null
+++ b/tests/ecc-aws-506-mq_broker_not_publicly_accessible/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['PubliclyAccessible'])
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/green_policy_test.py b/tests/ecc-aws-507-route53_domain_expires_in_30_days/green_policy_test.py
new file mode 100644
index 000000000..76b133d71
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2023, 1, 17
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListDomains_1.json b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..f61b1637b
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-green/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListDomains_1.json b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..34f34fec5
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 2,
+                    "day": 10,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/placebo-red/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-507-route53_domain_expires_in_30_days/red_policy_test.py b/tests/ecc-aws-507-route53_domain_expires_in_30_days/red_policy_test.py
new file mode 100644
index 000000000..87bf678f0
--- /dev/null
+++ b/tests/ecc-aws-507-route53_domain_expires_in_30_days/red_policy_test.py
@@ -0,0 +1,15 @@
+from datetime import datetime, timedelta
+
+class PolicyTest(object):
+
+    def mock_time(self):
+        return 2023, 2, 1
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+
+        ExparationDate=datetime.fromisoformat(str(resources[0]['Expiry']))
+        time_now = datetime.fromisoformat('2023-02-01 00:05:23.283+00:00')
+        base_test.assertTrue(ExparationDate>time_now)
+        datatimein30=time_now+timedelta(days=30)
+        base_test.assertTrue(ExparationDate<datatimein30)
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..14e63807d
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "508_security_group_green",
+                "IpPermissions": [
+                    {
+                        "FromPort": 8162,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 8162,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 61617,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 61617,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "Tags": [
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-508-mq_broker_open_to_all_ports_protocols"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..0b1ee3d64
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-508-green:b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343",
+        "BrokerId": "b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "52.72.141.136"
+            },
+            {
+                "ConsoleURL": "https://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343-2.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "34.233.139.251"
+            }
+        ],
+        "BrokerName": "mq-broker-508-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 2,
+            "day": 1,
+            "hour": 13,
+            "minute": 22,
+            "second": 47,
+            "microsecond": 217000
+        },
+        "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "THURSDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": true,
+        "SecurityGroups": [
+            "sg-063e315418dd6352f"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-062b82d7c1c53a981",
+            "subnet-0bc44118e5940d517"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-508-mq_broker_open_to_all_ports_protocols",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..8aa7e2348
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-508-green:b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343",
+                "BrokerId": "b-1bdd3c86-c4d9-4c23-a847-78a40d2a7343",
+                "BrokerName": "mq-broker-508-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 2,
+                    "day": 1,
+                    "hour": 13,
+                    "minute": 22,
+                    "second": 47,
+                    "microsecond": 217000
+                },
+                "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..fe82fee27
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "508_security_group_red",
+                "IpPermissions": [
+                    {
+                        "FromPort": 0,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.0.0/16"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 65535,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-508-mq_broker_open_to_all_ports_protocols"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..d5401e4d5
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-508-red:b-f231d914-c165-43f0-ab6b-1fe5755f6627",
+        "BrokerId": "b-f231d914-c165-43f0-ab6b-1fe5755f6627",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-f231d914-c165-43f0-ab6b-1fe5755f6627-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "3.215.62.148"
+            },
+            {
+                "ConsoleURL": "https://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-f231d914-c165-43f0-ab6b-1fe5755f6627-2.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "18.235.111.33"
+            }
+        ],
+        "BrokerName": "mq-broker-508-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 2,
+            "day": 1,
+            "hour": 12,
+            "minute": 29,
+            "second": 29,
+            "microsecond": 539000
+        },
+        "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-f231d914-c165-43f0-ab6b-1fe5755f6627/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-f231d914-c165-43f0-ab6b-1fe5755f6627/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "WEDNESDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": true,
+        "SecurityGroups": [
+            "sg-00735cb790c715177"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-093cc719f2be4c56a",
+            "subnet-0e9add767762f81a4"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-508-mq_broker_open_to_all_ports_protocols",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..e70892abb
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-508-red:b-f231d914-c165-43f0-ab6b-1fe5755f6627",
+                "BrokerId": "b-f231d914-c165-43f0-ab6b-1fe5755f6627",
+                "BrokerName": "mq-broker-508-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 2,
+                    "day": 1,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 29,
+                    "microsecond": 539000
+                },
+                "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red_policy_test.py b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red_policy_test.py
new file mode 100644
index 000000000..f12e0e338
--- /dev/null
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        ec2_client = local_session.client("ec2")
+        security_goups = ec2_client.describe_security_groups(GroupIds=resources[0]["SecurityGroups"][0].split())
+        base_test.assertNotEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["FromPort"], "8162")
+        base_test.assertNotEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["ToPort"], "8162")
\ No newline at end of file
diff --git a/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListHostedZones_1.json b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListHostedZones_1.json
new file mode 100644
index 000000000..f855a5e14
--- /dev/null
+++ b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListHostedZones_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "HostedZones": [
+            {
+                "Id": "/hostedzone/ASASASASASASAS",
+                "Name": "510-route53-zone.rule.",
+                "CallerReference": "terraform-20230119105637457300000001",
+                "Config": {
+                    "Comment": "Managed by Terraform",
+                    "PrivateZone": false
+                },
+                "ResourceRecordSetCount": 6
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListResourceRecordSets_1.json b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListResourceRecordSets_1.json
new file mode 100644
index 000000000..658f8e2cc
--- /dev/null
+++ b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-green/route53.ListResourceRecordSets_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ResourceRecordSets": [
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "A",
+                "AliasTarget": {
+                    "HostedZoneId": "ASASASASASASAS",
+                    "DNSName": "s3-website-us-east-1.amazonaws.com.",
+                    "EvaluateTargetHealth": false
+                }
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "AAAA",
+                "SetIdentifier": "510_record_green",
+                "Weight": 200,
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "1111::1111"
+                    }
+                ],
+                "HealthCheckId": "a759badc-2e6b-44bf-a214-6717e4071e9c"
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "MX",
+                "SetIdentifier": "510_record_green",
+                "GeoLocation": {
+                    "CountryCode": "UA"
+                },
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "10 mailhost1.example.com"
+                    }
+                ],
+                "HealthCheckId": "a759badc-2e6b-44bf-a214-6717e4071e9c"
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "NS",
+                "TTL": 172800,
+                "ResourceRecords": [
+                    {
+                        "Value": "ns-790.awsdns-34.net."
+                    },
+                    {
+                        "Value": "ns-1070.awsdns-05.org."
+                    },
+                    {
+                        "Value": "ns-106.awsdns-13.com."
+                    },
+                    {
+                        "Value": "ns-1921.awsdns-48.co.uk."
+                    }
+                ]
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "SOA",
+                "TTL": 900,
+                "ResourceRecords": [
+                    {
+                        "Value": "ns-790.awsdns-34.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
+                    }
+                ]
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListHostedZones_1.json b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListHostedZones_1.json
new file mode 100644
index 000000000..e32fa0130
--- /dev/null
+++ b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListHostedZones_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "HostedZones": [
+            {
+                "Id": "/hostedzone/ASASASASASASAS",
+                "Name": "509-route53-zone.rule.",
+                "CallerReference": "terraform-20230119105637457300000001",
+                "Config": {
+                    "Comment": "Managed by Terraform",
+                    "PrivateZone": false
+                },
+                "ResourceRecordSetCount": 3
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListResourceRecordSets_1.json b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListResourceRecordSets_1.json
new file mode 100644
index 000000000..48e9ce436
--- /dev/null
+++ b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/placebo-red/route53.ListResourceRecordSets_1.json
@@ -0,0 +1,53 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ResourceRecordSets": [
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "MX",
+                "SetIdentifier": "510_record_red",
+                "GeoLocation": {
+                    "CountryCode": "UA"
+                },
+                "TTL": 300,
+                "ResourceRecords": [
+                    {
+                        "Value": "10 mailhost1.example.com"
+                    }
+                ]
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "NS",
+                "TTL": 172800,
+                "ResourceRecords": [
+                    {
+                        "Value": "ns-790.awsdns-34.net."
+                    },
+                    {
+                        "Value": "ns-1070.awsdns-05.org."
+                    },
+                    {
+                        "Value": "ns-106.awsdns-13.com."
+                    },
+                    {
+                        "Value": "ns-1921.awsdns-48.co.uk."
+                    }
+                ]
+            },
+            {
+                "Name": "510-route53-zone.rule.",
+                "Type": "SOA",
+                "TTL": 900,
+                "ResourceRecords": [
+                    {
+                        "Value": "ns-790.awsdns-34.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"
+                    }
+                ]
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red_policy_test.py b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red_policy_test.py
new file mode 100644
index 000000000..649a1b4ce
--- /dev/null
+++ b/tests/ecc-aws-510-route53_hosted_zone_records_health_check_configured/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn('SetIdentifier',resources[0])
+        base_test.assertNotIn('HealthCheckId',resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kafka.ListClustersV2_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..af59eda3b
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kafka.ListClustersV2_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/511-msk-cluster-green/3c3c340f-0f32-478f-8757-5be4e44a9e8d-14",
+                "ClusterName": "511-msk-cluster-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 46,
+                    "microsecond": 623000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-511-msk_data_encrypted_with_kms_cmk",
+                    "ComplianceStatus": "Green"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0f6f1edac7654bccf",
+                            "subnet-002f3539004fee42c",
+                            "subnet-0d30f5f6bcc64f20d"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0f078ef4ee73cacf3"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/f97cd60b-6064-44c1-aa1d-55074bf57dae"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-2.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2181,z-1.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2181,z-3.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-2.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2182,z-1.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2182,z-3.511mskclustergreen.o5wsep.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..9cdb5c019
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "f97cd60b-6064-44c1-aa1d-55074bf57dae",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/f97cd60b-6064-44c1-aa1d-55074bf57dae",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 3,
+                "day": 28,
+                "hour": 9,
+                "minute": 19,
+                "second": 32,
+                "microsecond": 83000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt MSK",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..58f277c2f
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/511-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/511-green",
+                "TargetKeyId": "f97cd60b-6064-44c1-aa1d-55074bf57dae",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 45,
+                    "microsecond": 485000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 45,
+                    "microsecond": 485000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..2872b5632
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/f97cd60b-6064-44c1-aa1d-55074bf57dae",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-511-msk_data_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kafka.ListClustersV2_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..53bfad4e1
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kafka.ListClustersV2_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/511-msk-cluster-red/69b9b58c-3ea3-4a51-9e1c-574defc65192-14",
+                "ClusterName": "511-msk-cluster-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 22,
+                    "second": 31,
+                    "microsecond": 773000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-511-msk_data_encrypted_with_kms_cmk",
+                    "ComplianceStatus": "Red"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0b362fa2eacbc7702",
+                            "subnet-0d5b411fa19290e50",
+                            "subnet-0d2bd556f2c3df8c5"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0bc8d616d7315ebc1"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2181,z-3.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2181,z-2.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2182,z-3.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2182,z-2.511mskclusterred.de5l2y.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..10d9bf7c0
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "a5e95036-8806-46b5-bc53-6158c469034c",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 25,
+                "hour": 8,
+                "minute": 47,
+                "second": 16,
+                "microsecond": 267000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my Kafka data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..1ff283b78
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,763 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/511-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/511-green",
+                "TargetKeyId": "f97cd60b-6064-44c1-aa1d-55074bf57dae",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 45,
+                    "microsecond": 485000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 9,
+                    "minute": 19,
+                    "second": 45,
+                    "microsecond": 485000
+                }
+            },
+            {
+                "AliasName": "alias/aws/acm",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/acm",
+                "TargetKeyId": "02b8c36d-b033-49f0-83eb-7549c0434474",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 22,
+                    "second": 58,
+                    "microsecond": 788000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 22,
+                    "second": 58,
+                    "microsecond": 788000
+                }
+            },
+            {
+                "AliasName": "alias/aws/appflow",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/appflow",
+                "TargetKeyId": "fb3fc7b3-b7de-4f1b-9919-0bb551444ad7",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 16,
+                    "minute": 5,
+                    "second": 21,
+                    "microsecond": 471000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 16,
+                    "minute": 5,
+                    "second": 21,
+                    "microsecond": 471000
+                }
+            },
+            {
+                "AliasName": "alias/aws/backup",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/backup",
+                "TargetKeyId": "86cac66f-e240-46a4-a5c6-527c91f61644",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 21,
+                    "second": 30,
+                    "microsecond": 990000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 21,
+                    "second": 30,
+                    "microsecond": 990000
+                }
+            },
+            {
+                "AliasName": "alias/aws/codeartifact",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/codeartifact",
+                "TargetKeyId": "35e81567-5c12-487c-8565-a87b6d2e09a2",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 15,
+                    "hour": 10,
+                    "minute": 33,
+                    "second": 32,
+                    "microsecond": 534000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 15,
+                    "hour": 10,
+                    "minute": 33,
+                    "second": 32,
+                    "microsecond": 534000
+                }
+            },
+            {
+                "AliasName": "alias/aws/dax",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/dax",
+                "TargetKeyId": "d9407a87-91e8-4c55-9de1-6cf3dff80f1c",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 14,
+                    "minute": 46,
+                    "second": 14,
+                    "microsecond": 211000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 26,
+                    "hour": 14,
+                    "minute": 46,
+                    "second": 14,
+                    "microsecond": 211000
+                }
+            },
+            {
+                "AliasName": "alias/aws/dms",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/dms",
+                "TargetKeyId": "e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 13,
+                    "minute": 14,
+                    "second": 20,
+                    "microsecond": 431000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 13,
+                    "minute": 14,
+                    "second": 20,
+                    "microsecond": 431000
+                }
+            },
+            {
+                "AliasName": "alias/aws/dynamodb",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/dynamodb",
+                "TargetKeyId": "c58db43f-2ace-4b25-8f7d-0e9be42b1ffa",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 15,
+                    "microsecond": 394000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 15,
+                    "microsecond": 394000
+                }
+            },
+            {
+                "AliasName": "alias/aws/ebs",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/ebs",
+                "TargetKeyId": "d790d044-f208-4947-a2d3-8622db8d40b4",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 11,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 10,
+                    "microsecond": 281000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 11,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 10,
+                    "microsecond": 281000
+                }
+            },
+            {
+                "AliasName": "alias/aws/ecr",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/ecr",
+                "TargetKeyId": "46799033-a498-4586-a8ac-e6c3857af4be",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 18,
+                    "microsecond": 731000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 18,
+                    "microsecond": 731000
+                }
+            },
+            {
+                "AliasName": "alias/aws/elasticfilesystem",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/elasticfilesystem",
+                "TargetKeyId": "f1222765-672a-4ed9-9390-5dad09bbfd84",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 21,
+                    "second": 11,
+                    "microsecond": 669000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 21,
+                    "second": 11,
+                    "microsecond": 669000
+                }
+            },
+            {
+                "AliasName": "alias/aws/es",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/es",
+                "TargetKeyId": "b0371366-f355-40c6-aa8d-ed45054edfea",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 3,
+                    "hour": 9,
+                    "minute": 48,
+                    "second": 29,
+                    "microsecond": 704000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 6,
+                    "day": 3,
+                    "hour": 9,
+                    "minute": 48,
+                    "second": 29,
+                    "microsecond": 704000
+                }
+            },
+            {
+                "AliasName": "alias/aws/fsx",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/fsx",
+                "TargetKeyId": "dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 8,
+                    "minute": 39,
+                    "second": 30,
+                    "microsecond": 559000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 17,
+                    "hour": 8,
+                    "minute": 39,
+                    "second": 30,
+                    "microsecond": 559000
+                }
+            },
+            {
+                "AliasName": "alias/aws/glue",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/glue",
+                "TargetKeyId": "4113ce8f-1387-4755-96d8-bb8ca98c06b2",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 9,
+                    "minute": 50,
+                    "second": 8,
+                    "microsecond": 300000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 9,
+                    "minute": 50,
+                    "second": 8,
+                    "microsecond": 300000
+                }
+            },
+            {
+                "AliasName": "alias/aws/kafka",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kafka",
+                "TargetKeyId": "a5e95036-8806-46b5-bc53-6158c469034c",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 8,
+                    "minute": 47,
+                    "second": 16,
+                    "microsecond": 467000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 25,
+                    "hour": 8,
+                    "minute": 47,
+                    "second": 16,
+                    "microsecond": 467000
+                }
+            },
+            {
+                "AliasName": "alias/aws/kendra",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kendra",
+                "TargetKeyId": "97b62e58-f7a3-405d-9fa2-851249e1d712",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 16,
+                    "hour": 13,
+                    "minute": 34,
+                    "second": 6,
+                    "microsecond": 536000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 16,
+                    "hour": 13,
+                    "minute": 34,
+                    "second": 6,
+                    "microsecond": 536000
+                }
+            },
+            {
+                "AliasName": "alias/aws/kinesis",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesis",
+                "TargetKeyId": "0dd17fdc-7e2e-4343-922a-a647e9b48a8f",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 14,
+                    "minute": 25,
+                    "second": 53,
+                    "microsecond": 111000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 14,
+                    "minute": 25,
+                    "second": 53,
+                    "microsecond": 111000
+                }
+            },
+            {
+                "AliasName": "alias/aws/kinesisvideo",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
+                "TargetKeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 15,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 15,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                }
+            },
+            {
+                "AliasName": "alias/aws/lambda",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/lambda",
+                "TargetKeyId": "faaf1764-ee12-4b85-b185-46202b1a87e8",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 4,
+                    "microsecond": 435000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 4,
+                    "microsecond": 435000
+                }
+            },
+            {
+                "AliasName": "alias/aws/lightsail",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/lightsail",
+                "TargetKeyId": "c610b920-069d-416d-bf4d-5c0eab05f8b7",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 45,
+                    "second": 39,
+                    "microsecond": 538000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 45,
+                    "second": 39,
+                    "microsecond": 538000
+                }
+            },
+            {
+                "AliasName": "alias/aws/mq",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/mq",
+                "TargetKeyId": "56bfb5e3-102f-44bb-b8a0-9509d18c4b68",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 8,
+                    "microsecond": 764000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 8,
+                    "microsecond": 764000
+                }
+            },
+            {
+                "AliasName": "alias/aws/rds",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/rds",
+                "TargetKeyId": "7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 58,
+                    "second": 31,
+                    "microsecond": 470000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 58,
+                    "second": 31,
+                    "microsecond": 470000
+                }
+            },
+            {
+                "AliasName": "alias/aws/redshift",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/redshift",
+                "TargetKeyId": "233a5859-037b-4ac0-8b3f-8bec79bb3941",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 15,
+                    "second": 14,
+                    "microsecond": 364000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 15,
+                    "second": 14,
+                    "microsecond": 364000
+                }
+            },
+            {
+                "AliasName": "alias/aws/redshifttest",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/redshifttest"
+            },
+            {
+                "AliasName": "alias/aws/s3",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "TargetKeyId": "f53a0dc6-a32a-4c08-b26a-7fea5101f831",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 9,
+                    "minute": 54,
+                    "second": 56,
+                    "microsecond": 411000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 11,
+                    "day": 11,
+                    "hour": 9,
+                    "minute": 54,
+                    "second": 56,
+                    "microsecond": 411000
+                }
+            },
+            {
+                "AliasName": "alias/aws/secretsmanager",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/secretsmanager",
+                "TargetKeyId": "b7180383-e16f-4c4f-bba0-9795ad621b2f",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 51,
+                    "microsecond": 727000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 51,
+                    "microsecond": 727000
+                }
+            },
+            {
+                "AliasName": "alias/aws/sns",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/sns",
+                "TargetKeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                }
+            },
+            {
+                "AliasName": "alias/aws/sqs",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/sqs",
+                "TargetKeyId": "e93a1f42-c284-46f0-8e7a-15fd35d5e15b",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 8,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 15,
+                    "microsecond": 244000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 9,
+                    "day": 8,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 15,
+                    "microsecond": 244000
+                }
+            },
+            {
+                "AliasName": "alias/aws/ssm",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/ssm",
+                "TargetKeyId": "cb0aaf28-4819-4777-9c91-612bf028ad57",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 29,
+                    "hour": 13,
+                    "minute": 57,
+                    "second": 44,
+                    "microsecond": 639000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 29,
+                    "hour": 13,
+                    "minute": 57,
+                    "second": 44,
+                    "microsecond": 639000
+                }
+            },
+            {
+                "AliasName": "alias/aws/workspaces",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/workspaces",
+                "TargetKeyId": "8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 39,
+                    "second": 55,
+                    "microsecond": 460000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 39,
+                    "second": 55,
+                    "microsecond": 460000
+                }
+            },
+            {
+                "AliasName": "alias/aws/xray",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/xray",
+                "TargetKeyId": "390325fc-0f58-4982-9ff9-391a3c9724ce",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 12,
+                    "minute": 20,
+                    "second": 59,
+                    "microsecond": 726000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 12,
+                    "minute": 20,
+                    "second": 59,
+                    "microsecond": 726000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..676882cc4
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/f97cd60b-6064-44c1-aa1d-55074bf57dae",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-511-msk_data_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..41ca5b3d0
--- /dev/null
+++ b/tests/ecc-aws-511-msk_data_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        key_raw = resources[0]['EncryptionInfo']['EncryptionAtRest']['DataVolumeKMSKeyId']
+        key_id = key_raw.split('/')
+        kms = local_session.client("kms").describe_key(KeyId=key_id[1])
+        base_test.assertEqual(kms['KeyMetadata']['KeyManager'], 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-green/kafka.ListClustersV2_1.json b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-green/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..488e9f70c
--- /dev/null
+++ b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-green/kafka.ListClustersV2_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/512-msk-cluster-green/ee327a5a-b618-4a14-802a-2da888bf0124-14",
+                "ClusterName": "512-msk-cluster-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 18,
+                    "second": 49,
+                    "microsecond": 678000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-512-msk_encryption_in_transit_enabled",
+                    "ComplianceStatus": "Green"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-049fea59323f312ff",
+                            "subnet-0bff79f777816a0f1",
+                            "subnet-09a9c4b40b676ca9c"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0ca871379b2a7c93a"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2181,z-3.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2181,z-2.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2182,z-3.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2182,z-2.512mskclustergreen.gzi74e.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-red/kafka.ListClustersV2_1.json b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-red/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..c9187f43e
--- /dev/null
+++ b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/placebo-red/kafka.ListClustersV2_1.json
@@ -0,0 +1,225 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/512-msk-cluster-red/6c40a28a-f5a6-4615-af99-4d9af9e23f96-14",
+                "ClusterName": "512-msk-cluster-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 19,
+                    "second": 15,
+                    "microsecond": 410000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-512-msk_encryption_in_transit_enabled",
+                    "ComplianceStatus": "Red"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-09e6f8ef0cde57a52",
+                            "subnet-0be5c72d396b4ebe7",
+                            "subnet-0867c4780677cd26b"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-01a355189f7f7171b"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS_PLAINTEXT",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2181,z-3.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2181,z-2.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2182,z-3.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2182,z-2.512mskclusterred.cev1sw.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            },
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/514-msk-cluster-green/68ca1a7d-4e12-4709-a383-f55c96dbf32a-14",
+                "ClusterName": "514-msk-cluster-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 48,
+                    "second": 56,
+                    "microsecond": 565000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "CREATING",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-514-msk_logging_enabled",
+                    "ComplianceStatus": "Green"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0e9f677ea8b2c020b",
+                            "subnet-07030b745ff71b64f",
+                            "subnet-0f465dab23efb77ae"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0b6af1791f399fd79"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "LoggingInfo": {
+                        "BrokerLogs": {
+                            "CloudWatchLogs": {
+                                "Enabled": true,
+                                "LogGroup": "514-log-group-green"
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3
+                }
+            },
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/514-msk-cluster-red/21ed5a2e-1d7d-4c75-8484-1fcd977eeb7b-14",
+                "ClusterName": "514-msk-cluster-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 53,
+                    "second": 32,
+                    "microsecond": 79000
+                },
+                "CurrentVersion": "K1PA6795UKMFR9",
+                "State": "CREATING",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-514-msk_logging_enabled",
+                    "ComplianceStatus": "Red"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0d14dc98f0029465c",
+                            "subnet-09a8d4562ff73f0e9",
+                            "subnet-0e2603b355d4339f3"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-06a828fe388ba07b9"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-512-msk_encryption_in_transit_enabled/red_policy_test.py b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/red_policy_test.py
new file mode 100644
index 000000000..20d044ee4
--- /dev/null
+++ b/tests/ecc-aws-512-msk_encryption_in_transit_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EncryptionInfo']['EncryptionInTransit']['ClientBroker'], 'TLS_PLAINTEXT')
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListHostedZones_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListHostedZones_1.json
new file mode 100644
index 000000000..d8d9afe5a
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListHostedZones_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "HostedZones": [
+            {
+                "Id": "/hostedzone/ASASASASASASAS",
+                "Name": "513route53green.com.",
+                "CallerReference": "terraform-20220623070451839700000001",
+                "Config": {
+                    "Comment": "Managed by Terraform",
+                    "PrivateZone": false
+                },
+                "ResourceRecordSetCount": 2
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListQueryLoggingConfigs_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListQueryLoggingConfigs_1.json
new file mode 100644
index 000000000..d9ae4af8d
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListQueryLoggingConfigs_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "QueryLoggingConfigs": [
+            {
+                "Id": "ec0d8a0d-048e-4f09-bf27-249c7fc45383",
+                "HostedZoneId": "ASASASASASASAS",
+                "CloudWatchLogsLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:/aws/route53/513route53green.com"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListTagsForResources_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListTagsForResources_1.json
new file mode 100644
index 000000000..853c22138
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-green/route53.ListTagsForResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ResourceTagSets": [
+            {
+                "ResourceType": "hostedzone",
+                "ResourceId": "Z076307611JRXPCGUI9ZN",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-513-route53_query_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListHostedZones_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListHostedZones_1.json
new file mode 100644
index 000000000..7423ba87e
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListHostedZones_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "HostedZones": [
+            {
+                "Id": "/hostedzone/ASASASASASASAS",
+                "Name": "513route53red.com.",
+                "CallerReference": "terraform-20220623070540121800000001",
+                "Config": {
+                    "Comment": "Managed by Terraform",
+                    "PrivateZone": false
+                },
+                "ResourceRecordSetCount": 2
+            }
+        ],
+        "IsTruncated": false,
+        "MaxItems": "100"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListQueryLoggingConfigs_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListQueryLoggingConfigs_1.json
new file mode 100644
index 000000000..0f0ff5e62
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListQueryLoggingConfigs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "QueryLoggingConfigs": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListTagsForResources_1.json b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListTagsForResources_1.json
new file mode 100644
index 000000000..03731ae29
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/placebo-red/route53.ListTagsForResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ResourceTagSets": [
+            {
+                "ResourceType": "hostedzone",
+                "ResourceId": "Z02315613BNTIIDGXHMO5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-513-route53_query_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-513-route53_query_logging_enabled/red_policy_test.py b/tests/ecc-aws-513-route53_query_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..3e18f690d
--- /dev/null
+++ b/tests/ecc-aws-513-route53_query_logging_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        zone = local_session.client("route53")
+        list_logging = zone.list_query_logging_configs()
+        base_test.assertFalse(list_logging["QueryLoggingConfigs"])
\ No newline at end of file
diff --git a/tests/ecc-aws-514-msk_logging_enabled/placebo-green/kafka.ListClustersV2_1.json b/tests/ecc-aws-514-msk_logging_enabled/placebo-green/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..399c41329
--- /dev/null
+++ b/tests/ecc-aws-514-msk_logging_enabled/placebo-green/kafka.ListClustersV2_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/514-msk-cluster-green/68ca1a7d-4e12-4709-a383-f55c96dbf32a-14",
+                "ClusterName": "514-msk-cluster-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 48,
+                    "second": 56,
+                    "microsecond": 565000
+                },
+                "CurrentVersion": "K3JWKAKR8XB7XF",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-514-msk_logging_enabled",
+                    "ComplianceStatus": "Green"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0e9f677ea8b2c020b",
+                            "subnet-07030b745ff71b64f",
+                            "subnet-0f465dab23efb77ae"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0b6af1791f399fd79"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "LoggingInfo": {
+                        "BrokerLogs": {
+                            "CloudWatchLogs": {
+                                "Enabled": true,
+                                "LogGroup": "514-log-group-green"
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2181,z-3.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2181,z-2.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2182,z-3.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2182,z-2.514mskclustergreen.5por3y.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-514-msk_logging_enabled/placebo-red/kafka.ListClustersV2_1.json b/tests/ecc-aws-514-msk_logging_enabled/placebo-red/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..e6a78ca72
--- /dev/null
+++ b/tests/ecc-aws-514-msk_logging_enabled/placebo-red/kafka.ListClustersV2_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/514-msk-cluster-red/21ed5a2e-1d7d-4c75-8484-1fcd977eeb7b-14",
+                "ClusterName": "514-msk-cluster-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 53,
+                    "second": 32,
+                    "microsecond": 79000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-514-msk_logging_enabled",
+                    "ComplianceStatus": "Red"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0d14dc98f0029465c",
+                            "subnet-09a8d4562ff73f0e9",
+                            "subnet-0e2603b355d4339f3"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-06a828fe388ba07b9"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2181,z-3.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2181,z-2.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2182,z-3.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2182,z-2.514mskclusterred.07pqmi.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-514-msk_logging_enabled/red_policy_test.py b/tests/ecc-aws-514-msk_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..35c079a28
--- /dev/null
+++ b/tests/ecc-aws-514-msk_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('LoggingInfo', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..f249af73a
--- /dev/null
+++ b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/515-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/515-green",
+                "TargetKeyId": "d342abd8-56cf-4798-b2ac-f1d2e5dc45ab",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 55,
+                    "second": 50,
+                    "microsecond": 359000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 55,
+                    "second": 50,
+                    "microsecond": 359000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..7f8bf6b5d
--- /dev/null
+++ b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220106133412070600000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database515green",
+                "Endpoint": {
+                    "Address": "terraform-20220106133412070600000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 13,
+                    "minute": 37,
+                    "second": 56,
+                    "microsecond": 197000
+                },
+                "PreferredBackupWindow": "03:15-03:45",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:09:06-tue:09:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/d342abd8-56cf-4798-b2ac-f1d2e5dc45ab",
+                "DbiResourceId": "db-DWWWPRDMZVQOHDLLVMDC5YDRJY",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220106133412070600000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-515-rds_encrypted_with_kms_cmk"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..a7931d185
--- /dev/null
+++ b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/rds",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/rds",
+                "TargetKeyId": "7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 58,
+                    "second": 31,
+                    "microsecond": 470000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 12,
+                    "minute": 58,
+                    "second": 31,
+                    "microsecond": 470000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..3a2e48488
--- /dev/null
+++ b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220106135656655200000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database515red",
+                "Endpoint": {
+                    "Address": "terraform-20220106135656655200000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 1,
+                    "second": 48,
+                    "microsecond": 375000
+                },
+                "PreferredBackupWindow": "03:00-03:30",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:04:06-sat:04:36",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.33",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": true,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/7662e8d8-3711-4c8c-ba73-fe609ad50611",
+                "DbiResourceId": "db-AVKWGBPC2GLSEHRAK5NDIG5ECU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220106135656655200000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-515-rds_encrypted_with_kms_cmk"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..a1b35bceb
--- /dev/null
+++ b/tests/ecc-aws-515-rds_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        kms = local_session.client("kms").list_aliases()["Aliases"][0]
+        base_test.assertEqual(kms['AliasName'], 'alias/aws/rds')
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..0b57c90f1
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "30dd64c0-ed92-4ac4-abe5-0288c832f3de",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/30dd64c0-ed92-4ac4-abe5-0288c832f3de",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 1,
+                "hour": 22,
+                "minute": 5,
+                "second": 31,
+                "microsecond": 687000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt sns",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..2411fb9e6
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/sns",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/sns",
+                "TargetKeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.GetTopicAttributes_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..981e2ae96
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.GetTopicAttributes_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:rule-516-green\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "KmsMasterKeyId": "arn:aws:kms:us-east-1:111111111111:key/30dd64c0-ed92-4ac4-abe5-0288c832f3de",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-516-green",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTagsForResource_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTagsForResource_1.json
new file mode 100644
index 000000000..787aae43d
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-516-sns_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTopics_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTopics_1.json
new file mode 100644
index 000000000..389de4e0c
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-516-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..064e6dc97
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/30dd64c0-ed92-4ac4-abe5-0288c832f3de",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-516-sns_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..777a0dd76
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 3,
+                "day": 12,
+                "hour": 16,
+                "minute": 10,
+                "second": 38,
+                "microsecond": 20000
+            },
+            "Enabled": true,
+            "Description": "Default master key that protects my SNS data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..2411fb9e6
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/sns",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/sns",
+                "TargetKeyId": "c92b312b-4c0a-44c7-bc0b-381f8aba9bff",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 16,
+                    "minute": 10,
+                    "second": 38,
+                    "microsecond": 188000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.GetTopicAttributes_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..6f0072552
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.GetTopicAttributes_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:rule-516-red\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "KmsMasterKeyId": "alias/aws/sns",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-516-red",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTagsForResource_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTagsForResource_1.json
new file mode 100644
index 000000000..79413d93b
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-516-sns_encrypted_with_kms_cmk"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTopics_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTopics_1.json
new file mode 100644
index 000000000..12397ac41
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:rule-516-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..40fa4f206
--- /dev/null
+++ b/tests/ecc-aws-516-sns_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        kms = local_session.client("kms").list_aliases()["Aliases"][0]
+        base_test.assertEqual(kms['AliasName'], 'alias/aws/sns')
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..3f042f46d
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "false",
+                "Description": "parameter for audit logging purpose",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..22516e688
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-517-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift_517_green_db",
+                "Endpoint": {
+                    "Address": "redshift-517-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 45,
+                    "second": 23,
+                    "microsecond": 280000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-redshift-517-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "tue:06:00-tue:06:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsrWWvPOkcNfRhBH/CwE71GXfM6r1ELgVa7ATKnzXKWNHmv9hJJ3n9wOwtl7idjpFdsFiQ5VCBid+vc1YDMI1Wcie54jCNUMmnC12ktE4Nfgc5Zb2mE+T8gSV0Fd9O3uQVVhG4IOm5dkZD7vSAXYE3zYOWGCRLepwp6timSbUqJI+DTECt5tZ/Dhf5Xtv69BY0Pc1jq8RC7n1eVdfT2eSU3upeLEIyT2FfWVqfpnPWPQw5b6Dt90esFVmnGtZrOZHbZsDzXan7S5r285OUv10+KjWCwWJuXSRJS5gdvPAp/P9dmXUu6GkMtXrUyoR0is3Z+TRXmdW0Q7BJYEJqthHL Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.52.236",
+                        "PublicIPAddress": "3.232.1.230"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-517-redshift_user_activity_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 25,
+                    "hour": 6,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:91e72797-9248-441b-a333-5afda1965a9e",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
new file mode 100644
index 000000000..3d086b67b
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-green/redshift.DescribeLoggingStatus_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoggingEnabled": true,
+        "LastSuccessfulDeliveryTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 10,
+            "day": 21,
+            "hour": 14,
+            "minute": 54,
+            "second": 0,
+            "microsecond": 764000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..3f042f46d
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "enable_user_activity_logging",
+                "ParameterValue": "false",
+                "Description": "parameter for audit logging purpose",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..8006c3839
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-517-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift_517_red_db",
+                "Endpoint": {
+                    "Address": "redshift-517-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 21,
+                    "hour": 12,
+                    "minute": 16,
+                    "second": 28,
+                    "microsecond": 693000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "mon:05:30-mon:06:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrreAVqpVVOmIWFf/7dMWkKPVG/AZL0IHN7zNG+wU+PiXwhO2l3bgQUZP/FblbmwjJyUlaPPc1i51xBVxsg8IIvXdvoKl9O1og0LEVNUcvKSeB6vMa5YcJTcX7vkl3aFyeZc/lXybifvuxmN71OTvzJqUpmIYhWxCq21nfXYI38e/IRVcbj/lOi5ZwUWNyUWBHiqKnpbW257220fhs8XUZ6T/YMqWB9xGt2OC4WP8T+SwooOcNn8U+72/1IYqYDSoA+TnL/M1GemqufxYvQ6M5k4EIWD5rLFjMHlAqDXGOGgmJV+czlOLpkS/ICq0WIzzDYLGa7qMIyo+sPsPSSX0B Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.52.128",
+                        "PublicIPAddress": "54.147.109.219"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-517-redshift_user_activity_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 24,
+                    "hour": 5,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:76e3fe80-d5ac-4040-8dca-8badf0af3a54",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
new file mode 100644
index 000000000..8c26db7f1
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/placebo-red/redshift.DescribeLoggingStatus_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoggingEnabled": false,
+        "LastSuccessfulDeliveryTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 10,
+            "day": 21,
+            "hour": 12,
+            "minute": 20,
+            "second": 51,
+            "microsecond": 138000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-517-redshift_user_activity_logging_enabled/red_policy_test.py b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..6f0e93e44
--- /dev/null
+++ b/tests/ecc-aws-517-redshift_user_activity_logging_enabled/red_policy_test.py
@@ -0,0 +1,13 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:logging']['LoggingEnabled'])
+        parameter_group_name=resources[0]["ClusterParameterGroups"][0]["ParameterGroupName"]
+        describe_parameters = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+
+        for parameter in parameters:
+          if parameter["ParameterName"]=="enable_user_activity_logging":
+             base_test.assertEqual(parameter['ParameterValue'], 'false')
+             describe_parameters = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName=parameter_group_name)
diff --git a/tests/ecc-aws-519-redshift_not_using_default_port/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-519-redshift_not_using_default_port/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..7aad16532
--- /dev/null
+++ b/tests/ecc-aws-519-redshift_not_using_default_port/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-519-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-519-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5555
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 3,
+                    "hour": 8,
+                    "minute": 5,
+                    "second": 11,
+                    "microsecond": 533000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "mon:08:00-mon:08:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCm1H8R0lIoYFjDklSp/IwzcDyj7Zpgb+GiPNhKtFL8kqB5Uj4WAmnlLRdr35YHJGkqLPVMNPxwMGqaotTC2w8w/xOrLwnN/JQ01LWriwDEFzREY0JVi5iWobG8hhCmWCpYZ8oGpBY/daAntn6v85Tm71t02L0rXklt4opy+u0vWpnaSbY4VA5mMuvv0J2rs4JjtG041YkdaPFjmRBN3SruucWd5/MDrMI2Ql7seHB6S1MUgXeEUD1Gf5jgpu2Bqsh3qDEInRFihfdjYR4ziYrcXrESDwMdnq8fYU9qRJNyDUps40rcM2A0RebhMe8DZRbM0Dfk3NtBf7FjIwqA3HYD Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.54.78",
+                        "PublicIPAddress": "54.165.227.195"
+                    }
+                ],
+                "ClusterRevisionNumber": "37954",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-519-redshift_not_using_default_port"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 9,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:776f18d9-8780-4b8d-be6e-5f1ec7b79535",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-519-redshift_not_using_default_port/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-519-redshift_not_using_default_port/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..b582788b6
--- /dev/null
+++ b/tests/ecc-aws-519-redshift_not_using_default_port/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-519-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-519-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 3,
+                    "hour": 7,
+                    "minute": 56,
+                    "second": 6,
+                    "microsecond": 833000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "sat:09:00-sat:09:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCn3cGZTztvRkmLd5e4yF0AZzJpGr6s478jva+9wivrRUNvU/lgEq8CloHkSZu4+UoFUQIbBMxjQ/vaze/CcVEgdLwWPADgrcqYGiCroDrcuD+qTzNL/RR1GzC8P5n625nLzP8mvHslZj4/twQUjwmmsM+TrZVClg1FMYGSGvSELixvh5p16L7FYP4iv+GAHK8qqHstm8aMM9BNqfcNDacV4ZxvJAWHCIvqaFyIbTHkNZQeg6z6y/NiORau13krDJx5ncE11IPBuW0BuG3LDxOvEAvFYxF9U881pnZ7KoAkNj3luW2r6Bcbe/A+d49unmRhqZXjekJKlfXinMAr1Pph Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.61.140",
+                        "PublicIPAddress": "34.238.173.254"
+                    }
+                ],
+                "ClusterRevisionNumber": "37954",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-519-redshift_not_using_default_port"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 7,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:d78b44ff-e765-4b55-b913-888504da98eb",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-519-redshift_not_using_default_port/red_policy_test.py b/tests/ecc-aws-519-redshift_not_using_default_port/red_policy_test.py
new file mode 100644
index 000000000..f5aa6df57
--- /dev/null
+++ b/tests/ecc-aws-519-redshift_not_using_default_port/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Endpoint']['Port'], 5439)
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..e091f4d98
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "2166bc00-9418-42cc-a651-55792c56db3d",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/2166bc00-9418-42cc-a651-55792c56db3d",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 31,
+                "hour": 10,
+                "minute": 45,
+                "second": 16,
+                "microsecond": 222000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt Redshift",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..93c24de66
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/520-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/520-green",
+                "TargetKeyId": "2166bc00-9418-42cc-a651-55792c56db3d",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 45,
+                    "second": 29,
+                    "microsecond": 879000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 45,
+                    "second": 29,
+                    "microsecond": 879000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..1e2e7e33d
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-520-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshiftgreen",
+                "Endpoint": {
+                    "Address": "redshift-520-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 48,
+                    "second": 29,
+                    "microsecond": 539000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "tue:04:00-tue:04:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": true,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDwmxK+GCfWVuE6AJW5QzmjafgnmBnOCKRJ3Lpotltb9YUh3Oww16dspoNOE76cAEmlBoV6fBnhdFEN4fC70H9er6KOEUo17W+fNa2dH+Hm2A7eZWdRgFbwQIN0aaV0bWvmrHs+AxK5n3QAjE/fq5q1pxh5FJoZw56xU+rodmGAfce9nTu7NXnfRcGRtExksIQznd5wvF32YfPVKCuUF9hfNQqOcRUNks1JdX7/2+5oyw7SNufqqp9sjVG5qClSTpFkeAbULMdUPllNICyBJZlzfa8BFsIPpqoosERWfqdQDokLAKug7bDxIptU2c0MONee8i26DtfKS8gseteN+Z5H Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.27.226",
+                        "PublicIPAddress": "35.171.106.66"
+                    }
+                ],
+                "ClusterRevisionNumber": "38698",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-520-redshift_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/2166bc00-9418-42cc-a651-55792c56db3d",
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 7,
+                    "hour": 4,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:66128079-5014-4482-a360-319921d861be",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9bd8abc4e
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/2166bc00-9418-42cc-a651-55792c56db3d",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-520-redshift_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..74a0191de
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "233a5859-037b-4ac0-8b3f-8bec79bb3941",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/233a5859-037b-4ac0-8b3f-8bec79bb3941",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2021,
+                "month": 3,
+                "day": 12,
+                "hour": 14,
+                "minute": 15,
+                "second": 14,
+                "microsecond": 160000
+            },
+            "Enabled": true,
+            "Description": "Default master key that protects my Redshift clusters when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..8daae8315
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/redshift",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/redshift",
+                "TargetKeyId": "233a5859-037b-4ac0-8b3f-8bec79bb3941",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 15,
+                    "second": 14,
+                    "microsecond": 364000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2021,
+                    "month": 3,
+                    "day": 12,
+                    "hour": 14,
+                    "minute": 15,
+                    "second": 14,
+                    "microsecond": 364000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..ac50bcdfa
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "redshift-520-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshiftred",
+                "Endpoint": {
+                    "Address": "redshift-520-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 48,
+                    "second": 15,
+                    "microsecond": 52000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "wed:10:30-wed:11:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": true,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCI5MnmggUOepzBS1/rixAE3reFul2pYg4QJfZYt/1w/gs4HrlPCtzFxyRCQSWDKGE1b8OpQJp0Afh8HQrczHVJBH1JsF8z4HE+3alnu+G1XEVJGWoFWxEtbFx6vwT19FtO5k70ubsH3cqCzwYwapkat0hjD5+ljiXkTLNEO5k49ZW8pCU473X/lavTybVYH8WYPhTgrN486sWtVUou4Ooc7n5roRKF96YRCeJRsoKSLcpmZmw3yhrTriiquUekkFhK9txD0zxLKvMvTvW5U4nEAwBk7HxW2MKYUCuszvIKkvJ71g8VeMHXncsVSxJp17KqWtbKjzs3yERQHPz187mD Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.21.206",
+                        "PublicIPAddress": "44.205.202.109"
+                    }
+                ],
+                "ClusterRevisionNumber": "38698",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-520-redshift_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/233a5859-037b-4ac0-8b3f-8bec79bb3941",
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 1,
+                    "hour": 10,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:401c6bc7-00a0-43cc-af84-e1224401e933",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..0341560b1
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..d82ef9487
--- /dev/null
+++ b/tests/ecc-aws-520-redshift_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        key_raw = resources[0]['KmsKeyId']
+        key_id = key_raw.split('/')
+        kms = local_session.client("kms").describe_key(KeyId=key_id[1])
+        base_test.assertEqual(kms['KeyMetadata']['KeyManager'], 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..f2afddc1a
--- /dev/null
+++ b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "true",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "user",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..97e533254
--- /dev/null
+++ b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-521-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift521green",
+                "Endpoint": {
+                    "Address": "c7n-521-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 10,
+                    "minute": 22,
+                    "second": 30,
+                    "microsecond": 119000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "parameter-group-521-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "tue:07:30-tue:08:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmoq7ezdHzY4fDO1GkublYr5THzU/M2rbPN+wLnpThPSMNTEJ0nmfsO4Ea/M4DJflsXiBWmDjpP+nBzDfiZaC6sjEUo+y2UeW6PUY9SWqp0HR+1lwRIfE6s13FgGH+s6aYRmrA4btPVq619I+onJFUP/TcRKYafBU5L/oZb2Sqmd5bcssZjam6eB3AhcrVmYh2WMNB1GJdHoI1XUNnY/qE+Pts01h8kHklwEo2jG4g1gslExHoq3cveUgxP3MFstUDSyAlBgZgabhnoE8MszipAe8SvmkJ1kGzqLuV2t5+fN5QJ9BPh1CJpvAgbmup+4HFYVRKzhmlYEnfsd8cTAP7 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.50.233",
+                        "PublicIPAddress": "3.222.125.207"
+                    }
+                ],
+                "ClusterRevisionNumber": "38361",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-521-redshift_parameter_group_require_ssl"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:bb841af4-80f0-4f16-967e-deb96b593809",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusterParameters_1.json b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusterParameters_1.json
new file mode 100644
index 000000000..a0972a806
--- /dev/null
+++ b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusterParameters_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "require_ssl",
+                "ParameterValue": "false",
+                "Description": "require ssl for all databaseconnections",
+                "Source": "engine-default",
+                "DataType": "boolean",
+                "AllowedValues": "true,false",
+                "ApplyType": "static",
+                "IsModifiable": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..05c36619c
--- /dev/null
+++ b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-521-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift521red",
+                "Endpoint": {
+                    "Address": "c7n-521-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 10,
+                    "minute": 47,
+                    "second": 45,
+                    "microsecond": 853000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1d",
+                "PreferredMaintenanceWindow": "fri:08:00-fri:08:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAU7kc3TyNfM+5+pwBuyLyBeYsWJa0PkXXBJ+hJNh4oJDj+jGtlXOtFFN1vkXhjMxdSBcd1qFi4EseBhf0/TCThIWVG+z4hl0bCdtryi8NJOKq2v9wQp5Eq5ldlAxrUx8LNQLoX8qQnJXeeldK7/1VKHoeSqapaZB30zhBDOwBeson+aPtBHQ0doJe079wv9yngh1+HiMNczoLUxFACCnYib8y9247rZXyq6lVbXHSJFlqqOwBIB95qtHTo+WkorYJganLWStsjCCBafRf3I3y+A7BsfpVjZTaDUJBHD71U+Aq+smKpgl5UoDalqhPZnmkpPem4ZBI9oWItuaseKi3 Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.24.157",
+                        "PublicIPAddress": "54.144.154.151"
+                    }
+                ],
+                "ClusterRevisionNumber": "38361",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-521-redshift_parameter_group_require_ssl"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:2a5a0845-b2ff-4f97-a23c-932721906c79",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-521-redshift_parameter_group_require_ssl/red_policy_test.py b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/red_policy_test.py
new file mode 100644
index 000000000..5f048ac5c
--- /dev/null
+++ b/tests/ecc-aws-521-redshift_parameter_group_require_ssl/red_policy_test.py
@@ -0,0 +1,12 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        parameter_group_name=resources[0]["ClusterParameterGroups"][0]["ParameterGroupName"]
+        describe_parameters = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+
+        for parameter in parameters:
+          if parameter["ParameterName"]=="require_ssl":
+             base_test.assertEqual(parameter['ParameterValue'], 'false')
+             describe_parameters = local_session.client("redshift").describe_cluster_parameters(ParameterGroupName=parameter_group_name)
\ No newline at end of file
diff --git a/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListDomains_1.json b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..dc8a16d7c
--- /dev/null
+++ b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": true,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-green/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListDomains_1.json b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListDomains_1.json
new file mode 100644
index 000000000..f61b1637b
--- /dev/null
+++ b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListDomains_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Domains": [
+            {
+                "DomainName": "custodian-rule.click",
+                "AutoRenew": false,
+                "TransferLock": false,
+                "Expiry": {
+                    "__class__": "datetime",
+                    "year": 2024,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 10,
+                    "minute": 3,
+                    "second": 55,
+                    "microsecond": 887000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListTagsForDomain_1.json b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-522-route53_transfer_lock_enabled/placebo-red/route53domains.ListTagsForDomain_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-522-route53_transfer_lock_enabled/red_policy_test.py b/tests/ecc-aws-522-route53_transfer_lock_enabled/red_policy_test.py
new file mode 100644
index 000000000..62f623c91
--- /dev/null
+++ b/tests/ecc-aws-522-route53_transfer_lock_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['TransferLock'], False)
+
diff --git a/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..b55c12209
--- /dev/null
+++ b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "2nod2xj63d",
+                "name": "apiGatewayRestApi524Green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 14,
+                    "second": 24,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-524-api_gateway_access_logging_enabled"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..7dfed8759
--- /dev/null
+++ b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "e5xgfm",
+                "stageName": "apiGatewayStage524Green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {},
+                "accessLogSettings": {
+                    "format": "$context.identity.sourceIp,$context.identity.caller,$context.identity.user,$context.requestTime,$context.httpMethod,$context.resourcePath,$context.protocol,$context.status,$context.responseLength,$context.requestId",
+                    "destinationArn": "arn:aws:logs:us-east-1:111111111111:log-group:524_log_group_green"
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-524-api_gateway_access_logging_enabled"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 14,
+                    "second": 25,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 18,
+                    "second": 34,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..9664fe51a
--- /dev/null
+++ b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "p1v05pjy9j",
+                "name": "apiGatewayRestApi524Red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 44,
+                    "second": 26,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-526-cloudtrail_logs_set_correctly"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..15e798541
--- /dev/null
+++ b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "fudfw9",
+                "stageName": "apiGatewayStage524Red",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "loggingLevel": "ERROR",
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": false,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-526-cloudtrail_logs_set_correctly"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 44,
+                    "second": 28,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 48,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/red_policy_test.py b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..4228051a0
--- /dev/null
+++ b/tests/ecc-aws-524-rest_api_gateway_access_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_ssesion):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("accessLogSettings",resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..6facb77e7
--- /dev/null
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/525_ecs_cluster_green",
+                "clusterName": "525_ecs_cluster_green",
+                "configuration": {
+                    "executeCommandConfiguration": {
+                        "kmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/5e70ea49-f2f3-40bd-b4ab-9f5b4a5e7d05",
+                        "logging": "OVERRIDE",
+                        "logConfiguration": {
+                            "cloudWatchLogGroupName": "/aws/ecs/525_log_group_green",
+                            "cloudWatchEncryptionEnabled": true,
+                            "s3BucketName": "bucket-525-green",
+                            "s3EncryptionEnabled": true,
+                            "s3KeyPrefix": "exec-output"
+                        }
+                    }
+                },
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 1,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 1,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodiaRule",
+                        "Value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.ListClusters_1.json
new file mode 100644
index 000000000..46a567e49
--- /dev/null
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/525_ecs_cluster_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..89e2996e4
--- /dev/null
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/525_ecs_cluster_red",
+                "clusterName": "525_ecs_cluster_red",
+                "configuration": {
+                    "executeCommandConfiguration": {
+                        "logging": "OVERRIDE",
+                        "logConfiguration": {
+                            "cloudWatchLogGroupName": "/aws/ecs/525_log_group_red",
+                            "cloudWatchEncryptionEnabled": false,
+                            "s3EncryptionEnabled": false
+                        }
+                    }
+                },
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 1,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 1,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodiaRule",
+                        "Value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.ListClusters_1.json
new file mode 100644
index 000000000..dd5d5f123
--- /dev/null
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/525_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/red_policy_test.py b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..d522eb8ab
--- /dev/null
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['configuration']['executeCommandConfiguration']['logConfiguration']['cloudWatchEncryptionEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..23e6e5674
--- /dev/null
+++ b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "11111111",
+                "name": "apiGatewayRestApi526Green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 30,
+                    "second": 59,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-398-api_gateway_cache_enabled"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetStages_1.json b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetStages_1.json
new file mode 100644
index 000000000..418a0c5e6
--- /dev/null
+++ b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-green/apigateway.GetStages_1.json
@@ -0,0 +1,58 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "yukktd",
+                "stageName": "apiGatewayStage526Green",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "loggingLevel": "ERROR",
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": false,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "accessLogSettings": {
+                    "format": "$context.identity.sourceIp,$context.identity.caller,$context.identity.user,$context.requestTime,$context.httpMethod,$context.resourcePath,$context.protocol,$context.status,$context.responseLength,$context.requestId",
+                    "destinationArn": "arn:aws:logs:us-east-1:111111111111:log-group:526_log_group_green"
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-398-api_gateway_cache_enabled"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 31,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 21,
+                    "hour": 16,
+                    "minute": 6,
+                    "second": 21,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..efa5e5a30
--- /dev/null
+++ b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "11111111",
+                "name": "apiGatewayRestApi526Red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 14,
+                    "minute": 9,
+                    "second": 45,
+                    "microsecond": 0
+                },
+                "version": "1.0",
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-526-cloudtrail_logs_set_correctly"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetStages_1.json b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetStages_1.json
new file mode 100644
index 000000000..2d007cb07
--- /dev/null
+++ b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/placebo-red/apigateway.GetStages_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "item": [
+            {
+                "deploymentId": "r8sujy",
+                "stageName": "apiGatewayStage526Red",
+                "cacheClusterEnabled": true,
+                "cacheClusterSize": "0.5",
+                "cacheClusterStatus": "AVAILABLE",
+                "methodSettings": {
+                    "*/*": {
+                        "metricsEnabled": false,
+                        "loggingLevel": "OFF",
+                        "dataTraceEnabled": false,
+                        "throttlingBurstLimit": -1,
+                        "throttlingRateLimit": -1.0,
+                        "cachingEnabled": false,
+                        "cacheTtlInSeconds": 300,
+                        "cacheDataEncrypted": false,
+                        "requireAuthorizationForCacheControl": true,
+                        "unauthorizedCacheControlHeaderStrategy": "SUCCEED_WITH_RESPONSE_HEADER"
+                    }
+                },
+                "tracingEnabled": false,
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-526-cloudtrail_logs_set_correctly"
+                },
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 14,
+                    "minute": 9,
+                    "second": 47,
+                    "microsecond": 0
+                },
+                "lastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 14,
+                    "minute": 14,
+                    "second": 49,
+                    "microsecond": 0
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..65b6b4679
--- /dev/null
+++ b/tests/ecc-aws-526-rest_api_gateway_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_ssesion):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['methodSettings']['*/*']['loggingLevel'], "OFF")
+        base_test.assertNotIn("accessLogSettings",resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..0fa91a55c
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_527_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 19,
+                "hour": 22,
+                "minute": 54,
+                "second": 48,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/527_role_green",
+            "KmsKey": "arn:aws:kms:us-east-1:111111111111:key/fe68c9a7-b85c-4246-a8c4-afe3e0630b8d",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 22,
+                    "minute": 54,
+                    "second": 48,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_527_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_527_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-02914c2dcb865c8eb"
+                ],
+                "SubnetIds": [
+                    "subnet-046c8475c78a4a24e",
+                    "subnet-06995d0f360f127d1"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::527-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-527-mwaa_encrypted_with_kms_cmk",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "4505da20-babf-4ca0-ac56-47c903f40dca-vpce.c66.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "TUE:23:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..6eb22aa3b
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_527_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..13627e9fd
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "fe68c9a7-b85c-4246-a8c4-afe3e0630b8d",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/fe68c9a7-b85c-4246-a8c4-afe3e0630b8d",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 19,
+                "hour": 22,
+                "minute": 35,
+                "second": 10,
+                "microsecond": 936000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..3ea3e56fc
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/k-527",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-527",
+                "TargetKeyId": "fe68c9a7-b85c-4246-a8c4-afe3e0630b8d",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 22,
+                    "minute": 35,
+                    "second": 21,
+                    "microsecond": 199000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 19,
+                    "hour": 22,
+                    "minute": 35,
+                    "second": 21,
+                    "microsecond": 199000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..33079a38a
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/fe68c9a7-b85c-4246-a8c4-afe3e0630b8d",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-527-mwaa_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..28e21aa62
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_527_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 20,
+                "hour": 9,
+                "minute": 33,
+                "second": 43,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/527_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 33,
+                    "second": 43,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_527_red-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_527_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-04fe7b77d8835aba2"
+                ],
+                "SubnetIds": [
+                    "subnet-069dead97d3fc0d14",
+                    "subnet-0257d603d74e179e3"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::527-bucket-red",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-527-mwaa_encrypted_with_kms_cmk",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "35134888-5f20-4120-8ce3-56e19e739177-vpce.c63.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "MON:08:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..d66391197
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_527_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..d46783a09
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('KmsKey', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
new file mode 100644
index 000000000..5e0543b37
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "StreamInfoList": [
+            {
+                "StreamName": "528_kinesis_stream_green",
+                "StreamARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_green/1655227909037",
+                "MediaType": "video/h264",
+                "KmsKeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
+                "Version": "P2BkKtDfhfCfsZfupUhV",
+                "Status": "ACTIVE",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 20,
+                    "minute": 31,
+                    "second": 49,
+                    "microsecond": 37000
+                },
+                "DataRetentionInHours": 1
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..829d70da4
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/d03a7b6f-6c38-415e-b7e6-111111111111",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 6,
+                "day": 14,
+                "hour": 20,
+                "minute": 31,
+                "second": 41,
+                "microsecond": 831000
+            },
+            "Enabled": true,
+            "Description": "528_kms_key_green",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..e985b83b7
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,59 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/kinesisvideo",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
+                "TargetKeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 18,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 18,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                }
+            },
+            {
+                "AliasName": "alias/k-528",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-528",
+                "TargetKeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 20,
+                    "minute": 31,
+                    "second": 48,
+                    "microsecond": 196000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 20,
+                    "minute": 31,
+                    "second": 48,
+                    "microsecond": 196000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ff1194a33
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_green/1655227909037",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
new file mode 100644
index 000000000..ec51a2a67
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "StreamInfoList": [
+            {
+                "StreamName": "528_kinesis_stream_red",
+                "StreamARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_red/1655228577707",
+                "MediaType": "video/h264",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
+                "Version": "qgADXXedNxTafPyyW61t",
+                "Status": "ACTIVE",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 14,
+                    "hour": 20,
+                    "minute": 42,
+                    "second": 57,
+                    "microsecond": 707000
+                },
+                "DataRetentionInHours": 1
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..88c6072a4
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/00f124a3-0b53-496e-a535-f903bf512e61",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 18,
+                "hour": 18,
+                "minute": 45,
+                "second": 58,
+                "microsecond": 19000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my Kinesis Video Streams data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..c880f277b
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/kinesisvideo",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
+                "TargetKeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 18,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 18,
+                    "hour": 18,
+                    "minute": 45,
+                    "second": 58,
+                    "microsecond": 147000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6eb887d91
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_red/1655228577707",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..301b5b1d8
--- /dev/null
+++ b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0] ['c7n:matched-kms-key'][0], 'alias/aws/kinesisvideo')
\ No newline at end of file
diff --git a/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..108edb2c4
--- /dev/null
+++ b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "531_launch_template_green",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:4e4903f0-9f94-4bf7-9f72-066f47aa8261:launchConfigurationName/531_launch_template_green",
+                "ImageId": "ami-06eecef118bbf9259",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 8,
+                    "minute": 26,
+                    "second": 25,
+                    "microsecond": 183000
+                },
+                "EbsOptimized": false,
+                "AssociatePublicIpAddress": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..4e4c1c146
--- /dev/null
+++ b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "531_launch_configuration_red20220517084811486400000001",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:f23bf890-15c3-4f18-8427-364d84dd784c:launchConfigurationName/531_launch_configuration_red20220517084811486400000001",
+                "ImageId": "ami-06eecef118bbf9259",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 8,
+                    "minute": 48,
+                    "second": 11,
+                    "microsecond": 832000
+                },
+                "EbsOptimized": false,
+                "AssociatePublicIpAddress": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red_policy_test.py b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red_policy_test.py
new file mode 100644
index 000000000..924ecf7cb
--- /dev/null
+++ b/tests/ecc-aws-531-autoscaling_launch_config_public_ip_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['AssociatePublicIpAddress'])
\ No newline at end of file
diff --git a/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..2aac21761
--- /dev/null
+++ b/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-green/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "SSE-KMS",
+                "SseAwsKmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/5d7a3d26-9e29-45bb-a4e1-2b01fadccfe6"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": true,
+                "AwsKmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/5d7a3d26-9e29-45bb-a4e1-2b01fadccfe6"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json b/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
new file mode 100644
index 000000000..99bb7995c
--- /dev/null
+++ b/tests/ecc-aws-532-glue_connection_passwords_encrypted/placebo-red/glue.GetDataCatalogEncryptionSettings_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "DataCatalogEncryptionSettings": {
+            "EncryptionAtRest": {
+                "CatalogEncryptionMode": "SSE-KMS",
+                "SseAwsKmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/49de6ea3-3135-44e0-81bf-a68ae3b82047"
+            },
+            "ConnectionPasswordEncryption": {
+                "ReturnConnectionPasswordEncrypted": false
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-532-glue_connection_passwords_encrypted/red_policy_test.py b/tests/ecc-aws-532-glue_connection_passwords_encrypted/red_policy_test.py
new file mode 100644
index 000000000..d7911bdc0
--- /dev/null
+++ b/tests/ecc-aws-532-glue_connection_passwords_encrypted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('AwsKmsKeyId', resources[0]['DataCatalogEncryptionSettings']['ConnectionPasswordEncryption'])
\ No newline at end of file
diff --git a/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..b1dbb98c7
--- /dev/null
+++ b/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 16,
+                    "hour": 11,
+                    "minute": 39,
+                    "second": 39,
+                    "microsecond": 887000
+                },
+                "FileSystemId": "fs-03092e3885262bc5a",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-088f6197332e36e89",
+                    "eni-00b62e34c279c0b3d"
+                ],
+                "DNSName": "fs-03092e3885262bc5a.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-03092e3885262bc5a",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "537-fsx_lustre_file_system-green"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "7:07:30",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "6a7a5bev",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE",
+                    "LogConfiguration": {
+                        "Level": "WARN_ERROR",
+                        "Destination": "arn:aws:logs:us-east-1:111111111111:log-group:/aws/fsx/537_lustre_green:log-stream:datarepo_fs-03092e3885262bc5a"
+                    }
+                },
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..d47511335
--- /dev/null
+++ b/tests/ecc-aws-537-fsx_lustre_logging_enabled/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 6,
+                    "day": 16,
+                    "hour": 11,
+                    "minute": 52,
+                    "second": 25,
+                    "microsecond": 257000
+                },
+                "FileSystemId": "fs-046c6e83f27909e9a",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-068f93a2f3d88ba94",
+                    "eni-019815543a7fb3f7a"
+                ],
+                "DNSName": "fs-046c6e83f27909e9a.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-046c6e83f27909e9a",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "2:09:30",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "ouyq5bev",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE",
+                    "LogConfiguration": {
+                        "Level": "DISABLED"
+                    }
+                },
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-537-fsx_lustre_logging_enabled/red_policy_test.py b/tests/ecc-aws-537-fsx_lustre_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..ca68d1609
--- /dev/null
+++ b/tests/ecc-aws-537-fsx_lustre_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("LogConfiguration", resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
new file mode 100644
index 000000000..d5d66b0ff
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
@@ -0,0 +1,56 @@
+{
+    "status_code": 200,
+    "data": {
+        "DirectoryDescriptions": [
+            {
+                "DirectoryId": "d-90674d99ed",
+                "Name": "DirectoryService.example.com",
+                "ShortName": "DirectoryServic",
+                "Size": "Small",
+                "Alias": "d-90674d99ed",
+                "AccessUrl": "d-90674d99ed.awsapps.com",
+                "DnsIpAddrs": [
+                    "10.0.1.86",
+                    "10.0.2.230"
+                ],
+                "Stage": "Active",
+                "LaunchTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 14,
+                    "minute": 13,
+                    "second": 34,
+                    "microsecond": 516000
+                },
+                "StageLastUpdatedDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 17,
+                    "hour": 14,
+                    "minute": 20,
+                    "second": 48,
+                    "microsecond": 175000
+                },
+                "Type": "SimpleAD",
+                "VpcSettings": {
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetIds": [
+                        "subnet-082579082d7b38182",
+                        "subnet-02682a905307e70cd"
+                    ],
+                    "SecurityGroupId": "sg-03da26794df66ab4d",
+                    "AvailabilityZones": [
+                        "us-east-1c",
+                        "us-east-1d"
+                    ]
+                },
+                "SsoEnabled": false,
+                "DesiredNumberOfDomainControllers": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.ListTagsForResource_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.ListTagsForResource_1.json
new file mode 100644
index 000000000..8a4240d06
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-538-ds_directory_not_open_to_large_scope"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..e9735c249
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,274 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "AWS created security group for d-90674d99ed directory controllers",
+                "GroupName": "d-90674d99ed_controllers",
+                "IpPermissions": [
+                    {
+                        "FromPort": 138,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 138,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 445,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 464,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 464,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 464,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 464,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 389,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 389,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 389,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 389,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 123,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 123,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": -1,
+                        "IpProtocol": "icmp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": -1,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 445,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 1024,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 65535,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 3268,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3269,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 88,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 88,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 135,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 135,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 636,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 636,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 88,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "10.0.2.0/24"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 88,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-538-ds_directory_not_open_to_large_scope"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
new file mode 100644
index 000000000..63aee13b5
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
@@ -0,0 +1,56 @@
+{
+    "status_code": 200,
+    "data": {
+        "DirectoryDescriptions": [
+            {
+                "DirectoryId": "d-90674de21b",
+                "Name": "DirectoryService.example.com",
+                "ShortName": "DirectoryServic",
+                "Size": "Small",
+                "Alias": "d-90674de21b",
+                "AccessUrl": "d-90674de21b.awsapps.com",
+                "DnsIpAddrs": [
+                    "10.0.1.59",
+                    "10.0.2.44"
+                ],
+                "Stage": "Active",
+                "LaunchTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 23,
+                    "minute": 40,
+                    "second": 51,
+                    "microsecond": 747000
+                },
+                "StageLastUpdatedDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 16,
+                    "hour": 23,
+                    "minute": 47,
+                    "second": 18,
+                    "microsecond": 985000
+                },
+                "Type": "SimpleAD",
+                "VpcSettings": {
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetIds": [
+                        "subnet-0aac43521e2229522",
+                        "subnet-07e91dbe8d70af009"
+                    ],
+                    "SecurityGroupId": "sg-03cffb21852ae5cb4",
+                    "AvailabilityZones": [
+                        "us-east-1c",
+                        "us-east-1d"
+                    ]
+                },
+                "SsoEnabled": false,
+                "DesiredNumberOfDomainControllers": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.ListTagsForResource_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.ListTagsForResource_1.json
new file mode 100644
index 000000000..a514f54b7
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-538-ds_directory_not_open_to_large_scope"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..418dea48c
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,274 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "AWS created security group for d-90674de21b directory controllers",
+                "GroupName": "d-90674de21b_controllers",
+                "IpPermissions": [
+                    {
+                        "FromPort": 138,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 138,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 445,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 464,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 464,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 464,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 464,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 389,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 389,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 389,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 389,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": -1,
+                        "IpProtocol": "icmp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": -1,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 445,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 445,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 123,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 123,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 88,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 88,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 3268,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 3269,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 1024,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 65535,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    },
+                    {
+                        "FromPort": 135,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 135,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 636,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 636,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 53,
+                        "IpProtocol": "tcp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 53,
+                        "UserIdGroupPairs": []
+                    },
+                    {
+                        "FromPort": 88,
+                        "IpProtocol": "udp",
+                        "IpRanges": [
+                            {
+                                "CidrIp": "0.0.0.0/0"
+                            }
+                        ],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "ToPort": 88,
+                        "UserIdGroupPairs": []
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [
+                    {
+                        "IpProtocol": "-1",
+                        "IpRanges": [],
+                        "Ipv6Ranges": [],
+                        "PrefixListIds": [],
+                        "UserIdGroupPairs": [
+                            {
+                                "GroupId": "sg-1234567asdfg",
+                                "UserId": "111111111111"
+                            }
+                        ]
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-538-ds_directory_not_open_to_large_scope"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/red_policy_test.py b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/red_policy_test.py
new file mode 100644
index 000000000..1cac9d8a7
--- /dev/null
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        ec2_client = local_session.client("ec2")  
+        security_goups = ec2_client.describe_security_groups(GroupIds=resources[0]["c7n:matched-security-groups"])
+        base_test.assertEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["IpRanges"][0]["CidrIp"], "0.0.0.0/0")
+        base_test.assertListEqual(security_goups["SecurityGroups"][0]["IpPermissions"][0]["UserIdGroupPairs"], [])
\ No newline at end of file
diff --git a/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..a13875746
--- /dev/null
+++ b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 17,
+                    "minute": 18,
+                    "second": 53,
+                    "microsecond": 272000
+                },
+                "FileSystemId": "fs-0a0846a943db1854c",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-09eed473ae5c8ecfe"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0007237184dad9b17",
+                    "eni-0555867c405ea5453"
+                ],
+                "DNSName": "fs-0a0846a943db1854c.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0a0846a943db1854c",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-539-fsx_file_system_retention_period_set_at_least_to_7_days"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "539_fsx_lustre_file_system_green"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "3:03:00",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "wh257bmv",
+                    "DailyAutomaticBackupStartTime": "03:00",
+                    "AutomaticBackupRetentionDays": 7,
+                    "CopyTagsToBackups": true,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..d69d12e0b
--- /dev/null
+++ b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 14,
+                    "hour": 17,
+                    "minute": 4,
+                    "second": 30,
+                    "microsecond": 98000
+                },
+                "FileSystemId": "fs-059ae62b9c7597720",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-055bd52c7e298d6e4"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-051b3fbb9eea737d7",
+                    "eni-07039485172fa895b"
+                ],
+                "DNSName": "fs-059ae62b9c7597720.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-059ae62b9c7597720",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-539-fsx_file_system_retention_period_set_at_least_to_7_days"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "539_fsx_ontap_file_system_red"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "5:03:00",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "mdzn7bmv",
+                    "DailyAutomaticBackupStartTime": "04:30",
+                    "AutomaticBackupRetentionDays": 5,
+                    "CopyTagsToBackups": true,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red_policy_test.py b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red_policy_test.py
new file mode 100644
index 000000000..1a27bf452
--- /dev/null
+++ b/tests/ecc-aws-539-fsx_lustre_retention_period_set_at_least_to_7_days/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['LustreConfiguration']['AutomaticBackupRetentionDays'], 7)
\ No newline at end of file
diff --git a/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..47d2d7fb9
--- /dev/null
+++ b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:directory/d-90674b7222",
+                "Tags": [
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-542-workspaces_maintenance_mode_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
new file mode 100644
index 000000000..8db850a12
--- /dev/null
+++ b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-green/workspaces.DescribeWorkspaceDirectories_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "Directories": [
+            {
+                "DirectoryId": "d-90674b7222",
+                "Alias": "d-90674b7222",
+                "DirectoryName": "workspaces.example.com",
+                "RegistrationCode": "SLiad+8FFLEB",
+                "SubnetIds": [
+                    "subnet-0035427bfbdccb158",
+                    "subnet-03ca90690d1c151dc"
+                ],
+                "DnsIpAddresses": [
+                    "10.0.1.175",
+                    "10.0.2.165"
+                ],
+                "CustomerUserName": "Administrator",
+                "IamRoleId": "arn:aws:iam::111111111111:role/workspaces_DefaultRole",
+                "DirectoryType": "MicrosoftAD",
+                "WorkspaceSecurityGroupId": "sg-06c533c8f4105f4f1",
+                "State": "REGISTERED",
+                "WorkspaceCreationProperties": {
+                    "EnableWorkDocs": false,
+                    "EnableInternetAccess": false,
+                    "UserEnabledAsLocalAdministrator": false,
+                    "EnableMaintenanceMode": true
+                },
+                "WorkspaceAccessProperties": {
+                    "DeviceTypeWindows": "ALLOW",
+                    "DeviceTypeOsx": "ALLOW",
+                    "DeviceTypeWeb": "DENY",
+                    "DeviceTypeIos": "ALLOW",
+                    "DeviceTypeAndroid": "ALLOW",
+                    "DeviceTypeChromeOs": "ALLOW",
+                    "DeviceTypeZeroClient": "ALLOW",
+                    "DeviceTypeLinux": "DENY"
+                },
+                "Tenancy": "SHARED",
+                "SelfservicePermissions": {
+                    "RestartWorkspace": "ENABLED",
+                    "IncreaseVolumeSize": "DISABLED",
+                    "ChangeComputeType": "DISABLED",
+                    "SwitchRunningMode": "DISABLED",
+                    "RebuildWorkspace": "DISABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..fb7d82ca7
--- /dev/null
+++ b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:directory/d-90674b7222",
+                "Tags": [
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-542-workspaces_maintenance_mode_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
new file mode 100644
index 000000000..b47dec8b0
--- /dev/null
+++ b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/placebo-red/workspaces.DescribeWorkspaceDirectories_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "Directories": [
+            {
+                "DirectoryId": "d-90674b7222",
+                "Alias": "d-90674b7222",
+                "DirectoryName": "workspaces.example.com",
+                "RegistrationCode": "SLiad+8FFLEB",
+                "SubnetIds": [
+                    "subnet-0035427bfbdccb158",
+                    "subnet-03ca90690d1c151dc"
+                ],
+                "DnsIpAddresses": [
+                    "10.0.1.175",
+                    "10.0.2.165"
+                ],
+                "CustomerUserName": "Administrator",
+                "IamRoleId": "arn:aws:iam::111111111111:role/workspaces_DefaultRole",
+                "DirectoryType": "MicrosoftAD",
+                "WorkspaceSecurityGroupId": "sg-06c533c8f4105f4f1",
+                "State": "REGISTERED",
+                "WorkspaceCreationProperties": {
+                    "EnableWorkDocs": false,
+                    "EnableInternetAccess": false,
+                    "UserEnabledAsLocalAdministrator": false,
+                    "EnableMaintenanceMode": false
+                },
+                "WorkspaceAccessProperties": {
+                    "DeviceTypeWindows": "ALLOW",
+                    "DeviceTypeOsx": "ALLOW",
+                    "DeviceTypeWeb": "DENY",
+                    "DeviceTypeIos": "ALLOW",
+                    "DeviceTypeAndroid": "ALLOW",
+                    "DeviceTypeChromeOs": "ALLOW",
+                    "DeviceTypeZeroClient": "ALLOW",
+                    "DeviceTypeLinux": "DENY"
+                },
+                "Tenancy": "SHARED",
+                "SelfservicePermissions": {
+                    "RestartWorkspace": "ENABLED",
+                    "IncreaseVolumeSize": "DISABLED",
+                    "ChangeComputeType": "DISABLED",
+                    "SwitchRunningMode": "DISABLED",
+                    "RebuildWorkspace": "DISABLED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/red_policy_test.py b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/red_policy_test.py
new file mode 100644
index 000000000..a4cde924e
--- /dev/null
+++ b/tests/ecc-aws-542-workspaces_maintenance_mode_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['WorkspaceCreationProperties']['EnableMaintenanceMode'])
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..9baed066f
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "547_cloudtrail_green",
+                "S3BucketName": "547-bucket-green",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/547_cloudtrail_green",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": true,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.GetEventSelectors_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.GetEventSelectors_1.json
new file mode 100644
index 000000000..f565748a4
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/cloudtrail.GetEventSelectors_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/547_cloudtrail_green",
+        "EventSelectors": [
+            {
+                "ReadWriteType": "WriteOnly",
+                "IncludeManagementEvents": false,
+                "DataResources": [
+                    {
+                        "Type": "AWS::Lambda::Function",
+                        "Values": [
+                            "arn:aws:lambda"
+                        ]
+                    }
+                ],
+                "ExcludeManagementEventSources": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..72dd94d62
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "547_cloudtrail_red",
+                "S3BucketName": "547-bucket-red",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/547_cloudtrail_red",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": true,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.GetEventSelectors_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.GetEventSelectors_1.json
new file mode 100644
index 000000000..38d363f6e
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/cloudtrail.GetEventSelectors_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/547_cloudtrail_red",
+        "EventSelectors": [
+            {
+                "ReadWriteType": "WriteOnly",
+                "IncludeManagementEvents": true,
+                "DataResources": [],
+                "ExcludeManagementEventSources": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-547-cloudtrail_logs_data_events/red_policy_test.py b/tests/ecc-aws-547-cloudtrail_logs_data_events/red_policy_test.py
new file mode 100644
index 000000000..b849b76d2
--- /dev/null
+++ b/tests/ecc-aws-547-cloudtrail_logs_data_events/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        Name = resources[0]['Name']
+        cloudtrail_client = local_session.client("cloudtrail")
+        DataResources = cloudtrail_client.get_event_selectors(TrailName=Name)['EventSelectors'][0]['DataResources']
+        base_test.assertListEqual(DataResources, [])
+
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..964cad1f7
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "768d611d-3174-4d0e-a05e-0b4071af1ef5",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/768d611d-3174-4d0e-a05e-0b4071af1ef5",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 5,
+                "day": 12,
+                "hour": 11,
+                "minute": 27,
+                "second": 59,
+                "microsecond": 247000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt WorkSpaces",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..a5b7e9983
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/WorkSpacesKey",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/WorkSpacesKey",
+                "TargetKeyId": "768d611d-3174-4d0e-a05e-0b4071af1ef5",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 28,
+                    "second": 4,
+                    "microsecond": 910000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 5,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 28,
+                    "second": 4,
+                    "microsecond": 910000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..fbba28fa0
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-j9cvh4174",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_2.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_2.json
new file mode 100644
index 000000000..b40928505
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/tagging.GetResources_2.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/768d611d-3174-4d0e-a05e-0b4071af1ef5",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-543-workspaces_primary_interface_ports_not_open_to_all_inbound_traffic"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..9893b6ca7
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-green/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-j9cvh4174",
+                "DirectoryId": "d-90674a5da3",
+                "UserName": "Administrator",
+                "State": "PENDING",
+                "BundleId": "wsb-clj85qzj1",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/768d611d-3174-4d0e-a05e-0b4071af1ef5",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..df4a77e70
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 1,
+                "day": 12,
+                "hour": 18,
+                "minute": 39,
+                "second": 54,
+                "microsecond": 976000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my Workspaces when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },    
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..523725fea
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/workspaces",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/workspaces",
+                "TargetKeyId": "8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 18,
+                    "minute": 39,
+                    "second": 55,
+                    "microsecond": 460000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 1,
+                    "day": 12,
+                    "hour": 18,
+                    "minute": 39,
+                    "second": 55,
+                    "microsecond": 460000
+                }
+            }   
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..b62d9d571
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:workspaces:us-east-1:111111111111:workspace/ws-9fx9bntb5",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-439-workspaces_storage_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/workspaces.DescribeWorkspaces_1.json b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/workspaces.DescribeWorkspaces_1.json
new file mode 100644
index 000000000..1a40a669f
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/placebo-red/workspaces.DescribeWorkspaces_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Workspaces": [
+            {
+                "WorkspaceId": "ws-9fx9bntb5",
+                "DirectoryId": "d-90674b7222",
+                "UserName": "Admin",
+                "IpAddress": "10.0.2.147",
+                "State": "REBOOTING",
+                "BundleId": "wsb-clj85qzj1",
+                "SubnetId": "subnet-03ca90690d1c151dc",
+                "ComputerName": "A-23DUBZT8WO8KH",
+                "VolumeEncryptionKey": "arn:aws:kms:us-east-1:111111111111:key/8b5f7500-ae57-49fb-884a-ba4b25bd28ea",
+                "UserVolumeEncryptionEnabled": true,
+                "RootVolumeEncryptionEnabled": true,
+                "WorkspaceProperties": {
+                    "RunningMode": "AUTO_STOP",
+                    "RunningModeAutoStopTimeoutInMinutes": 60,
+                    "RootVolumeSizeGib": 80,
+                    "UserVolumeSizeGib": 50,
+                    "ComputeTypeName": "STANDARD"
+                },
+                "ModificationStates": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red_policy_test.py b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red_policy_test.py
new file mode 100644
index 000000000..c121e69f5
--- /dev/null
+++ b/tests/ecc-aws-548-workspaces_storage_encrypted_with_cmk/red_policy_test.py
@@ -0,0 +1,9 @@
+
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        kms_client = local_session.client("kms")
+        key_id = resources[0]['c7n:matched-kms-key'][0]
+        key_manager = kms_client.describe_key(KeyId=key_id)['KeyMetadata']['KeyManager']
+        base_test.assertEqual(key_manager, 'AWS')
\ No newline at end of file
diff --git a/tests/ecc-aws-550-ami_without_tag_information/placebo-green/ec2.DescribeImages_1.json b/tests/ecc-aws-550-ami_without_tag_information/placebo-green/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..52f61937b
--- /dev/null
+++ b/tests/ecc-aws-550-ami_without_tag_information/placebo-green/ec2.DescribeImages_1.json
@@ -0,0 +1,50 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2022-07-25T08:31:07.000Z",
+                "ImageId": "ami-0e6d1a67e456d808f",
+                "ImageLocation": "111111111111/550_ami_green",
+                "ImageType": "machine",
+                "Public": false,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-0d6ff3bef27662a4f",
+                            "VolumeSize": 10,
+                            "VolumeType": "standard",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "",
+                "EnaSupport": false,
+                "Hypervisor": "xen",
+                "Name": "550_ami_green",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-550-ami_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VirtualizationType": "hvm"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-550-ami_without_tag_information/placebo-red/ec2.DescribeImages_1.json b/tests/ecc-aws-550-ami_without_tag_information/placebo-red/ec2.DescribeImages_1.json
new file mode 100644
index 000000000..02ea2b97a
--- /dev/null
+++ b/tests/ecc-aws-550-ami_without_tag_information/placebo-red/ec2.DescribeImages_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Images": [
+            {
+                "Architecture": "x86_64",
+                "CreationDate": "2022-07-25T09:11:30.000Z",
+                "ImageId": "ami-00cd933ea1ca8074a",
+                "ImageLocation": "111111111111/550_ami_red",
+                "ImageType": "machine",
+                "Public": false,
+                "OwnerId": "111111111111",
+                "PlatformDetails": "Linux/UNIX",
+                "UsageOperation": "RunInstances",
+                "State": "available",
+                "BlockDeviceMappings": [
+                    {
+                        "DeviceName": "/dev/xvda",
+                        "Ebs": {
+                            "DeleteOnTermination": true,
+                            "SnapshotId": "snap-0e47459beda97a5a0",
+                            "VolumeSize": 8,
+                            "VolumeType": "standard",
+                            "Encrypted": false
+                        }
+                    }
+                ],
+                "Description": "",
+                "EnaSupport": false,
+                "Hypervisor": "xen",
+                "Name": "550_ami_red",
+                "RootDeviceName": "/dev/xvda",
+                "RootDeviceType": "ebs",
+                "SriovNetSupport": "simple",
+                "VirtualizationType": "hvm"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-550-ami_without_tag_information/red_policy_test.py b/tests/ecc-aws-550-ami_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..f9717cbe0
--- /dev/null
+++ b/tests/ecc-aws-550-ami_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-551-ebs_without_tag_information/placebo-green/ec2.DescribeVolumes_1.json b/tests/ecc-aws-551-ebs_without_tag_information/placebo-green/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..130cd5620
--- /dev/null
+++ b/tests/ecc-aws-551-ebs_without_tag_information/placebo-green/ec2.DescribeVolumes_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 18,
+                    "hour": 11,
+                    "minute": 3,
+                    "second": 24,
+                    "microsecond": 609000
+                },
+                "Encrypted": false,
+                "Size": 8,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-0e9508506d0f73035",
+                "Iops": 100,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-551-ebs_without_tag_information"
+                    }
+                ],
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-551-ebs_without_tag_information/placebo-red/ec2.DescribeVolumes_1.json b/tests/ecc-aws-551-ebs_without_tag_information/placebo-red/ec2.DescribeVolumes_1.json
new file mode 100644
index 000000000..2b5bc15d6
--- /dev/null
+++ b/tests/ecc-aws-551-ebs_without_tag_information/placebo-red/ec2.DescribeVolumes_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "Volumes": [
+            {
+                "Attachments": [],
+                "AvailabilityZone": "us-east-1a",
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 18,
+                    "hour": 11,
+                    "minute": 6,
+                    "second": 43,
+                    "microsecond": 705000
+                },
+                "Encrypted": false,
+                "Size": 8,
+                "SnapshotId": "",
+                "State": "available",
+                "VolumeId": "vol-0f8b6b81c33ef9d2e",
+                "Iops": 100,
+                "VolumeType": "gp2",
+                "MultiAttachEnabled": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-551-ebs_without_tag_information/red_policy_test.py b/tests/ecc-aws-551-ebs_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..1e861d7de
--- /dev/null
+++ b/tests/ecc-aws-551-ebs_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-green/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-green/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..fb5491d4a
--- /dev/null
+++ b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-green/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "ebs_snapshot_552",
+                "Encrypted": false,
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-07381d0a6f9c40bba",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 17,
+                    "hour": 6,
+                    "minute": 47,
+                    "second": 1,
+                    "microsecond": 367000
+                },
+                "State": "completed",
+                "VolumeId": "vol-073ef1e541c036435",
+                "VolumeSize": 8,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-552-ebs_snapshot_without_tag_information"
+                    }
+                ],
+                "StorageTier": "standard"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-red/ec2.DescribeSnapshots_1.json b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-red/ec2.DescribeSnapshots_1.json
new file mode 100644
index 000000000..368cff604
--- /dev/null
+++ b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/placebo-red/ec2.DescribeSnapshots_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "Snapshots": [
+            {
+                "Description": "ebs_snapshot_552",
+                "Encrypted": false,
+                "OwnerId": "111111111111",
+                "Progress": "100%",
+                "SnapshotId": "snap-00ebcae19d80be037",
+                "StartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 17,
+                    "hour": 6,
+                    "minute": 48,
+                    "second": 39,
+                    "microsecond": 556000
+                },
+                "State": "completed",
+                "VolumeId": "vol-02409415eeedd6f69",
+                "VolumeSize": 8,
+                "StorageTier": "standard"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-ebs_snapshot_without_tag_information/red_policy_test.py b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..480c66f66
--- /dev/null
+++ b/tests/ecc-aws-552-ebs_snapshot_without_tag_information/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+ 
+   def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
+        
\ No newline at end of file
diff --git a/tests/ecc-aws-553-eip_without_tag_information/placebo-green/ec2.DescribeAddresses_1.json b/tests/ecc-aws-553-eip_without_tag_information/placebo-green/ec2.DescribeAddresses_1.json
new file mode 100644
index 000000000..751adeec4
--- /dev/null
+++ b/tests/ecc-aws-553-eip_without_tag_information/placebo-green/ec2.DescribeAddresses_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Addresses": [
+            {
+                "PublicIp": "34.239.68.48",
+                "AllocationId": "eipalloc-0f3f8f7cd91d4b4f4",
+                "Domain": "vpc",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-553-eip_without_tag_information"
+                    }
+                ],
+                "PublicIpv4Pool": "amazon",
+                "NetworkBorderGroup": "us-east-1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-553-eip_without_tag_information/placebo-red/ec2.DescribeAddresses_1.json b/tests/ecc-aws-553-eip_without_tag_information/placebo-red/ec2.DescribeAddresses_1.json
new file mode 100644
index 000000000..71b9d702f
--- /dev/null
+++ b/tests/ecc-aws-553-eip_without_tag_information/placebo-red/ec2.DescribeAddresses_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "Addresses": [
+            {
+                "PublicIp": "18.232.16.65",
+                "AllocationId": "eipalloc-0b5868689b7c14ce6",
+                "Domain": "vpc",
+                "PublicIpv4Pool": "amazon",
+                "NetworkBorderGroup": "us-east-1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-553-eip_without_tag_information/red_policy_test.py b/tests/ecc-aws-553-eip_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..1e861d7de
--- /dev/null
+++ b/tests/ecc-aws-553-eip_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-555-eni_without_tag_information/placebo-green/ec2.DescribeNetworkInterfaces_1.json b/tests/ecc-aws-555-eni_without_tag_information/placebo-green/ec2.DescribeNetworkInterfaces_1.json
new file mode 100644
index 000000000..7037bf8b1
--- /dev/null
+++ b/tests/ecc-aws-555-eni_without_tag_information/placebo-green/ec2.DescribeNetworkInterfaces_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkInterfaces": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "Description": "",
+                "Groups": [
+                    {
+                        "GroupName": "default",
+                        "GroupId": "sg-1234567asdfg"
+                    }
+                ],
+                "InterfaceType": "interface",
+                "Ipv6Addresses": [],
+                "MacAddress": "0e:44:d3:68:8d:cf",
+                "NetworkInterfaceId": "eni-076b49abde34b7b22",
+                "OwnerId": "111111111111",
+                "PrivateIpAddress": "10.0.1.217",
+                "PrivateIpAddresses": [
+                    {
+                        "Primary": true,
+                        "PrivateIpAddress": "10.0.1.217"
+                    }
+                ],
+                "RequesterId": "AIDAXPHGII4AKSWWJRALQ",
+                "RequesterManaged": false,
+                "SourceDestCheck": true,
+                "Status": "available",
+                "SubnetId": "subnet-0bb8f385aef3b8833",
+                "TagSet": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-555-eni_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-555-eni_without_tag_information/placebo-red/ec2.DescribeNetworkInterfaces_1.json b/tests/ecc-aws-555-eni_without_tag_information/placebo-red/ec2.DescribeNetworkInterfaces_1.json
new file mode 100644
index 000000000..167313e66
--- /dev/null
+++ b/tests/ecc-aws-555-eni_without_tag_information/placebo-red/ec2.DescribeNetworkInterfaces_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkInterfaces": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "Description": "",
+                "Groups": [
+                    {
+                        "GroupName": "default",
+                        "GroupId": "sg-1234567asdfg"
+                    }
+                ],
+                "InterfaceType": "interface",
+                "Ipv6Addresses": [],
+                "MacAddress": "0e:d4:56:7d:ff:5f",
+                "NetworkInterfaceId": "eni-03e8f41eed5fa2736",
+                "OwnerId": "111111111111",
+                "PrivateIpAddress": "10.0.1.162",
+                "PrivateIpAddresses": [
+                    {
+                        "Primary": true,
+                        "PrivateIpAddress": "10.0.1.162"
+                    }
+                ],
+                "RequesterId": "AIDAXPHGII4AKSWWJRALQ",
+                "RequesterManaged": false,
+                "SourceDestCheck": true,
+                "Status": "available",
+                "SubnetId": "subnet-0f40944f9e2102ed1",
+                "TagSet": [],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-555-eni_without_tag_information/red_policy_test.py b/tests/ecc-aws-555-eni_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-555-eni_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-green/ec2.DescribeInternetGateways_1.json b/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-green/ec2.DescribeInternetGateways_1.json
new file mode 100644
index 000000000..fca1eab63
--- /dev/null
+++ b/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-green/ec2.DescribeInternetGateways_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "InternetGateways": [
+            {
+                "Attachments": [
+                    {
+                        "State": "available",
+                        "VpcId": "vpc-12345asdfg"
+                    }
+                ],
+                "InternetGatewayId": "igw-06bcc957536b23a9d",
+                "OwnerId": "111111111111",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-556-internet_gateway_without_tag_information"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-red/ec2.DescribeInternetGateways_1.json b/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-red/ec2.DescribeInternetGateways_1.json
new file mode 100644
index 000000000..35e1202a6
--- /dev/null
+++ b/tests/ecc-aws-556-internet_gateway_without_tag_information/placebo-red/ec2.DescribeInternetGateways_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "InternetGateways": [
+            {
+                "Attachments": [
+                    {
+                        "State": "available",
+                        "VpcId": "vpc-12345asdfg"
+                    }
+                ],
+                "InternetGatewayId": "igw-0970b82138ab25acf",
+                "OwnerId": "111111111111",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-556-internet_gateway_without_tag_information/red_policy_test.py b/tests/ecc-aws-556-internet_gateway_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..d95252f57
--- /dev/null
+++ b/tests/ecc-aws-556-internet_gateway_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-green/ec2.DescribeNatGateways_1.json b/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-green/ec2.DescribeNatGateways_1.json
new file mode 100644
index 000000000..490668efe
--- /dev/null
+++ b/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-green/ec2.DescribeNatGateways_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "NatGateways": [
+            {
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 16,
+                    "hour": 16,
+                    "minute": 7,
+                    "second": 35,
+                    "microsecond": 0
+                },
+                "NatGatewayAddresses": [
+                    {
+                        "NetworkInterfaceId": "eni-037284e52c8fad674",
+                        "PrivateIp": "192.168.0.37"
+                    }
+                ],
+                "NatGatewayId": "nat-012e91ddb1e7e8f93",
+                "State": "available",
+                "SubnetId": "subnet-04f09f62451a3c0c7",
+                "VpcId": "vpc-12345asdfg",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-557-nat_gateway_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "ConnectivityType": "private"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-red/ec2.DescribeNatGateways_1.json b/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-red/ec2.DescribeNatGateways_1.json
new file mode 100644
index 000000000..662b03b89
--- /dev/null
+++ b/tests/ecc-aws-557-nat_gateway_without_tag_information/placebo-red/ec2.DescribeNatGateways_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "NatGateways": [
+            {
+                "CreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 16,
+                    "hour": 16,
+                    "minute": 4,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "NatGatewayAddresses": [
+                    {
+                        "NetworkInterfaceId": "eni-000ae78bed38e26c2",
+                        "PrivateIp": "192.168.0.229"
+                    }
+                ],
+                "NatGatewayId": "nat-0ea840d6c0a2cfdbd",
+                "State": "available",
+                "SubnetId": "subnet-05c5d74b105d741fa",
+                "VpcId": "vpc-12345asdfg",
+                "Tags": [],
+                "ConnectivityType": "private"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-557-nat_gateway_without_tag_information/red_policy_test.py b/tests/ecc-aws-557-nat_gateway_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..d95252f57
--- /dev/null
+++ b/tests/ecc-aws-557-nat_gateway_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-558-network_acl_without_tag_information/placebo-green/ec2.DescribeNetworkAcls_1.json b/tests/ecc-aws-558-network_acl_without_tag_information/placebo-green/ec2.DescribeNetworkAcls_1.json
new file mode 100644
index 000000000..d8cdf64fb
--- /dev/null
+++ b/tests/ecc-aws-558-network_acl_without_tag_information/placebo-green/ec2.DescribeNetworkAcls_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkAcls": [
+            {
+                "Associations": [],
+                "Entries": [
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": true,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    },
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": false,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    }
+                ],
+                "IsDefault": false,
+                "NetworkAclId": "acl-0dfd750d3831a8eb6",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-558-network_acl_without_tag_information"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-558-network_acl_without_tag_information/placebo-red/ec2.DescribeNetworkAcls_1.json b/tests/ecc-aws-558-network_acl_without_tag_information/placebo-red/ec2.DescribeNetworkAcls_1.json
new file mode 100644
index 000000000..92a3bea83
--- /dev/null
+++ b/tests/ecc-aws-558-network_acl_without_tag_information/placebo-red/ec2.DescribeNetworkAcls_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "NetworkAcls": [
+            {
+                "Associations": [],
+                "Entries": [
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": true,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    },
+                    {
+                        "CidrBlock": "0.0.0.0/0",
+                        "Egress": false,
+                        "Protocol": "-1",
+                        "RuleAction": "deny",
+                        "RuleNumber": 32767
+                    }
+                ],
+                "IsDefault": false,
+                "NetworkAclId": "acl-0717b036fe5a62281",
+                "Tags": [],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-558-network_acl_without_tag_information/red_policy_test.py b/tests/ecc-aws-558-network_acl_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..59e856897
--- /dev/null
+++ b/tests/ecc-aws-558-network_acl_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertFalse(resources[0]['Tags'])
diff --git a/tests/ecc-aws-559-route_table_without_tag_information/placebo-green/ec2.DescribeRouteTables_1.json b/tests/ecc-aws-559-route_table_without_tag_information/placebo-green/ec2.DescribeRouteTables_1.json
new file mode 100644
index 000000000..ec0184ba7
--- /dev/null
+++ b/tests/ecc-aws-559-route_table_without_tag_information/placebo-green/ec2.DescribeRouteTables_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "RouteTables": [
+            {
+                "Associations": [],
+                "PropagatingVgws": [],
+                "RouteTableId": "rtb-0587cbcc44f0c0591",
+                "Routes": [
+                    {
+                        "DestinationCidrBlock": "10.0.0.0/16",
+                        "GatewayId": "local",
+                        "Origin": "CreateRouteTable",
+                        "State": "active"
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-559-route_table_without_tag_information"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-559-route_table_without_tag_information/placebo-red/ec2.DescribeRouteTables_1.json b/tests/ecc-aws-559-route_table_without_tag_information/placebo-red/ec2.DescribeRouteTables_1.json
new file mode 100644
index 000000000..51a3b22a1
--- /dev/null
+++ b/tests/ecc-aws-559-route_table_without_tag_information/placebo-red/ec2.DescribeRouteTables_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "RouteTables": [
+            {
+                "Associations": [],
+                "PropagatingVgws": [],
+                "RouteTableId": "rtb-0f28fb304278d004a",
+                "Routes": [
+                    {
+                        "DestinationCidrBlock": "10.0.0.0/16",
+                        "GatewayId": "local",
+                        "Origin": "CreateRouteTable",
+                        "State": "active"
+                    }
+                ],
+                "Tags": [],
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-559-route_table_without_tag_information/red_policy_test.py b/tests/ecc-aws-559-route_table_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..e838c8b62
--- /dev/null
+++ b/tests/ecc-aws-559-route_table_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]["Tags"])
\ No newline at end of file
diff --git a/tests/ecc-aws-560-security_group_without_tag_information/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-560-security_group_without_tag_information/placebo-green/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..75936ed1b
--- /dev/null
+++ b/tests/ecc-aws-560-security_group_without_tag_information/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "560_security_group_green",
+                "IpPermissions": [],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-560-security_group_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-560-security_group_without_tag_information/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-560-security_group_without_tag_information/placebo-red/ec2.DescribeSecurityGroups_1.json
new file mode 100644
index 000000000..ab536b357
--- /dev/null
+++ b/tests/ecc-aws-560-security_group_without_tag_information/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityGroups": [
+            {
+                "Description": "Managed by Terraform",
+                "GroupName": "560_security_group_red",
+                "IpPermissions": [],
+                "OwnerId": "111111111111",
+                "GroupId": "sg-1234567asdfg",
+                "IpPermissionsEgress": [],
+                "VpcId": "vpc-12345asdfg"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-560-security_group_without_tag_information/red_policy_test.py b/tests/ecc-aws-560-security_group_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..f9717cbe0
--- /dev/null
+++ b/tests/ecc-aws-560-security_group_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-561-subnet_without_tag_information/placebo-green/ec2.DescribeSubnets_1.json b/tests/ecc-aws-561-subnet_without_tag_information/placebo-green/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..4ba0820c3
--- /dev/null
+++ b/tests/ecc-aws-561-subnet_without_tag_information/placebo-green/ec2.DescribeSubnets_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1f",
+                "AvailabilityZoneId": "use1-az5",
+                "AvailableIpAddressCount": 251,
+                "CidrBlock": "10.0.0.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": false,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-063f798f736f158c5",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-561-subnet_without_tag_information"
+                    }
+                ],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-063f798f736f158c5",
+                "EnableDns64": false,
+                "Ipv6Native": false,
+                "PrivateDnsNameOptionsOnLaunch": {
+                    "HostnameType": "ip-name",
+                    "EnableResourceNameDnsARecord": false,
+                    "EnableResourceNameDnsAAAARecord": false
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-561-subnet_without_tag_information/placebo-red/ec2.DescribeSubnets_1.json b/tests/ecc-aws-561-subnet_without_tag_information/placebo-red/ec2.DescribeSubnets_1.json
new file mode 100644
index 000000000..da07c5f56
--- /dev/null
+++ b/tests/ecc-aws-561-subnet_without_tag_information/placebo-red/ec2.DescribeSubnets_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "Subnets": [
+            {
+                "AvailabilityZone": "us-east-1a",
+                "AvailabilityZoneId": "use1-az6",
+                "AvailableIpAddressCount": 251,
+                "CidrBlock": "10.0.0.0/24",
+                "DefaultForAz": false,
+                "MapPublicIpOnLaunch": false,
+                "MapCustomerOwnedIpOnLaunch": false,
+                "State": "available",
+                "SubnetId": "subnet-07f6276379e5c172a",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "AssignIpv6AddressOnCreation": false,
+                "Ipv6CidrBlockAssociationSet": [],
+                "SubnetArn": "arn:aws:ec2:us-east-1:111111111111:subnet/subnet-07f6276379e5c172a",
+                "EnableDns64": false,
+                "Ipv6Native": false,
+                "PrivateDnsNameOptionsOnLaunch": {
+                    "HostnameType": "ip-name",
+                    "EnableResourceNameDnsARecord": false,
+                    "EnableResourceNameDnsAAAARecord": false
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-561-subnet_without_tag_information/red_policy_test.py b/tests/ecc-aws-561-subnet_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..6237af2f1
--- /dev/null
+++ b/tests/ecc-aws-561-subnet_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("Tags", resources[0])
diff --git a/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..61edc0349
--- /dev/null
+++ b/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0714ea3e596f9f758",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0714ea3e596f9f758",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 15,
+                    "minute": 11,
+                    "second": 38,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-0b0445f152600faed",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-0b0445f152600faed",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-562-transit_gateway_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..aee8ef3bf
--- /dev/null
+++ b/tests/ecc-aws-562-transit_gateway_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0b5f3d38532c9bf39",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0b5f3d38532c9bf39",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 7,
+                    "hour": 15,
+                    "minute": 10,
+                    "second": 17,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-08c9015f32902e090",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-08c9015f32902e090",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-562-transit_gateway_without_tag_information/red_policy_test.py b/tests/ecc-aws-562-transit_gateway_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..e838c8b62
--- /dev/null
+++ b/tests/ecc-aws-562-transit_gateway_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]["Tags"])
\ No newline at end of file
diff --git a/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGatewayAttachments_1.json b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGatewayAttachments_1.json
new file mode 100644
index 000000000..75eb29568
--- /dev/null
+++ b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGatewayAttachments_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGatewayAttachments": [
+            {
+                "TransitGatewayAttachmentId": "tgw-attach-0e0d765fb55a6c848",
+                "TransitGatewayId": "tgw-02b6fb740624e1432",
+                "TransitGatewayOwnerId": "111111111111",
+                "ResourceOwnerId": "111111111111",
+                "ResourceType": "vpc",
+                "ResourceId": "vpc-088c19069e9ed4d27",
+                "State": "available",
+                "Association": {
+                    "TransitGatewayRouteTableId": "tgw-rtb-04c62e5c195a975cd",
+                    "State": "associated"
+                },
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 9,
+                    "hour": 9,
+                    "minute": 5,
+                    "second": 43,
+                    "microsecond": 0
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-563-transit_gateway_attachment_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..ae21626bb
--- /dev/null
+++ b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-green/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-02b6fb740624e1432",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-02b6fb740624e1432",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 9,
+                    "hour": 9,
+                    "minute": 4,
+                    "second": 19,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-04c62e5c195a975cd",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-04c62e5c195a975cd",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-563-transit_gateway_attachment_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGatewayAttachments_1.json b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGatewayAttachments_1.json
new file mode 100644
index 000000000..22787dfb1
--- /dev/null
+++ b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGatewayAttachments_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGatewayAttachments": [
+            {
+                "TransitGatewayAttachmentId": "tgw-attach-09f9652a4579bb00e",
+                "TransitGatewayId": "tgw-087734459a06e43e9",
+                "TransitGatewayOwnerId": "111111111111",
+                "ResourceOwnerId": "111111111111",
+                "ResourceType": "vpc",
+                "ResourceId": "vpc-0fd52cfdc14979f7b",
+                "State": "available",
+                "Association": {
+                    "TransitGatewayRouteTableId": "tgw-rtb-067f38ae9bcf7d68c",
+                    "State": "associated"
+                },
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 8,
+                    "hour": 14,
+                    "minute": 7,
+                    "second": 23,
+                    "microsecond": 0
+                },
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..8706c1236
--- /dev/null
+++ b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/placebo-red/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-087734459a06e43e9",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-087734459a06e43e9",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 8,
+                    "hour": 14,
+                    "minute": 5,
+                    "second": 59,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-067f38ae9bcf7d68c",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-067f38ae9bcf7d68c",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/red_policy_test.py b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..e838c8b62
--- /dev/null
+++ b/tests/ecc-aws-563-transit_gateway_attachment_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]["Tags"])
\ No newline at end of file
diff --git a/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-green/ec2.DescribeVpcPeeringConnections_1.json b/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-green/ec2.DescribeVpcPeeringConnections_1.json
new file mode 100644
index 000000000..88e7bb081
--- /dev/null
+++ b/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-green/ec2.DescribeVpcPeeringConnections_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcPeeringConnections": [
+            {
+                "AccepterVpcInfo": {
+                    "CidrBlock": "10.1.0.0/16",
+                    "CidrBlockSet": [
+                        {
+                            "CidrBlock": "10.1.0.0/16"
+                        }
+                    ],
+                    "OwnerId": "111111111111",
+                    "PeeringOptions": {
+                        "AllowDnsResolutionFromRemoteVpc": false,
+                        "AllowEgressFromLocalClassicLinkToRemoteVpc": false,
+                        "AllowEgressFromLocalVpcToRemoteClassicLink": false
+                    },
+                    "VpcId": "vpc-12345asdfg",
+                    "Region": "us-east-1"
+                },
+                "RequesterVpcInfo": {
+                    "CidrBlock": "10.2.0.0/16",
+                    "CidrBlockSet": [
+                        {
+                            "CidrBlock": "10.2.0.0/16"
+                        }
+                    ],
+                    "OwnerId": "111111111111",
+                    "PeeringOptions": {
+                        "AllowDnsResolutionFromRemoteVpc": false,
+                        "AllowEgressFromLocalClassicLinkToRemoteVpc": false,
+                        "AllowEgressFromLocalVpcToRemoteClassicLink": false
+                    },
+                    "VpcId": "vpc-12345asdfg",
+                    "Region": "us-east-1"
+                },
+                "Status": {
+                    "Code": "active",
+                    "Message": "Active"
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-564-peering_connection_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VpcPeeringConnectionId": "pcx-02a02de21ce0532ce"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-red/ec2.DescribeVpcPeeringConnections_1.json b/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-red/ec2.DescribeVpcPeeringConnections_1.json
new file mode 100644
index 000000000..b8ed5a8a9
--- /dev/null
+++ b/tests/ecc-aws-564-peering_connection_without_tag_information/placebo-red/ec2.DescribeVpcPeeringConnections_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcPeeringConnections": [
+            {
+                "AccepterVpcInfo": {
+                    "CidrBlock": "10.1.0.0/16",
+                    "CidrBlockSet": [
+                        {
+                            "CidrBlock": "10.1.0.0/16"
+                        }
+                    ],
+                    "OwnerId": "111111111111",
+                    "PeeringOptions": {
+                        "AllowDnsResolutionFromRemoteVpc": false,
+                        "AllowEgressFromLocalClassicLinkToRemoteVpc": false,
+                        "AllowEgressFromLocalVpcToRemoteClassicLink": false
+                    },
+                    "VpcId": "vpc-12345asdfg",
+                    "Region": "us-east-1"
+                },
+                "RequesterVpcInfo": {
+                    "CidrBlock": "10.2.0.0/16",
+                    "CidrBlockSet": [
+                        {
+                            "CidrBlock": "10.2.0.0/16"
+                        }
+                    ],
+                    "OwnerId": "111111111111",
+                    "PeeringOptions": {
+                        "AllowDnsResolutionFromRemoteVpc": false,
+                        "AllowEgressFromLocalClassicLinkToRemoteVpc": false,
+                        "AllowEgressFromLocalVpcToRemoteClassicLink": false
+                    },
+                    "VpcId": "vpc-12345asdfg",
+                    "Region": "us-east-1"
+                },
+                "Status": {
+                    "Code": "active",
+                    "Message": "Active"
+                },
+                "Tags": [],
+                "VpcPeeringConnectionId": "pcx-04d3c0a9b01d6a5ec"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-564-peering_connection_without_tag_information/red_policy_test.py b/tests/ecc-aws-564-peering_connection_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-564-peering_connection_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-565-vpc_without_tag_information/placebo-green/ec2.DescribeVpcs_1.json b/tests/ecc-aws-565-vpc_without_tag_information/placebo-green/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..d261731e7
--- /dev/null
+++ b/tests/ecc-aws-565-vpc_without_tag_information/placebo-green/ec2.DescribeVpcs_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "10.0.0.0/16",
+                "DhcpOptionsId": "dopt-bc2559c6",
+                "State": "available",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-0fbe0c4fa3116fecb",
+                        "CidrBlock": "10.0.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": false,
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-565-vpc_without_tag_information"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-565-vpc_without_tag_information/placebo-red/ec2.DescribeVpcs_1.json b/tests/ecc-aws-565-vpc_without_tag_information/placebo-red/ec2.DescribeVpcs_1.json
new file mode 100644
index 000000000..1fee62c06
--- /dev/null
+++ b/tests/ecc-aws-565-vpc_without_tag_information/placebo-red/ec2.DescribeVpcs_1.json
@@ -0,0 +1,26 @@
+{
+    "status_code": 200,
+    "data": {
+        "Vpcs": [
+            {
+                "CidrBlock": "10.0.0.0/16",
+                "DhcpOptionsId": "dopt-bc2559c6",
+                "State": "available",
+                "VpcId": "vpc-12345asdfg",
+                "OwnerId": "111111111111",
+                "InstanceTenancy": "default",
+                "CidrBlockAssociationSet": [
+                    {
+                        "AssociationId": "vpc-cidr-assoc-0c7e23cbafd1c52e6",
+                        "CidrBlock": "10.0.0.0/16",
+                        "CidrBlockState": {
+                            "State": "associated"
+                        }
+                    }
+                ],
+                "IsDefault": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-565-vpc_without_tag_information/red_policy_test.py b/tests/ecc-aws-565-vpc_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..1e861d7de
--- /dev/null
+++ b/tests/ecc-aws-565-vpc_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-green/ec2.DescribeVpcEndpoints_1.json b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-green/ec2.DescribeVpcEndpoints_1.json
new file mode 100644
index 000000000..06a624f6f
--- /dev/null
+++ b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-green/ec2.DescribeVpcEndpoints_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcEndpoints": [
+            {
+                "VpcEndpointId": "vpce-0a5a6ce2ddc6ef9dd",
+                "VpcEndpointType": "Gateway",
+                "VpcId": "vpc-12345asdfg",
+                "ServiceName": "com.amazonaws.us-east-1.s3",
+                "State": "available",
+                "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
+                "RouteTableIds": [],
+                "SubnetIds": [],
+                "Groups": [],
+                "PrivateDnsEnabled": false,
+                "RequesterManaged": false,
+                "NetworkInterfaceIds": [],
+                "DnsEntries": [],
+                "CreationTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 12,
+                    "minute": 1,
+                    "second": 50,
+                    "microsecond": 0
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-566-vpc_endpoint_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-red/ec2.DescribeVpcEndpoints_1.json b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-red/ec2.DescribeVpcEndpoints_1.json
new file mode 100644
index 000000000..1b4ac5e98
--- /dev/null
+++ b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/placebo-red/ec2.DescribeVpcEndpoints_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpcEndpoints": [
+            {
+                "VpcEndpointId": "vpce-09e7268767bdd0afa",
+                "VpcEndpointType": "Gateway",
+                "VpcId": "vpc-12345asdfg",
+                "ServiceName": "com.amazonaws.us-east-1.s3",
+                "State": "available",
+                "PolicyDocument": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"*\",\"Resource\":\"*\"}]}",
+                "RouteTableIds": [],
+                "SubnetIds": [],
+                "Groups": [],
+                "PrivateDnsEnabled": false,
+                "RequesterManaged": false,
+                "NetworkInterfaceIds": [],
+                "DnsEntries": [],
+                "CreationTimestamp": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "Tags": [],
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-566-vpc_endpoint_without_tag_information/red_policy_test.py b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..7b77c0b76
--- /dev/null
+++ b/tests/ecc-aws-566-vpc_endpoint_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..366809b6c
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3de8d05a-3e4d-4721-a496-77dc8059c906",
+            "DomainName": "examplegreen.com",
+            "SubjectAlternativeNames": [
+                "examplegreen.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplegreen.com",
+                    "ValidationDomain": "examplegreen.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_d8ba774c444ecbf83c45dd0c1ad8352b.examplegreen.com.",
+                        "Type": "CNAME",
+                        "Value": "_33107ea6f9af7f4c0f1c11ba96e82878.xgxxrgwpcb.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=examplegreen.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 16,
+                "hour": 9,
+                "minute": 22,
+                "second": 5,
+                "microsecond": 787000
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..da22d4ade
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/3de8d05a-3e4d-4721-a496-77dc8059c906",
+                "DomainName": "examplegreen.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ef2b144b0
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/3de8d05a-3e4d-4721-a496-77dc8059c906",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-567-acm_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..4cb6e52e9
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/444e8d32-ce1e-4c64-b24c-719fb9ceb2ad",
+            "DomainName": "examplered.com",
+            "SubjectAlternativeNames": [
+                "examplered.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplered.com",
+                    "ValidationDomain": "examplered.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_acec75d5bedf50a88b44bbd4c9042425.examplered.com.",
+                        "Type": "CNAME",
+                        "Value": "_bc713a33248b5aa71ed51eddce94179d.xgxxrgwpcb.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=examplered.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 16,
+                "hour": 9,
+                "minute": 21,
+                "second": 36,
+                "microsecond": 829000
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..61da5392b
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/444e8d32-ce1e-4c64-b24c-719fb9ceb2ad",
+                "DomainName": "examplered.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..ef2b144b0
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/3de8d05a-3e4d-4721-a496-77dc8059c906",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-567-acm_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-567-acm_without_tag_information/red_policy_test.py b/tests/ecc-aws-567-acm_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-567-acm_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.DescribeFlow_1.json b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.DescribeFlow_1.json
new file mode 100644
index 000000000..05a6a5a9a
--- /dev/null
+++ b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.DescribeFlow_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "flowArn": "arn:aws:appflow:us-east-1:111111111111:flow/568-appflow-green",
+        "flowName": "568-appflow-green",
+        "kmsArn": "arn:aws:kms:us-east-1:111111111111:key/fb3fc7b3-b7de-4f1b-9919-0bb551444ad7",
+        "flowStatus": "Active",
+        "sourceFlowConfig": {
+            "connectorType": "S3",
+            "sourceConnectorProperties": {
+                "S3": {
+                    "bucketName": "568-bucket-green",
+                    "bucketPrefix": "source"
+                }
+            }
+        },
+        "destinationFlowConfigList": [
+            {
+                "connectorType": "S3",
+                "destinationConnectorProperties": {
+                    "S3": {
+                        "bucketName": "568-bucket-green",
+                        "bucketPrefix": "destination",
+                        "s3OutputFormatConfig": {
+                            "fileType": "JSON",
+                            "prefixConfig": {}
+                        }
+                    }
+                }
+            }
+        ],
+        "triggerConfig": {
+            "triggerType": "OnDemand",
+            "triggerProperties": {}
+        },
+        "tasks": [
+            {
+                "sourceFields": [
+                    "title1"
+                ],
+                "connectorOperator": {
+                    "S3": "NO_OP"
+                },
+                "destinationField": "title1",
+                "taskType": "Map",
+                "taskProperties": {}
+            }
+        ],
+        "createdAt": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 12,
+            "day": 20,
+            "hour": 12,
+            "minute": 59,
+            "second": 6,
+            "microsecond": 800000
+        },
+        "lastUpdatedAt": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 12,
+            "day": 20,
+            "hour": 12,
+            "minute": 59,
+            "second": 6,
+            "microsecond": 800000
+        },
+        "createdBy": "arn:aws:iam::111111111111:user/test",
+        "lastUpdatedBy": "arn:aws:iam::111111111111:user/test",
+        "tags": {
+            "CustodianRule": "ecc-aws-568-app_flow_without_tag_information",
+            "ComplianceStatus": "Green"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.ListFlows_1.json b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.ListFlows_1.json
new file mode 100644
index 000000000..08c33d768
--- /dev/null
+++ b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-green/appflow.ListFlows_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "flows": [
+            {
+                "flowArn": "arn:aws:appflow:us-east-1:111111111111:flow/568-appflow-green",
+                "flowName": "568-appflow-green",
+                "flowStatus": "Active",
+                "sourceConnectorType": "S3",
+                "destinationConnectorType": "S3",
+                "triggerType": "OnDemand",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 59,
+                    "second": 6,
+                    "microsecond": 800000
+                },
+                "lastUpdatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 59,
+                    "second": 6,
+                    "microsecond": 800000
+                },
+                "createdBy": "arn:aws:iam::111111111111:user/test",
+                "lastUpdatedBy": "arn:aws:iam::111111111111:user/test",
+                "tags": {
+                    "CustodianRule": "ecc-aws-568-app_flow_without_tag_information",
+                    "ComplianceStatus": "Green"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.DescribeFlow_1.json b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.DescribeFlow_1.json
new file mode 100644
index 000000000..0f7891ed1
--- /dev/null
+++ b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.DescribeFlow_1.json
@@ -0,0 +1,74 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "flowArn": "arn:aws:appflow:us-east-1:111111111111:flow/568-appflow-red",
+        "flowName": "568-appflow-red",
+        "kmsArn": "arn:aws:kms:us-east-1:111111111111:key/fb3fc7b3-b7de-4f1b-9919-0bb551444ad7",
+        "flowStatus": "Active",
+        "sourceFlowConfig": {
+            "connectorType": "S3",
+            "sourceConnectorProperties": {
+                "S3": {
+                    "bucketName": "568-bucket-red",
+                    "bucketPrefix": "source"
+                }
+            }
+        },
+        "destinationFlowConfigList": [
+            {
+                "connectorType": "S3",
+                "destinationConnectorProperties": {
+                    "S3": {
+                        "bucketName": "568-bucket-red",
+                        "bucketPrefix": "destination",
+                        "s3OutputFormatConfig": {
+                            "fileType": "JSON",
+                            "prefixConfig": {}
+                        }
+                    }
+                }
+            }
+        ],
+        "triggerConfig": {
+            "triggerType": "OnDemand",
+            "triggerProperties": {}
+        },
+        "tasks": [
+            {
+                "sourceFields": [
+                    "title1"
+                ],
+                "connectorOperator": {
+                    "S3": "NO_OP"
+                },
+                "destinationField": "title1",
+                "taskType": "Map",
+                "taskProperties": {}
+            }
+        ],
+        "createdAt": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 12,
+            "day": 20,
+            "hour": 12,
+            "minute": 59,
+            "second": 34,
+            "microsecond": 647000
+        },
+        "lastUpdatedAt": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 12,
+            "day": 20,
+            "hour": 12,
+            "minute": 59,
+            "second": 34,
+            "microsecond": 647000
+        },
+        "createdBy": "arn:aws:iam::111111111111:user/test",
+        "lastUpdatedBy": "arn:aws:iam::111111111111:user/test",
+        "tags": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.ListFlows_1.json b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.ListFlows_1.json
new file mode 100644
index 000000000..cefd20c15
--- /dev/null
+++ b/tests/ecc-aws-568-app_flow_without_tag_information/placebo-red/appflow.ListFlows_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "flows": [
+            {
+                "flowArn": "arn:aws:appflow:us-east-1:111111111111:flow/568-appflow-red",
+                "flowName": "568-appflow-red",
+                "flowStatus": "Active",
+                "sourceConnectorType": "S3",
+                "destinationConnectorType": "S3",
+                "triggerType": "OnDemand",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 59,
+                    "second": 34,
+                    "microsecond": 647000
+                },
+                "lastUpdatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 20,
+                    "hour": 12,
+                    "minute": 59,
+                    "second": 34,
+                    "microsecond": 647000
+                },
+                "createdBy": "arn:aws:iam::111111111111:user/test",
+                "lastUpdatedBy": "arn:aws:iam::111111111111:user/test",
+                "tags": {}
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-568-app_flow_without_tag_information/red_policy_test.py b/tests/ecc-aws-568-app_flow_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-568-app_flow_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..490ab2e10
--- /dev/null
+++ b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "569-autoscaling_group-green",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:6a6af3a2-1275-4bdd-b0c1-ff6b9996dfc6:autoScalingGroupName/569-autoscaling_group-green",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0cc29f4735c51fc92",
+                    "LaunchTemplateName": "569_launch_template_green20221212111238865500000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-066380c7f9ea06209",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0cc29f4735c51fc92",
+                            "LaunchTemplateName": "569_launch_template_green20221212111238865500000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 12,
+                    "second": 41,
+                    "microsecond": 315000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "569-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "569-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-569-auto_scaling_group_without_tag_information",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..b11a12500
--- /dev/null
+++ b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "569-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:dec1e4f5-3d7f-44b7-b3e8-823ae1ef4016:autoScalingGroupName/569-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-08970a71061230723",
+                    "LaunchTemplateName": "569_launch_template_red20221212111453604600000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-0d6288bd4f5ee8943",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-08970a71061230723",
+                            "LaunchTemplateName": "569_launch_template_red20221212111453604600000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 12,
+                    "hour": 11,
+                    "minute": 14,
+                    "second": 56,
+                    "microsecond": 100000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-569-auto_scaling_group_without_tag_information/red_policy_test.py b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-569-auto_scaling_group_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-green/cloudformation.DescribeStacks_1.json b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-green/cloudformation.DescribeStacks_1.json
new file mode 100644
index 000000000..f10f2b0de
--- /dev/null
+++ b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-green/cloudformation.DescribeStacks_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Stacks": [
+            {
+                "StackId": "arn:aws:cloudformation:us-east-1:111111111111:stack/stack-574-green/cc499fd0-7c6d-11ed-89c5-12f94afc5527",
+                "StackName": "stack-574-green",
+                "Parameters": [
+                    {
+                        "ParameterKey": "VPCCidr",
+                        "ParameterValue": "10.0.0.0/16"
+                    }
+                ],
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 15,
+                    "hour": 11,
+                    "minute": 44,
+                    "second": 13,
+                    "microsecond": 995000
+                },
+                "RollbackConfiguration": {},
+                "StackStatus": "CREATE_COMPLETE",
+                "DisableRollback": false,
+                "NotificationARNs": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-574-cloudformation_stacks_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "DriftInformation": {
+                    "StackDriftStatus": "NOT_CHECKED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-red/cloudformation.DescribeStacks_1.json b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-red/cloudformation.DescribeStacks_1.json
new file mode 100644
index 000000000..10731b06c
--- /dev/null
+++ b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/placebo-red/cloudformation.DescribeStacks_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "Stacks": [
+            {
+                "StackId": "arn:aws:cloudformation:us-east-1:111111111111:stack/stack-574-red/84c55dc0-7c6d-11ed-b49d-0efc57186963",
+                "StackName": "stack-574-red",
+                "Parameters": [
+                    {
+                        "ParameterKey": "VPCCidr",
+                        "ParameterValue": "10.0.0.0/16"
+                    }
+                ],
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 15,
+                    "hour": 11,
+                    "minute": 42,
+                    "second": 14,
+                    "microsecond": 75000
+                },
+                "RollbackConfiguration": {},
+                "StackStatus": "CREATE_COMPLETE",
+                "DisableRollback": false,
+                "NotificationARNs": [],
+                "Tags": [],
+                "DriftInformation": {
+                    "StackDriftStatus": "NOT_CHECKED"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/red_policy_test.py b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-574-cloudformation_stacks_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..b09550aa1
--- /dev/null
+++ b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,142 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 4,
+            "Items": [
+                {
+                    "Id": "E3D35020ZN0WCT",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E3D35020ZN0WCT",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 28,
+                        "second": 3,
+                        "microsecond": 843000
+                    },
+                    "DomainName": "do8i7b73cir7k.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myGreenS3",
+                                "DomainName": "bucket-575-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myGreenS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "DE",
+                                "US",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9caeb4cde
--- /dev/null
+++ b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E3D35020ZN0WCT",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-575-cloudfront_distributions_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..f226a74b4
--- /dev/null
+++ b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,142 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 4,
+            "Items": [
+                {
+                    "Id": "E229YUGLTUPKYZ",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E229YUGLTUPKYZ",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 10,
+                        "hour": 12,
+                        "minute": 45,
+                        "second": 7,
+                        "microsecond": 926000
+                    },
+                    "DomainName": "d2573h82o7vutc.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "bucket-575-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "DE",
+                                "US",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d4044536b
--- /dev/null
+++ b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E229YUGLTUPKYZ",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/red_policy_test.py b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-575-cloudfront_distributions_without_tag_information/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..421bc30ca
--- /dev/null
+++ b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "cloudtrail-578-green",
+                "S3BucketName": "bucket-578-green",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/cloudtrail-578-green",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..4e0708bb1
--- /dev/null
+++ b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/cloudtrail-578-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-578-cloudtrail_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..93ac4373f
--- /dev/null
+++ b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "cloudtrail-578-red",
+                "S3BucketName": "bucket-578-red",
+                "IncludeGlobalServiceEvents": true,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/cloudtrail-578-red",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-578-cloudtrail_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-578-cloudtrail_without_tag_information/red_policy_test.py b/tests/ecc-aws-578-cloudtrail_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-578-cloudtrail_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..982393fbd
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "580_codebuilt_green",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/580_codebuilt_green",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "580-bucket-green"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/580_role_green",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-580-codebuild_without_tag_information"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 0,
+                    "microsecond": 755000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 0,
+                    "microsecond": 755000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..cd1014849
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "580_codebuilt_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..6e38be433
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/580_codebuilt_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-580-codebuild_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..b45f8653f
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "580_codebuilt_red",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/580_codebuilt_red",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "580-bucket-red"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/580_role_red",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 36,
+                    "second": 42,
+                    "microsecond": 385000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 17,
+                    "hour": 11,
+                    "minute": 39,
+                    "second": 29,
+                    "microsecond": 92000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE",
+                "publicProjectAlias": "eyJlbmNyeXB0ZWREYXRhIjoiWlhINlpnZlpEeHdFdVMxL2FtN1F1MUFOenhiSmJVSko5d1VaTDRTckdCMk5pOWFlL2lYUDFlREh0M2czU1Y3M2ZXQXBKWWQrZ3M2ZE1zRFErSU9LbUh1TDRvZmFSc0NqUnI4Q29kQVVpbmI3NFE9PSIsIml2UGFyYW1ldGVyU3BlYyI6Ik1LdEQrcmxRNHBSbTJjSysiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..5a5a90d65
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "580_codebuilt_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..7e0e2df24
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/580_codebuilt_red",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-580-codebuild_without_tag_information/red_policy_test.py b/tests/ecc-aws-580-codebuild_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-580-codebuild_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.DescribeClusters_1.json b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..999077177
--- /dev/null
+++ b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.DescribeClusters_1.json
@@ -0,0 +1,61 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-582-green",
+                "ClusterArn": "arn:aws:dax:us-east-1:111111111111:cache/cluster-582-green",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.r4.large",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-582-green.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 8111,
+                    "URL": "dax://cluster-582-green.ps5uie.dax-clusters.us-east-1.amazonaws.com"
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-582-green-a",
+                        "Endpoint": {
+                            "Address": "cluster-582-green-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 8111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 15,
+                            "hour": 12,
+                            "minute": 33,
+                            "second": 19,
+                            "microsecond": 154000
+                        },
+                        "AvailabilityZone": "us-east-1a",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "sat:10:00-sat:11:00",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::111111111111:role/role_for_dax_582_green",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "DISABLED"
+                },
+                "ClusterEndpointEncryptionType": "NONE"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.ListTags_1.json b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.ListTags_1.json
new file mode 100644
index 000000000..8c117b587
--- /dev/null
+++ b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-green/dax.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-582-dax_clusters_without_tag_information"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.DescribeClusters_1.json b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..d85c7b462
--- /dev/null
+++ b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.DescribeClusters_1.json
@@ -0,0 +1,61 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-582-red",
+                "ClusterArn": "arn:aws:dax:us-east-1:111111111111:cache/cluster-582-red",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.r4.large",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-582-red.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 8111,
+                    "URL": "dax://cluster-582-red.ps5uie.dax-clusters.us-east-1.amazonaws.com"
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-582-red-a",
+                        "Endpoint": {
+                            "Address": "cluster-582-red-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 8111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 15,
+                            "hour": 12,
+                            "minute": 37,
+                            "second": 39,
+                            "microsecond": 481000
+                        },
+                        "AvailabilityZone": "us-east-1e",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "mon:09:30-mon:10:30",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::111111111111:role/role_for_dax_582_red",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "DISABLED"
+                },
+                "ClusterEndpointEncryptionType": "NONE"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.ListTags_1.json b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.ListTags_1.json
new file mode 100644
index 000000000..e41b16b3e
--- /dev/null
+++ b/tests/ecc-aws-582-dax_clusters_without_tag_information/placebo-red/dax.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-582-dax_clusters_without_tag_information/red_policy_test.py b/tests/ecc-aws-582-dax_clusters_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..ab200c7a6
--- /dev/null
+++ b/tests/ecc-aws-582-dax_clusters_without_tag_information/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        resource_name = resources[0]['ClusterName']
+        dax_client = local_session.client("dax").list_tags(ResourceName=resource_name)
+        base_test.assertFalse(dax_client['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicies_1.json b/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicies_1.json
new file mode 100644
index 000000000..408eec0e3
--- /dev/null
+++ b/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicies_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Policies": [
+            {
+                "PolicyId": "policy-075cecb4e18b76a52",
+                "Description": "dlm lifecycly policy 583 green",
+                "State": "ENABLED",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-583-dlm_without_tag_information",
+                    "ComplianceStatus": "Green"
+                },
+                "PolicyType": "EBS_SNAPSHOT_MANAGEMENT"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicy_1.json b/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicy_1.json
new file mode 100644
index 000000000..49297701c
--- /dev/null
+++ b/tests/ecc-aws-583-dlm_without_tag_information/placebo-green/dlm.GetLifecyclePolicy_1.json
@@ -0,0 +1,75 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Policy": {
+            "PolicyId": "policy-075cecb4e18b76a52",
+            "Description": "dlm lifecycly policy 583 green",
+            "State": "ENABLED",
+            "StatusMessage": "ENABLED",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/iam-role-583-green",
+            "DateCreated": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 22,
+                "hour": 8,
+                "minute": 42,
+                "second": 57,
+                "microsecond": 345000
+            },
+            "DateModified": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 22,
+                "hour": 8,
+                "minute": 42,
+                "second": 57,
+                "microsecond": 462000
+            },
+            "PolicyDetails": {
+                "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
+                "ResourceTypes": [
+                    "VOLUME"
+                ],
+                "ResourceLocations": [
+                    "CLOUD"
+                ],
+                "TargetTags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-583-dlm_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "Schedules": [
+                    {
+                        "Name": "2 weeks of daily snapshots",
+                        "CopyTags": false,
+                        "CreateRule": {
+                            "Location": "CLOUD",
+                            "Interval": 24,
+                            "IntervalUnit": "HOURS",
+                            "Times": [
+                                "23:45"
+                            ]
+                        },
+                        "RetainRule": {
+                            "Count": 14,
+                            "Interval": 0
+                        }
+                    }
+                ]
+            },
+            "Tags": {
+                "CustodianRule": "ecc-aws-583-dlm_without_tag_information",
+                "ComplianceStatus": "Green"
+            },
+            "PolicyArn": "arn:aws:dlm:us-east-1:111111111111:policy/policy-075cecb4e18b76a52"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicies_1.json b/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicies_1.json
new file mode 100644
index 000000000..45a6b7dea
--- /dev/null
+++ b/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicies_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Policies": [
+            {
+                "PolicyId": "policy-02029d638a4c74e22",
+                "Description": "dlm lifecycle policy 583 red",
+                "State": "ENABLED",
+                "Tags": {},
+                "PolicyType": "EBS_SNAPSHOT_MANAGEMENT"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicy_1.json b/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicy_1.json
new file mode 100644
index 000000000..39892e9e5
--- /dev/null
+++ b/tests/ecc-aws-583-dlm_without_tag_information/placebo-red/dlm.GetLifecyclePolicy_1.json
@@ -0,0 +1,72 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Policy": {
+            "PolicyId": "policy-02029d638a4c74e22",
+            "Description": "dlm lifecycle policy 583 red",
+            "State": "ENABLED",
+            "StatusMessage": "ENABLED",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/iam-role-583-red",
+            "DateCreated": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 22,
+                "hour": 11,
+                "minute": 0,
+                "second": 13,
+                "microsecond": 102000
+            },
+            "DateModified": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 22,
+                "hour": 11,
+                "minute": 0,
+                "second": 13,
+                "microsecond": 234000
+            },
+            "PolicyDetails": {
+                "PolicyType": "EBS_SNAPSHOT_MANAGEMENT",
+                "ResourceTypes": [
+                    "VOLUME"
+                ],
+                "ResourceLocations": [
+                    "CLOUD"
+                ],
+                "TargetTags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-583-dlm_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "Schedules": [
+                    {
+                        "Name": "2 weeks of daily snapshots",
+                        "CopyTags": false,
+                        "CreateRule": {
+                            "Location": "CLOUD",
+                            "Interval": 24,
+                            "IntervalUnit": "HOURS",
+                            "Times": [
+                                "23:45"
+                            ]
+                        },
+                        "RetainRule": {
+                            "Count": 14,
+                            "Interval": 0
+                        }
+                    }
+                ]
+            },
+            "Tags": {},
+            "PolicyArn": "arn:aws:dlm:us-east-1:111111111111:policy/policy-02029d638a4c74e22"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-583-dlm_without_tag_information/red_policy_test.py b/tests/ecc-aws-583-dlm_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-583-dlm_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..42d5316f3
--- /dev/null
+++ b/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-584-green",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 29,
+                    "hour": 12,
+                    "minute": 42,
+                    "second": 44,
+                    "microsecond": 450000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:11:26-fri:11:56",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.6",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:C64FCO7AVKPMAJ2QB5E2RFE54D5YEXCSFNEM42Q",
+                "ReplicationInstancePrivateIpAddress": "172.31.34.255",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.34.255"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.ListTagsForResource_1.json b/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..0e36db5c4
--- /dev/null
+++ b/tests/ecc-aws-584-dms_without_tag_information/placebo-green/dms.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-584-dms_without_tag_information"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.DescribeReplicationInstances_1.json b/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.DescribeReplicationInstances_1.json
new file mode 100644
index 000000000..92b19dee1
--- /dev/null
+++ b/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.DescribeReplicationInstances_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "ReplicationInstances": [
+            {
+                "ReplicationInstanceIdentifier": "dms-replication-instance-584-red",
+                "ReplicationInstanceClass": "dms.t2.micro",
+                "ReplicationInstanceStatus": "available",
+                "AllocatedStorage": 5,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 29,
+                    "hour": 12,
+                    "minute": 55,
+                    "second": 44,
+                    "microsecond": 335000
+                },
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "ReplicationSubnetGroup": {
+                    "ReplicationSubnetGroupIdentifier": "default",
+                    "ReplicationSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:09:42-sun:10:12",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "3.4.6",
+                "AutoMinorVersionUpgrade": false,
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/e56f2d19-2ba5-4c25-829a-44ad8f133131",
+                "ReplicationInstanceArn": "arn:aws:dms:us-east-1:111111111111:rep:5SOAP4UN5HQORSQZZINL6J7OSCHEKHL7XWACL7Y",
+                "ReplicationInstancePrivateIpAddress": "172.31.95.51",
+                "ReplicationInstancePublicIpAddresses": [
+                    null
+                ],
+                "ReplicationInstancePrivateIpAddresses": [
+                    "172.31.95.51"
+                ],
+                "PubliclyAccessible": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.ListTagsForResource_1.json b/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.ListTagsForResource_1.json
new file mode 100644
index 000000000..80b47f8be
--- /dev/null
+++ b/tests/ecc-aws-584-dms_without_tag_information/placebo-red/dms.ListTagsForResource_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-584-dms_without_tag_information/red_policy_test.py b/tests/ecc-aws-584-dms_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..41b2ad23c
--- /dev/null
+++ b/tests/ecc-aws-584-dms_without_tag_information/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
+        arn = resources[0]['ReplicationInstanceArn']
+        tag = local_session.client("dms").list_tags_for_resource(ResourceArn=arn)
+        base_test.assertFalse(tag['TagList'])
\ No newline at end of file
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..f4ab9a3f2
--- /dev/null
+++ b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/585_ecs_cluster_green",
+                "clusterName": "585_ecs_cluster_green",
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 0,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 0,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-585-ecs_without_tag_information"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.ListClusters_1.json
new file mode 100644
index 000000000..2d8822ca3
--- /dev/null
+++ b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/585_ecs_cluster_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..967c3ddc1
--- /dev/null
+++ b/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.DescribeClusters_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/585_ecs_cluster_red",
+                "clusterName": "585_ecs_cluster_red",
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 0,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 0,
+                "statistics": [],
+                "tags": [],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.ListClusters_1.json
new file mode 100644
index 000000000..a2ccaa297
--- /dev/null
+++ b/tests/ecc-aws-585-ecs_without_tag_information/placebo-red/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/585_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/red_policy_test.py b/tests/ecc-aws-585-ecs_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-585-ecs_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..9f85d5e43
--- /dev/null
+++ b/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "586_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/586_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 12,
+                "hour": 11,
+                "minute": 43,
+                "second": 15,
+                "microsecond": 122000
+            },
+            "version": "1.22",
+            "endpoint": "https://59EC308998F1386C4389AF8EA234866A.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-586-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-0443c4aa8e74612e3",
+                    "subnet-0ee617ae94268e8e3"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-05b4edf8530e3b4b1",
+                "vpcId": "vpc-0a67b84d84446b5b9",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/59EC308998F1386C4389AF8EA234866A"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EZ3hNakV4TkRreU9Wb1hEVE15TURnd09URXhORGt5T1Zvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTlRyCjdtT1o1NFppRHN1M2x6WHV1RjJEZi9sMDBVMnpLMW1OZ3ZtK2ZHMkRXQXZYamU4WkRFTkhEVXpZUStJQk9KaEcKenNKTW1HdlgyZmpTTi9STWpSV09HTWtobFBtcysvU3BCOEFBOFRiY2EwWWRXYklGUGpOejN0Y0RrQTZjSmJKUQp6TEg3S1RXZFFob2tqMjBnSWpCdXNid1RtSTVuRkFqdExBNzRoUnJqNGZzczBxUXlxSTZCeFRIWFJjeWE4MWZzCkhpQVlEVEhoUFhCOG1PK0toeXlydzVxbEt4REVtYTJaUmw2OG1lOENOWWZKc2kxbjIxdHpBL2lQSnFYbmVJY3gKd205Wkg2WHNhVVNySmpBdjhLQzkwc1ZkOHZPMmdtQUd4eDdzZldSVUFDVzdFZ1R1N05qK0FDd0ZFdUhoVHpvSAo1djJwZHhLODlOTUZ3Rm82TFZFQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBaHUxOFhQcTRMTGZ6YWdJbmdUTHA4M24rV2xNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRDk4RjlGK0NmQXFGR2Z2eW9yeApEcEg2K1g3T20vLzVJNER1THJLcHcwMkdya1VzUHJOZUR4N0hMNWp0WFpPUVFoUFAxbkRRakxmUkljZ3VySENzCnR2Qy9mZHNEdzM3M01wZmMrVVBYQ3FtUHJZSmFjTTdUMnBPMU9tWFczVitLRC9nWVBaU3p5d244RCtBeXJaVjQKaG94R05halE5NW5wVDA1dnpVejBvLy9IM1U0S0cyem9hR3FBNmZJRnVvOG5kOW93Wi9lSEpFMGFPelpnWkdDNwpCQWlxMFZqaWpIbiswTTRnZjAxK3hqZGhzeFdVT0lWK1gycGFTQ3lma1psdy85azdVVHJNWXpkdTVPdmRaVVloClY2NGlxWncvUjRnSzFZNERsQmFLR1BrUEk2dWpqbmNKVzhhdGV0dkM5L1hJbDNuazcvMnNReWhLdkw0OTdpRi8KcHNjPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.5",
+            "tags": {
+                "CustodianRule": "ecc-aws-586-eks_without_tag_information",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..8499ef684
--- /dev/null
+++ b/tests/ecc-aws-586-eks_without_tag_information/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "586_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..3d9bcb94b
--- /dev/null
+++ b/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "586_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/586_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 12,
+                "hour": 11,
+                "minute": 53,
+                "second": 59,
+                "microsecond": 872000
+            },
+            "version": "1.22",
+            "endpoint": "https://2261ED7BF809622459332711E381FE6F.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-586-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-04e2aac0744961668",
+                    "subnet-0aab13b4a3bafac68"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-00135c276ab6a585f",
+                "vpcId": "vpc-0bac5dff87052c204",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/2261ED7BF809622459332711E381FE6F"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1EZ3hNakV4TlRreE5Gb1hEVE15TURnd09URXhOVGt4TkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWE3CmtZaHk5K2I0a09wajZxZGN6S2w1QXdrMU51Q2JsREpEa3llbjZzdXE4QzBpV0Nia2xTcGhLMzNOeTBLa0luVisKMnVqN3Y0TUVQMkZBZzJVZ2hudzMvdUZUSlk4ME0wT1d1aGUvUlcrV1BXK015Q0FXbFdIbFRyZExNUFhzaWV6ZgpRVGcrMzdjT1cyZ0lUT0xMeUVNOVJsdmY2Q1VOR0w0eUlkZlNzTk8rZDM5eVN6SEpDTFdWWndnTlpQNUF4OGlQCnpqRFBSc2l4cVg3bUZzZ3grNjJpMy9PZFBDZ3pib0YySHVxbDkxelVkOEV5M2NDVUhmamdoTHZ2ZDFQSU51MEkKWlljcmpmTlFUNm50clpNVDFtbWFHUUFRKyswRXJBemVQcVV0dGozYUZYQ1RQS2x5QVRMVDVNck92Ryt2eGNaMgpFY2VTQmJCR3lQRHhRSFVWWHZNQ0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZHdS9sTWxhSjF5OVBLMFdKakhzaDM1c2lKNHBNQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRFVSVVhkZTZGRjZtVXFQYVFFaQpMK3EzN3dtc3NWb2hTK1dMT1ZDVjcrT0dTTEp3Qnd5L3Z0dG85S0NycUQwK3duTDJXTWZFeExTTXUxZ1g2bFltCnZqQXFSWnhTMHVlQU91dDQ1d0JmMk54ekhkbUwxOG9NQVVOOWpFYS81ZkdTeXpNUm1ubXZ4MlhWcUwyK1hmcG0KOFVXRmRSWXNISlJtMkpwakh4TUhWdUtjWTN1TGJWOFhJaHVlMHhmSEtmQmN2amtPNXA5eUxvNHF1bnM2NFZDUgoweVNQWlk5U2t6RGFCQTE4cUxRR2padlFqZzNvcGlMRUtzcGh3Vy9nM3dKL2ZSZE1SSmhZY1lUVTJRMGwvUlJlCndnZzdLd1dJQVJzRElHcnVCNDdreFQ1QkE1M0tVYmNweUpFamthUTJDR1JCdjhMeEZXd0NqWDFJOTIxSnhzaEgKVDRRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.5",
+            "tags": {}
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..3d494d155
--- /dev/null
+++ b/tests/ecc-aws-586-eks_without_tag_information/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "586_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-586-eks_without_tag_information/red_policy_test.py b/tests/ecc-aws-586-eks_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-586-eks_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-587-efs_without_tag_information/placebo-green/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-587-efs_without_tag_information/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..d5b287c7e
--- /dev/null
+++ b/tests/ecc-aws-587-efs_without_tag_information/placebo-green/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "587_efs_green",
+                "FileSystemId": "fs-0ddc6f502725388cb",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-0ddc6f502725388cb",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 7,
+                    "minute": 50,
+                    "second": 28,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": false,
+                "ThroughputMode": "bursting",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-587-efs_without_tag_information"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-587-efs_without_tag_information/placebo-red/elasticfilesystem.DescribeFileSystems_1.json b/tests/ecc-aws-587-efs_without_tag_information/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
new file mode 100644
index 000000000..173c0af75
--- /dev/null
+++ b/tests/ecc-aws-587-efs_without_tag_information/placebo-red/elasticfilesystem.DescribeFileSystems_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationToken": "587_efs_red",
+                "FileSystemId": "fs-0c1f4dd5eae5c1767",
+                "FileSystemArn": "arn:aws:elasticfilesystem:us-east-1:111111111111:file-system/fs-0c1f4dd5eae5c1767",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 19,
+                    "hour": 7,
+                    "minute": 49,
+                    "second": 16,
+                    "microsecond": 0
+                },
+                "LifeCycleState": "available",
+                "NumberOfMountTargets": 0,
+                "SizeInBytes": {
+                    "Value": 6144,
+                    "ValueInIA": 0,
+                    "ValueInStandard": 6144
+                },
+                "PerformanceMode": "generalPurpose",
+                "Encrypted": false,
+                "ThroughputMode": "bursting",
+                "Tags": []
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-587-efs_without_tag_information/red_policy_test.py b/tests/ecc-aws-587-efs_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-587-efs_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..6d2e7c3d5
--- /dev/null
+++ b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-588-elasticache-cluster-green",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.6",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 13,
+                    "hour": 7,
+                    "minute": 50,
+                    "second": 44,
+                    "microsecond": 227000
+                },
+                "PreferredMaintenanceWindow": "wed:08:30-wed:09:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-588-elasticache-group-green",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "04:30-05:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-588-elasticache-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": [],
+				"Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-588-elasticache_clusters_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9fa7c23a7
--- /dev/null
+++ b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-588-elasticache-cluster-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-588-elasticache_clusters_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..aa69d14e3
--- /dev/null
+++ b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-588-elasticache-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "6.2.6",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1b",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 13,
+                    "hour": 7,
+                    "minute": 51,
+                    "second": 51,
+                    "microsecond": 488000
+                },
+                "PreferredMaintenanceWindow": "sun:07:30-sun:08:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis6.x",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "ReplicationGroupId": "c7n-588-elasticache-group-red",
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "08:30-09:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-588-elasticache-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-588-elasticache_clusters_without_tag_information/red_policy_test.py b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-588-elasticache_clusters_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
new file mode 100644
index 000000000..7e10a9cc7
--- /dev/null
+++ b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.DescribeEnvironments_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Environments": [
+            {
+                "EnvironmentName": "environment-590-green",
+                "EnvironmentId": "e-7jfrh5mn8k",
+                "ApplicationName": "590_application_green",
+                "SolutionStackName": "64bit Amazon Linux 2 v3.3.7 running Python 3.8",
+                "PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.3.7",
+                "EndpointURL": "awseb-e-7-AWSEBLoa-1V1ZJ1T9LHYRL-282988804.us-east-1.elb.amazonaws.com",
+                "CNAME": "environment-590-green.eba-7xybbnqg.us-east-1.elasticbeanstalk.com",
+                "DateCreated": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 27,
+                    "second": 6,
+                    "microsecond": 521000
+                },
+                "DateUpdated": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 29,
+                    "second": 41,
+                    "microsecond": 85000
+                },
+                "Status": "Ready",
+                "AbortableOperationInProgress": false,
+                "Health": "Green",
+                "Tier": {
+                    "Name": "WebServer",
+                    "Type": "Standard",
+                    "Version": "1.0"
+                },
+                "EnvironmentLinks": [],
+                "EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/590_application_green/environment-590-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.ListTagsForResource_1.json b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
new file mode 100644
index 000000000..ba2b8cf21
--- /dev/null
+++ b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-green/elasticbeanstalk.ListTagsForResource_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/590_application_green/environment-590-green",
+        "ResourceTags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-590-beanstalk_application_without_tag_information"
+            },
+            {
+                "Key": "elasticbeanstalk:environment-id",
+                "Value": "e-7jfrh5mn8k"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            },
+            {
+                "Key": "elasticbeanstalk:environment-name",
+                "Value": "environment-590-green"
+            },
+            {
+                "Key": "Name",
+                "Value": "environment-590-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
new file mode 100644
index 000000000..2fb93faeb
--- /dev/null
+++ b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.DescribeEnvironments_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Environments": [
+            {
+                "EnvironmentName": "environment-590-red",
+                "EnvironmentId": "e-mmcfxgsu8i",
+                "ApplicationName": "590_application_red",
+                "SolutionStackName": "64bit Amazon Linux 2 v3.3.7 running Python 3.8",
+                "PlatformArn": "arn:aws:elasticbeanstalk:us-east-1::platform/Python 3.8 running on 64bit Amazon Linux 2/3.3.7",
+                "EndpointURL": "awseb-e-m-AWSEBLoa-1COY4KFXEGZ58-503115957.us-east-1.elb.amazonaws.com",
+                "CNAME": "environment-590-red.eba-evr4bayp.us-east-1.elasticbeanstalk.com",
+                "DateCreated": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 25,
+                    "second": 35,
+                    "microsecond": 36000
+                },
+                "DateUpdated": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 27,
+                    "second": 50,
+                    "microsecond": 934000
+                },
+                "Status": "Ready",
+                "AbortableOperationInProgress": false,
+                "Health": "Green",
+                "Tier": {
+                    "Name": "WebServer",
+                    "Type": "Standard",
+                    "Version": "1.0"
+                },
+                "EnvironmentLinks": [],
+                "EnvironmentArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/590_application_red/environment-590-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.ListTagsForResource_1.json b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
new file mode 100644
index 000000000..a11631398
--- /dev/null
+++ b/tests/ecc-aws-590-beanstalk_without_tag_information/placebo-red/elasticbeanstalk.ListTagsForResource_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResourceArn": "arn:aws:elasticbeanstalk:us-east-1:111111111111:environment/590_application_red/environment-590-red",
+        "ResourceTags": [
+            {
+                "Key": "elasticbeanstalk:environment-name",
+                "Value": "environment-590-red"
+            },
+            {
+                "Key": "elasticbeanstalk:environment-id",
+                "Value": "e-mmcfxgsu8i"
+            },
+            {
+                "Key": "Name",
+                "Value": "environment-590-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-590-beanstalk_without_tag_information/red_policy_test.py b/tests/ecc-aws-590-beanstalk_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..e7c21fbb6
--- /dev/null
+++ b/tests/ecc-aws-590-beanstalk_without_tag_information/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        tags = resources[0]['Tags']
+        base_test.assertEqual(len(tags), 3)
\ No newline at end of file
diff --git a/tests/ecc-aws-591-elb_without_tag_information/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-591-elb_without_tag_information/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..14a81c4f7
--- /dev/null
+++ b/tests/ecc-aws-591-elb_without_tag_information/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,73 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-591-green",
+                "DNSName": "internal-elb-591-green-525922140.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-0706416475735656e"
+                ],
+				"Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-591-elb_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VPCId": "vpc-01e07a750a3f12fea",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "591_security_group_green"
+                },
+                "SecurityGroups": [
+                    "sg-078d787d37a90e0e1"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 12,
+                    "hour": 7,
+                    "minute": 53,
+                    "second": 53,
+                    "microsecond": 760000
+                },
+                "Scheme": "internal"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-591-elb_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-591-elb_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..fd7c98553
--- /dev/null
+++ b/tests/ecc-aws-591-elb_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-591-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-591-elb_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-591-elb_without_tag_information/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-591-elb_without_tag_information/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..f7c6af25f
--- /dev/null
+++ b/tests/ecc-aws-591-elb_without_tag_information/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,63 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-591-red",
+                "DNSName": "internal-elb-591-red-1008493480.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-011d80ac1dd59df70"
+                ],
+                "VPCId": "vpc-09d4516e0f1056bed",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "591_security_group_red"
+                },
+                "SecurityGroups": [
+                    "sg-04c702b623650e9eb"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 11,
+                    "hour": 11,
+                    "minute": 11,
+                    "second": 42,
+                    "microsecond": 750000
+                },
+                "Scheme": "internal"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-591-elb_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-591-elb_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..97532767a
--- /dev/null
+++ b/tests/ecc-aws-591-elb_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-591-red",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-591-elb_without_tag_information/red_policy_test.py b/tests/ecc-aws-591-elb_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..8a8ab76bd
--- /dev/null
+++ b/tests/ecc-aws-591-elb_without_tag_information/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
diff --git a/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..00c01c985
--- /dev/null
+++ b/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-1PMNQ7QII7GBK",
+            "Name": "592_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 11,
+                        "hour": 9,
+                        "minute": 18,
+                        "second": 4,
+                        "microsecond": 653000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 11,
+                        "hour": 9,
+                        "minute": 26,
+                        "second": 37,
+                        "microsecond": 984000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-089840252c3550499",
+                "RequestedEc2SubnetIds": [
+                    "subnet-089840252c3550499"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/592_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-02bdebc8035273f6e",
+                "EmrManagedSlaveSecurityGroup": "sg-02bdebc8035273f6e",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-592-emr_without_tag_information"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/592_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "3.92.26.28",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1PMNQ7QII7GBK",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..5cac57a3a
--- /dev/null
+++ b/tests/ecc-aws-592-emr_without_tag_information/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-1PMNQ7QII7GBK",
+                "Name": "592_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 11,
+                            "hour": 9,
+                            "minute": 18,
+                            "second": 4,
+                            "microsecond": 653000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 11,
+                            "hour": 9,
+                            "minute": 26,
+                            "second": 37,
+                            "microsecond": 984000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1PMNQ7QII7GBK"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..eaf33d1be
--- /dev/null
+++ b/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-1T52AOGAGCX02",
+            "Name": "592_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 11,
+                        "hour": 9,
+                        "minute": 20,
+                        "second": 16,
+                        "microsecond": 119000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 8,
+                        "day": 11,
+                        "hour": 9,
+                        "minute": 28,
+                        "second": 15,
+                        "microsecond": 157000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-0c6be826734f07b9c",
+                "RequestedEc2SubnetIds": [
+                    "subnet-0c6be826734f07b9c"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/592_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-0529688c454624471",
+                "EmrManagedSlaveSecurityGroup": "sg-0529688c454624471",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [],
+            "ServiceRole": "arn:aws:iam::111111111111:role/592_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.224.8.50",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1T52AOGAGCX02",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..5138074c9
--- /dev/null
+++ b/tests/ecc-aws-592-emr_without_tag_information/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-1T52AOGAGCX02",
+                "Name": "592_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 11,
+                            "hour": 9,
+                            "minute": 20,
+                            "second": 16,
+                            "microsecond": 119000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 8,
+                            "day": 11,
+                            "hour": 9,
+                            "minute": 28,
+                            "second": 15,
+                            "microsecond": 157000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-1T52AOGAGCX02"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-592-emr_without_tag_information/red_policy_test.py b/tests/ecc-aws-592-emr_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-592-emr_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..9ddeb1d0f
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-593-green",
+                "DomainName": "elasticsearch-593-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-593-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-593-green-p6d7fxsjf2ve64lxvnwsrzst4m.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "",
+                    "NewVersion": "R20220323-P5",
+                    "UpdateAvailable": true,
+                    "Cancellable": false,
+                    "UpdateStatus": "ELIGIBLE",
+                    "Description": "A newer release R20220323-P5 is available.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "DISABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..97e57c0f9
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-593-green",
+                "EngineType": "Elasticsearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListTags_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..ae480a47d
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-593-elasticsearch_without_tag_information"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..e593f592a
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,83 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/elasticsearch-593-red",
+                "DomainName": "elasticsearch-593-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/elasticsearch-593-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-elasticsearch-593-red-73abc4wxcbxrt4suc57drdh4mi.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "1.5",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "m4.large.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": false,
+                    "ZoneAwarenessEnabled": false,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp2",
+                    "VolumeSize": 10
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "",
+                    "NewVersion": "R20220323-P5",
+                    "UpdateAvailable": true,
+                    "Cancellable": false,
+                    "UpdateStatus": "ELIGIBLE",
+                    "Description": "A newer release R20220323-P5 is available.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "DISABLED"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..6f32fa816
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "elasticsearch-593-red",
+                "EngineType": "Elasticsearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListTags_1.json b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..db3be6e3f
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/placebo-red/es.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-593-elasticsearch_without_tag_information/red_policy_test.py b/tests/ecc-aws-593-elasticsearch_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..06cdc44d7
--- /dev/null
+++ b/tests/ecc-aws-593-elasticsearch_without_tag_information/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
+        arn = resources[0]['ARN']
+        tag = local_session.client("es").list_tags(ARN=arn)
+        base_test.assertFalse(tag['TagList'])
\ No newline at end of file
diff --git a/tests/ecc-aws-596-fsx_without_tag_information/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-596-fsx_without_tag_information/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..35a23db22
--- /dev/null
+++ b/tests/ecc-aws-596-fsx_without_tag_information/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 12,
+                    "hour": 8,
+                    "minute": 14,
+                    "second": 47,
+                    "microsecond": 464000
+                },
+                "FileSystemId": "fs-04dce187e926735d3",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-0f7e75a33c0a7c120"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0fe6405aafd44bab7",
+                    "eni-0f253b96daae794ab"
+                ],
+                "DNSName": "fs-04dce187e926735d3.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-04dce187e926735d3",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-596-fsx_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "6:04:30",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "tdvbxbev",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE",
+                    "LogConfiguration": {
+                        "Level": "DISABLED"
+                    }
+                },
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-596-fsx_without_tag_information/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-596-fsx_without_tag_information/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..d67ebbfbe
--- /dev/null
+++ b/tests/ecc-aws-596-fsx_without_tag_information/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 12,
+                    "hour": 9,
+                    "minute": 1,
+                    "second": 49,
+                    "microsecond": 49000
+                },
+                "FileSystemId": "fs-0ca40251bb3dc409a",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-0d96a06b0662d448a"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-03734af111355a6df",
+                    "eni-0396416723b9a0c91"
+                ],
+                "DNSName": "fs-0ca40251bb3dc409a.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0ca40251bb3dc409a",
+                "Tags": [],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "4:09:00",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "olqbxbev",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE",
+                    "LogConfiguration": {
+                        "Level": "DISABLED"
+                    }
+                },
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-596-fsx_without_tag_information/red_policy_test.py b/tests/ecc-aws-596-fsx_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-596-fsx_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-green/fsx.DescribeBackups_1.json b/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-green/fsx.DescribeBackups_1.json
new file mode 100644
index 000000000..49583dc46
--- /dev/null
+++ b/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-green/fsx.DescribeBackups_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "Backups": [
+            {
+                "BackupId": "backup-07d01923d782256fb",
+                "Lifecycle": "AVAILABLE",
+                "Type": "USER_INITIATED",
+                "ProgressPercent": 100,
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 10,
+                    "minute": 17,
+                    "second": 14,
+                    "microsecond": 16000
+                },
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:backup/backup-07d01923d782256fb",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-597-fsx_backup_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "FileSystem": {
+                    "FileSystemId": "fs-0194416bdb2184e68",
+                    "FileSystemType": "LUSTRE",
+                    "StorageCapacity": 6000,
+                    "StorageType": "HDD",
+                    "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0194416bdb2184e68",
+                    "LustreConfiguration": {
+                        "WeeklyMaintenanceStartTime": "4:05:00",
+                        "DeploymentType": "PERSISTENT_1",
+                        "PerUnitStorageThroughput": 12,
+                        "DailyAutomaticBackupStartTime": "04:00",
+                        "AutomaticBackupRetentionDays": 5,
+                        "DriveCacheType": "NONE",
+                        "DataCompressionType": "NONE"
+                    },
+                    "FileSystemTypeVersion": "2.10"
+                },
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-red/fsx.DescribeBackups_1.json b/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-red/fsx.DescribeBackups_1.json
new file mode 100644
index 000000000..b3084fc97
--- /dev/null
+++ b/tests/ecc-aws-597-fsx_backup_without_tag_information/placebo-red/fsx.DescribeBackups_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Backups": [
+            {
+                "BackupId": "backup-0c22bf04adbc6851d",
+                "Lifecycle": "AVAILABLE",
+                "Type": "USER_INITIATED",
+                "ProgressPercent": 100,
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 10,
+                    "minute": 15,
+                    "second": 55,
+                    "microsecond": 534000
+                },
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:backup/backup-0c22bf04adbc6851d",
+                "Tags": [],
+                "FileSystem": {
+                    "FileSystemId": "fs-036261c62de53f5df",
+                    "FileSystemType": "LUSTRE",
+                    "StorageCapacity": 6000,
+                    "StorageType": "HDD",
+                    "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-036261c62de53f5df",
+                    "LustreConfiguration": {
+                        "WeeklyMaintenanceStartTime": "6:05:00",
+                        "DeploymentType": "PERSISTENT_1",
+                        "PerUnitStorageThroughput": 12,
+                        "DailyAutomaticBackupStartTime": "08:30",
+                        "AutomaticBackupRetentionDays": 5,
+                        "DriveCacheType": "NONE",
+                        "DataCompressionType": "NONE"
+                    },
+                    "FileSystemTypeVersion": "2.10"
+                },
+                "OwnerId": "111111111111"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-597-fsx_backup_without_tag_information/red_policy_test.py b/tests/ecc-aws-597-fsx_backup_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-597-fsx_backup_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListTagsForVault_1.json b/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListTagsForVault_1.json
new file mode 100644
index 000000000..264a75c14
--- /dev/null
+++ b/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListTagsForVault_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {
+            "ComplianceStatus": "Green",
+            "CustodianRule": "ecc-aws-599-glacier_without_tag_information"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListVaults_1.json b/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListVaults_1.json
new file mode 100644
index 000000000..6daa024ed
--- /dev/null
+++ b/tests/ecc-aws-599-glacier_without_tag_information/placebo-green/glacier.ListVaults_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "VaultList": [
+            {
+                "VaultARN": "arn:aws:glacier:us-east-1:111111111111:vaults/599_glacier_vault_green",
+                "VaultName": "599_glacier_vault_green",
+                "CreationDate": "2023-01-10T13:11:03.009Z",
+                "NumberOfArchives": 0,
+                "SizeInBytes": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListTagsForVault_1.json b/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListTagsForVault_1.json
new file mode 100644
index 000000000..f8486c6d7
--- /dev/null
+++ b/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListTagsForVault_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Tags": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListVaults_1.json b/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListVaults_1.json
new file mode 100644
index 000000000..0d473a064
--- /dev/null
+++ b/tests/ecc-aws-599-glacier_without_tag_information/placebo-red/glacier.ListVaults_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "VaultList": [
+            {
+                "VaultARN": "arn:aws:glacier:us-east-1:111111111111:vaults/599_glacier_vault_red",
+                "VaultName": "599_glacier_vault_red",
+                "CreationDate": "2023-01-10T13:10:09.810Z",
+                "NumberOfArchives": 0,
+                "SizeInBytes": 0
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-599-glacier_without_tag_information/red_policy_test.py b/tests/ecc-aws-599-glacier_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-599-glacier_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/glue.GetJobs_1.json b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/glue.GetJobs_1.json
new file mode 100644
index 000000000..a61af9590
--- /dev/null
+++ b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/glue.GetJobs_1.json
@@ -0,0 +1,55 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "600_glue_job_green",
+                "Role": "arn:aws:iam::111111111111:role/600_role_green",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 16,
+                    "second": 21,
+                    "microsecond": 648000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 16,
+                    "second": 21,
+                    "microsecond": 648000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-600-green/script",
+                    "PythonVersion": "2"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "GlueVersion": "0.9",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-600-glue_job_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+			    ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..bbc734279
--- /dev/null
+++ b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/600_glue_job_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-600-glue_job_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/glue.GetJobs_1.json b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/glue.GetJobs_1.json
new file mode 100644
index 000000000..476796140
--- /dev/null
+++ b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/glue.GetJobs_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "600_glue_job_red",
+                "Role": "arn:aws:iam::111111111111:role/600_role_red",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 18,
+                    "second": 55,
+                    "microsecond": 372000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 18,
+                    "second": 55,
+                    "microsecond": 372000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-600-red/script",
+                    "PythonVersion": "2"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "GlueVersion": "0.9"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-600-glue_job_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-600-glue_job_without_tag_information/red_policy_test.py b/tests/ecc-aws-600-glue_job_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-600-glue_job_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..5cd694052
--- /dev/null
+++ b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "608_user_green",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::111111111111:user/608_user_green",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 19,
+                "hour": 12,
+                "minute": 15,
+                "second": 15,
+                "microsecond": 0
+            },
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-608-iam_user_without_tag_information"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..18ef0248c
--- /dev/null
+++ b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "608_user_green",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::111111111111:user/608_user_green",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 15,
+                    "second": 15,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..7ee988609
--- /dev/null
+++ b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "608_user_red",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::111111111111:user/608_user_red",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 19,
+                "hour": 12,
+                "minute": 17,
+                "second": 6,
+                "microsecond": 0
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..453cb0b3f
--- /dev/null
+++ b/tests/ecc-aws-608-iam_user_without_tag_information/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "608_user_red",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::111111111111:user/608_user_red",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 17,
+                    "second": 6,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-608-iam_user_without_tag_information/red_policy_test.py b/tests/ecc-aws-608-iam_user_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..1e861d7de
--- /dev/null
+++ b/tests/ecc-aws-608-iam_user_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.GetRole_1.json b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.GetRole_1.json
new file mode 100644
index 000000000..7730bbe30
--- /dev/null
+++ b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.GetRole_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Role": {
+            "Path": "/",
+            "RoleName": "609_role_green",
+            "RoleId": "AROAXPHGII4AECXMKEKQO",
+            "Arn": "arn:aws:iam::111111111111:role/609_role_green",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 19,
+                "hour": 9,
+                "minute": 57,
+                "second": 20,
+                "microsecond": 0
+            },
+            "AssumeRolePolicyDocument": "%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D",
+            "MaxSessionDuration": 3600,
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-609-iam_role_without_tag_information"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "RoleLastUsed": {}
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.ListRoles_1.json b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.ListRoles_1.json
new file mode 100644
index 000000000..88f7254f7
--- /dev/null
+++ b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-green/iam.ListRoles_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "Roles": [
+            {
+                "Path": "/",
+                "RoleName": "609_role_green",
+                "RoleId": "AROAXPHGII4AECXMKEKQO",
+                "Arn": "arn:aws:iam::111111111111:role/609_role_green",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 57,
+                    "second": 20,
+                    "microsecond": 0
+                },
+                "AssumeRolePolicyDocument": "%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D",
+                "MaxSessionDuration": 3600
+            }
+        ],
+        "IsTruncated": true,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.GetRole_1.json b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.GetRole_1.json
new file mode 100644
index 000000000..2f1a59fa7
--- /dev/null
+++ b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.GetRole_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Role": {
+            "Path": "/",
+            "RoleName": "609_role_red",
+            "RoleId": "AROAXPHGII4AOSRNIJYXK",
+            "Arn": "arn:aws:iam::111111111111:role/609_role_red",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 19,
+                "hour": 9,
+                "minute": 59,
+                "second": 58,
+                "microsecond": 0
+            },
+            "AssumeRolePolicyDocument": "%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D",
+            "MaxSessionDuration": 3600,
+            "RoleLastUsed": {}
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.ListRoles_1.json b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.ListRoles_1.json
new file mode 100644
index 000000000..62ba67e32
--- /dev/null
+++ b/tests/ecc-aws-609-iam_role_without_tag_information/placebo-red/iam.ListRoles_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "Roles": [
+            {
+                "Path": "/",
+                "RoleName": "609_role_red",
+                "RoleId": "AROAXPHGII4AOSRNIJYXK",
+                "Arn": "arn:aws:iam::111111111111:role/609_role_red",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 59,
+                    "second": 58,
+                    "microsecond": 0
+                },
+                "AssumeRolePolicyDocument": "%7B%22Version%22%3A%222012-10-17%22%2C%22Statement%22%3A%5B%7B%22Sid%22%3A%22%22%2C%22Effect%22%3A%22Allow%22%2C%22Principal%22%3A%7B%22Service%22%3A%22ec2.amazonaws.com%22%7D%2C%22Action%22%3A%22sts%3AAssumeRole%22%7D%5D%7D",
+                "MaxSessionDuration": 3600
+            }
+        ],
+        "IsTruncated": true,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-609-iam_role_without_tag_information/red_policy_test.py b/tests/ecc-aws-609-iam_role_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..1e861d7de
--- /dev/null
+++ b/tests/ecc-aws-609-iam_role_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Tags', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-green/kafka.ListClustersV2_1.json b/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-green/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..b888adfb7
--- /dev/null
+++ b/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-green/kafka.ListClustersV2_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/611-msk-cluster-green/6d24f472-3756-4de4-89ca-08d3aa0c5222-14",
+                "ClusterName": "611-msk-cluster-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 27,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 35,
+                    "microsecond": 224000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {
+                    "CustodianRule": "ecc-aws-611-msk_clusters_without_tag_information",
+                    "ComplianceStatus": "Green"
+                },
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0233a9217b790903f",
+                            "subnet-0bfd5d02cef6349c5",
+                            "subnet-0adacb20f06022d1c"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-0f31d7584cb4c7257"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-1.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2181,z-2.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2181,z-3.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-1.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2182,z-2.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2182,z-3.611mskclustergreen.o0zywl.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-red/kafka.ListClustersV2_1.json b/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-red/kafka.ListClustersV2_1.json
new file mode 100644
index 000000000..538f8df62
--- /dev/null
+++ b/tests/ecc-aws-611-msk_clusters_without_tag_information/placebo-red/kafka.ListClustersV2_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ClusterInfoList": [
+            {
+                "ClusterType": "PROVISIONED",
+                "ClusterArn": "arn:aws:kafka:us-east-1:111111111111:cluster/611-msk-cluster-red/d01c6025-8e89-4a2b-a90c-31f8ce376fd3-14",
+                "ClusterName": "611-msk-cluster-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 27,
+                    "hour": 12,
+                    "minute": 13,
+                    "second": 55,
+                    "microsecond": 180000
+                },
+                "CurrentVersion": "K3AEGXETSR30VB",
+                "State": "ACTIVE",
+                "Tags": {},
+                "Provisioned": {
+                    "BrokerNodeGroupInfo": {
+                        "BrokerAZDistribution": "DEFAULT",
+                        "ClientSubnets": [
+                            "subnet-0d67a73f11f725630",
+                            "subnet-065731b3b05ef25db",
+                            "subnet-01c8c8e5167012eb4"
+                        ],
+                        "InstanceType": "kafka.t3.small",
+                        "SecurityGroups": [
+                            "sg-06fcd67bfa824f97a"
+                        ],
+                        "StorageInfo": {
+                            "EbsStorageInfo": {
+                                "VolumeSize": 5
+                            }
+                        },
+                        "ConnectivityInfo": {
+                            "PublicAccess": {
+                                "Type": "DISABLED"
+                            }
+                        }
+                    },
+                    "CurrentBrokerSoftwareInfo": {
+                        "KafkaVersion": "2.6.2"
+                    },
+                    "EncryptionInfo": {
+                        "EncryptionAtRest": {
+                            "DataVolumeKMSKeyId": "arn:aws:kms:us-east-1:111111111111:key/a5e95036-8806-46b5-bc53-6158c469034c"
+                        },
+                        "EncryptionInTransit": {
+                            "ClientBroker": "TLS",
+                            "InCluster": true
+                        }
+                    },
+                    "EnhancedMonitoring": "DEFAULT",
+                    "OpenMonitoring": {
+                        "Prometheus": {
+                            "JmxExporter": {
+                                "EnabledInBroker": false
+                            },
+                            "NodeExporter": {
+                                "EnabledInBroker": false
+                            }
+                        }
+                    },
+                    "NumberOfBrokerNodes": 3,
+                    "ZookeeperConnectString": "z-2.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2181,z-1.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2181,z-3.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2181",
+                    "ZookeeperConnectStringTls": "z-2.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2182,z-1.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2182,z-3.611mskclusterred.y2oznk.c14.kafka.us-east-1.amazonaws.com:2182"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-611-msk_clusters_without_tag_information/red_policy_test.py b/tests/ecc-aws-611-msk_clusters_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-611-msk_clusters_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.DescribeStream_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..ab8415f38
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.DescribeStream_1.json
@@ -0,0 +1,54 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "613_kinesis1_stream_green",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/613_kinesis1_stream_green",
+            "StreamStatus": "ACTIVE",
+            "StreamModeDetails": {
+                "StreamMode": "PROVISIONED"
+            },
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211455"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49636034225594761481571364483301443616220835793537597442"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 12,
+                "hour": 11,
+                "minute": 13,
+                "second": 22,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "NONE",
+			"Tags": [
+				{
+					"Key": "CustodianRule",
+					"Value": "ecc-aws-613-kinesis_data_stream_without_tag_information"
+				},
+				{
+					"Key": "ComplianceStatus",
+					"Value": "Green"
+				}
+			]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.ListStreams_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..b834bda68
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "613_kinesis1_stream_green"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..0a87bc103
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/613_kinesis1_stream_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-613-kinesis_data_stream_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.DescribeStream_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..da7c7e040
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.DescribeStream_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "613_kinesis1_stream_red",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/613_kinesis1_stream_red",
+            "StreamStatus": "ACTIVE",
+            "StreamModeDetails": {
+                "StreamMode": "PROVISIONED"
+            },
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211455"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49636034140316711842390261590068856941613484970713546754"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 12,
+                "hour": 11,
+                "minute": 9,
+                "second": 23,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "NONE",
+            "Tags": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.ListStreams_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..4d84b50f8
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "613_kinesis1_stream_red"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6103c77bf
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/613_kinesis1_stream_red",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/red_policy_test.py b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-613-kinesis_data_stream_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..be064067d
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "f75de08b-f618-4422-8a39-996585adacb1",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/f75de08b-f618-4422-8a39-996585adacb1",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 28,
+                "hour": 11,
+                "minute": 57,
+                "second": 32,
+                "microsecond": 360000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..ba15b79cd
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/k-615-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-615-green",
+                "TargetKeyId": "f75de08b-f618-4422-8a39-996585adacb1",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 59,
+                    "second": 15,
+                    "microsecond": 143000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 59,
+                    "second": 15,
+                    "microsecond": 143000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListKeys_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListKeys_1.json
new file mode 100644
index 000000000..8a4105173
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/kms.ListKeys_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "f75de08b-f618-4422-8a39-996585adacb1",
+                "KeyArn": "arn:aws:kms:us-east-1:111111111111:key/f75de08b-f618-4422-8a39-996585adacb1"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..361ea4cf3
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/f75de08b-f618-4422-8a39-996585adacb1",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-615-kms_key_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..250d46d2a
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "4f1137a7-c4cf-4655-a653-fcab6caa556f",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/4f1137a7-c4cf-4655-a653-fcab6caa556f",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 28,
+                "hour": 11,
+                "minute": 57,
+                "second": 55,
+                "microsecond": 962000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..a79cf21d2
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/k-615-red",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-615-red",
+                "TargetKeyId": "4f1137a7-c4cf-4655-a653-fcab6caa556f",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 59,
+                    "second": 0,
+                    "microsecond": 682000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 59,
+                    "second": 0,
+                    "microsecond": 682000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListKeys_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListKeys_1.json
new file mode 100644
index 000000000..b0952b93a
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/kms.ListKeys_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "4f1137a7-c4cf-4655-a653-fcab6caa556f",
+                "KeyArn": "arn:aws:kms:us-east-1:111111111111:key/4f1137a7-c4cf-4655-a653-fcab6caa556f"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-615-kms_key_without_tag_information/red_policy_test.py b/tests/ecc-aws-615-kms_key_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-615-kms_key_without_tag_information/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..2e3720604
--- /dev/null
+++ b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "616_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:616_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/616_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-07-07T08:19:48.833+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "f3ccb367-f495-4dfe-947b-16e0c7b5cd7e",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f1f8fb1c5
--- /dev/null
+++ b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:616_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-616-lambda_functions_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..91c4c36e6
--- /dev/null
+++ b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "616_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:616_lambda_red",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/616_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-07-07T08:26:59.521+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "66d1e9dc-23e3-4b50-8aae-8933c2a4f27c",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-616-lambda_functions_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-616-lambda_functions_without_tag_information/red_policy_test.py b/tests/ecc-aws-616-lambda_functions_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-616-lambda_functions_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-green/lightsail.GetInstances_1.json b/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-green/lightsail.GetInstances_1.json
new file mode 100644
index 000000000..72d444269
--- /dev/null
+++ b/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-green/lightsail.GetInstances_1.json
@@ -0,0 +1,117 @@
+{
+    "status_code": 200,
+    "data": {
+        "instances": [
+            {
+                "name": "lightsail-instance-617-green",
+                "arn": "arn:aws:lightsail:us-east-1:111111111111:Instance/0ca14b52-c35f-498c-821a-52c79650464e",
+                "supportCode": "111111111111/i-003c89e2af630307c",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 36,
+                    "microsecond": 816000
+                },
+                "location": {
+                    "availabilityZone": "us-east-1b",
+                    "regionName": "us-east-1"
+                },
+                "resourceType": "Instance",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-617-lightsail_instance_without_tag_information"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "blueprintId": "amazon_linux_2",
+                "blueprintName": "Amazon Linux 2",
+                "bundleId": "nano_2_0",
+                "isStaticIp": false,
+                "privateIpAddress": "172.26.28.155",
+                "publicIpAddress": "44.204.107.246",
+                "ipv6Addresses": [
+                    "2600:1f18:1df3:4801:dd07:fc74:d757:c888"
+                ],
+                "ipAddressType": "dualstack",
+                "hardware": {
+                    "cpuCount": 1,
+                    "disks": [
+                        {
+                            "createdAt": {
+                                "__class__": "datetime",
+                                "year": 2022,
+                                "month": 12,
+                                "day": 22,
+                                "hour": 12,
+                                "minute": 3,
+                                "second": 36,
+                                "microsecond": 816000
+                            },
+                            "sizeInGb": 20,
+                            "isSystemDisk": true,
+                            "iops": 100,
+                            "path": "/dev/xvda",
+                            "attachedTo": "lightsail-instance-617-green",
+                            "attachmentState": "attached"
+                        }
+                    ],
+                    "ramSizeInGb": 0.5
+                },
+                "networking": {
+                    "monthlyTransfer": {
+                        "gbPerMonthAllocated": 1024
+                    },
+                    "ports": [
+                        {
+                            "fromPort": 80,
+                            "toPort": 80,
+                            "protocol": "tcp",
+                            "accessFrom": "Anywhere (0.0.0.0/0 and ::/0)",
+                            "accessType": "public",
+                            "commonName": "",
+                            "accessDirection": "inbound",
+                            "cidrs": [
+                                "0.0.0.0/0"
+                            ],
+                            "ipv6Cidrs": [
+                                "::/0"
+                            ],
+                            "cidrListAliases": []
+                        },
+                        {
+                            "fromPort": 22,
+                            "toPort": 22,
+                            "protocol": "tcp",
+                            "accessFrom": "Anywhere (0.0.0.0/0 and ::/0)",
+                            "accessType": "public",
+                            "commonName": "",
+                            "accessDirection": "inbound",
+                            "cidrs": [
+                                "0.0.0.0/0"
+                            ],
+                            "ipv6Cidrs": [
+                                "::/0"
+                            ],
+                            "cidrListAliases": []
+                        }
+                    ]
+                },
+                "state": {
+                    "code": 16,
+                    "name": "running"
+                },
+                "username": "ec2-user",
+                "sshKeyName": "key-pair-617-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-red/lightsail.GetInstances_1.json b/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-red/lightsail.GetInstances_1.json
new file mode 100644
index 000000000..d68104ff8
--- /dev/null
+++ b/tests/ecc-aws-617-lightsail_instance_without_tag_information/placebo-red/lightsail.GetInstances_1.json
@@ -0,0 +1,108 @@
+{
+    "status_code": 200,
+    "data": {
+        "instances": [
+            {
+                "name": "lightsail-instance-617-red",
+                "arn": "arn:aws:lightsail:us-east-1:111111111111:Instance/eb4b75c9-3568-439e-89ef-383f410e4aec",
+                "supportCode": "111111111111/i-0c2766dee8bd9f6a9",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 51,
+                    "second": 30,
+                    "microsecond": 654000
+                },
+                "location": {
+                    "availabilityZone": "us-east-1b",
+                    "regionName": "us-east-1"
+                },
+                "resourceType": "Instance",
+                "tags": [],
+                "blueprintId": "amazon_linux_2",
+                "blueprintName": "Amazon Linux 2",
+                "bundleId": "nano_2_0",
+                "isStaticIp": false,
+                "privateIpAddress": "172.26.21.161",
+                "publicIpAddress": "3.216.90.10",
+                "ipv6Addresses": [
+                    "2600:1f18:1df3:4801:9b1d:32e4:5c83:cca3"
+                ],
+                "ipAddressType": "dualstack",
+                "hardware": {
+                    "cpuCount": 1,
+                    "disks": [
+                        {
+                            "createdAt": {
+                                "__class__": "datetime",
+                                "year": 2022,
+                                "month": 12,
+                                "day": 22,
+                                "hour": 11,
+                                "minute": 51,
+                                "second": 30,
+                                "microsecond": 654000
+                            },
+                            "sizeInGb": 20,
+                            "isSystemDisk": true,
+                            "iops": 100,
+                            "path": "/dev/xvda",
+                            "attachedTo": "lightsail-instance-617-red",
+                            "attachmentState": "attached"
+                        }
+                    ],
+                    "ramSizeInGb": 0.5
+                },
+                "networking": {
+                    "monthlyTransfer": {
+                        "gbPerMonthAllocated": 1024
+                    },
+                    "ports": [
+                        {
+                            "fromPort": 80,
+                            "toPort": 80,
+                            "protocol": "tcp",
+                            "accessFrom": "Anywhere (0.0.0.0/0 and ::/0)",
+                            "accessType": "public",
+                            "commonName": "",
+                            "accessDirection": "inbound",
+                            "cidrs": [
+                                "0.0.0.0/0"
+                            ],
+                            "ipv6Cidrs": [
+                                "::/0"
+                            ],
+                            "cidrListAliases": []
+                        },
+                        {
+                            "fromPort": 22,
+                            "toPort": 22,
+                            "protocol": "tcp",
+                            "accessFrom": "Anywhere (0.0.0.0/0 and ::/0)",
+                            "accessType": "public",
+                            "commonName": "",
+                            "accessDirection": "inbound",
+                            "cidrs": [
+                                "0.0.0.0/0"
+                            ],
+                            "ipv6Cidrs": [
+                                "::/0"
+                            ],
+                            "cidrListAliases": []
+                        }
+                    ]
+                },
+                "state": {
+                    "code": 16,
+                    "name": "running"
+                },
+                "username": "ec2-user",
+                "sshKeyName": "key-pair-617-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-617-lightsail_instance_without_tag_information/red_policy_test.py b/tests/ecc-aws-617-lightsail_instance_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..e6501e872
--- /dev/null
+++ b/tests/ecc-aws-617-lightsail_instance_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/logs.DescribeLogGroups_1.json b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..c438331ee
--- /dev/null
+++ b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/logs.DescribeLogGroups_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+            {
+                "logGroupName": "cloudwatch_618_log_group_green",
+                "creationTime": 1660557188687,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_618_log_group_green:*",
+                "storedBytes": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..728d6221f
--- /dev/null
+++ b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_618_log_group_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-618-cloudwatch_log_groups_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/logs.DescribeLogGroups_1.json b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..1e36f6bd0
--- /dev/null
+++ b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/logs.DescribeLogGroups_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+            {
+                "logGroupName": "cloudwatch_618_log_group_red",
+                "creationTime": 1660559157400,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_618_log_group_red:*",
+                "storedBytes": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red_policy_test.py b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-618-cloudwatch_log_groups_without_tag_information/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..41a0efe1d
--- /dev/null
+++ b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-619-green:b-260b9dee-3b24-4e8c-8c47-d8fc228951ae",
+        "BrokerId": "b-260b9dee-3b24-4e8c-8c47-d8fc228951ae",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-260b9dee-3b24-4e8c-8c47-d8fc228951ae-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.19.170"
+            }
+        ],
+        "BrokerName": "mq-broker-619-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 6,
+            "hour": 14,
+            "minute": 17,
+            "second": 15,
+            "microsecond": 857000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-260b9dee-3b24-4e8c-8c47-d8fc228951ae/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-260b9dee-3b24-4e8c-8c47-d8fc228951ae/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-fa9dcab7"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-619-mq_brokers_without_tag_information",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..79fd44977
--- /dev/null
+++ b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-619-green:b-260b9dee-3b24-4e8c-8c47-d8fc228951ae",
+                "BrokerId": "b-260b9dee-3b24-4e8c-8c47-d8fc228951ae",
+                "BrokerName": "mq-broker-619-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 17,
+                    "second": 15,
+                    "microsecond": 857000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..ba90aad42
--- /dev/null
+++ b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,74 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-619-red:b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd",
+        "BrokerId": "b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.85.103"
+            }
+        ],
+        "BrokerName": "mq-broker-619-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 6,
+            "hour": 14,
+            "minute": 16,
+            "second": 57,
+            "microsecond": 162000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-cd7af8ec"
+        ],
+        "Tags": {},
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..122a89197
--- /dev/null
+++ b/tests/ecc-aws-619-mq_brokers_without_tag_information/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-619-red:b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd",
+                "BrokerId": "b-a21606c3-8aa2-48a5-8461-eb9631bb5bdd",
+                "BrokerName": "mq-broker-619-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 16,
+                    "second": 57,
+                    "microsecond": 162000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-619-mq_brokers_without_tag_information/red_policy_test.py b/tests/ecc-aws-619-mq_brokers_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-619-mq_brokers_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..38950e2b3
--- /dev/null
+++ b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_620_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 30,
+                "hour": 10,
+                "minute": 35,
+                "second": 10,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/620_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 10,
+                    "minute": 35,
+                    "second": 10,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_620_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_620_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0880b02e452aa5a58"
+                ],
+                "SubnetIds": [
+                    "subnet-0f4fc680ba032a872",
+                    "subnet-0aee398f0176481e0"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::620-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-620-mwaa_without_tag_information",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "93cb2ef8-ef3d-466f-a7b7-cd6e4a7e31e1-vpce.c41.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "WED:16:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..de3ae1d7b
--- /dev/null
+++ b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_620_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..c67113031
--- /dev/null
+++ b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.0.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_620_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 8,
+                "day": 30,
+                "hour": 11,
+                "minute": 0,
+                "second": 20,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/620_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 30,
+                    "hour": 11,
+                    "minute": 0,
+                    "second": 20,
+                    "microsecond": 0
+                },
+                "Error": {
+                    "ErrorCode": "INCORRECT_CONFIGURATION",
+                    "ErrorMessage": "You may need to check the execution role permissions policy for your environment, and that each of the VPC networking components required by the environment are configured to allow traffic. Troubleshooting: https://docs.aws.amazon.com/mwaa/latest/userguide/troubleshooting.html"
+                },
+                "Status": "FAILED"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_620_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0684786d24ae24081"
+                ],
+                "SubnetIds": [
+                    "subnet-0f79de1aaad201e09",
+                    "subnet-0cae08fffa6bd98b7"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::620-bucket-red",
+            "Status": "CREATE_FAILED",
+            "Tags": {},
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WeeklyMaintenanceWindowStart": "WED:10:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..a67616458
--- /dev/null
+++ b/tests/ecc-aws-620-mwaa_without_tag_information/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_620_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-620-mwaa_without_tag_information/red_policy_test.py b/tests/ecc-aws-620-mwaa_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-620-mwaa_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.DescribeLedger_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..dfac81cf6
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.DescribeLedger_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-624-green",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-624-green",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 5,
+            "hour": 12,
+            "minute": 3,
+            "second": 5,
+            "microsecond": 309000
+        },
+        "PermissionsMode": "STANDARD",
+        "DeletionProtection": false,
+		"Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-624-qldb_ledgers_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.ListLedgers_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..02dee29f4
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-624-green",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 5,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 5,
+                    "microsecond": 309000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..c9a0663d9
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-624-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-624-qldb_ledgers_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.DescribeLedger_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..c786925d1
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.DescribeLedger_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-624-red",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-624-red",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 5,
+            "hour": 12,
+            "minute": 3,
+            "second": 22,
+            "microsecond": 990000
+        },
+        "PermissionsMode": "STANDARD",
+        "DeletionProtection": false
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.ListLedgers_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..6c0091463
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-624-red",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 5,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 22,
+                    "microsecond": 990000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-624-qldb_ledgers_without_tag_information/red_policy_test.py b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-624-qldb_ledgers_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..ed3212f23
--- /dev/null
+++ b/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster625green",
+                "DBClusterIdentifier": "cluster-625-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 49,
+                    "second": 27,
+                    "microsecond": 982000
+                },
+                "Endpoint": "cluster-625-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-625-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.11.0",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 49,
+                    "second": 27,
+                    "microsecond": 982000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "07:13-07:43",
+                "PreferredMaintenanceWindow": "tue:09:04-tue:09:34",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-MYMMTI4WPLDPMECMZKWH55BV4A",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-625-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 48,
+                    "second": 37,
+                    "microsecond": 518000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-625-rds_cluster_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..6a5e86b13
--- /dev/null
+++ b/tests/ecc-aws-625-rds_cluster_without_tag_information/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1b",
+                    "us-east-1a",
+                    "us-east-1e"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster625red",
+                "DBClusterIdentifier": "cluster-625-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 10,
+                    "microsecond": 183000
+                },
+                "Endpoint": "cluster-625-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-625-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.11.0",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 8,
+                    "minute": 0,
+                    "second": 10,
+                    "microsecond": 183000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "10:20-10:50",
+                "PreferredMaintenanceWindow": "thu:09:38-thu:10:08",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-EKFBSZYT3YCARM54A7Z6ZNIIBM",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-625-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 1,
+                    "hour": 7,
+                    "minute": 58,
+                    "second": 39,
+                    "microsecond": 925000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [],
+                "AutoMinorVersionUpgrade": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-625-rds_cluster_without_tag_information/red_policy_test.py b/tests/ecc-aws-625-rds_cluster_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..52c27b4f5
--- /dev/null
+++ b/tests/ecc-aws-625-rds_cluster_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-green/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-green/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..2c9d62822
--- /dev/null
+++ b/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-green/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,71 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "db626snapshotgreen",
+                "DBInstanceIdentifier": "terraform-20221103163058810600000001",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 37,
+                    "second": 19,
+                    "microsecond": 505000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1f",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 35,
+                    "second": 43,
+                    "microsecond": 897000
+                },
+                "MasterUsername": "root",
+                "EngineVersion": "5.7.38",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": false,
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:111111111111:snapshot:db626snapshotgreen",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-Q5XHBWE5NMM6BTIFUBLVRLJWJY",
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-626-rds_snapshot_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "OriginalSnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 37,
+                    "second": 19,
+                    "microsecond": 505000
+                },
+                "SnapshotTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-red/rds.DescribeDBSnapshots_1.json b/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-red/rds.DescribeDBSnapshots_1.json
new file mode 100644
index 000000000..a0c5d90df
--- /dev/null
+++ b/tests/ecc-aws-626-rds_snapshot_without_tag_information/placebo-red/rds.DescribeDBSnapshots_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBSnapshots": [
+            {
+                "DBSnapshotIdentifier": "db626snapshotred",
+                "DBInstanceIdentifier": "terraform-20221103163406034500000001",
+                "SnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 40,
+                    "second": 18,
+                    "microsecond": 7000
+                },
+                "Engine": "mysql",
+                "AllocatedStorage": 10,
+                "Status": "available",
+                "Port": 3306,
+                "AvailabilityZone": "us-east-1f",
+                "VpcId": "vpc-12345asdfg",
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 39,
+                    "second": 21,
+                    "microsecond": 429000
+                },
+                "MasterUsername": "root",
+                "EngineVersion": "5.7.38",
+                "LicenseModel": "general-public-license",
+                "SnapshotType": "manual",
+                "OptionGroupName": "default:mysql-5-7",
+                "PercentProgress": 100,
+                "StorageType": "gp2",
+                "Encrypted": false,
+                "DBSnapshotArn": "arn:aws:rds:us-east-1:111111111111:snapshot:db626snapshotred",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ProcessorFeatures": [],
+                "DbiResourceId": "db-ZBSO5OHLJSYVSRN3B3BDLG4KXA",
+                "TagList": [],
+                "OriginalSnapshotCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 16,
+                    "minute": 40,
+                    "second": 18,
+                    "microsecond": 7000
+                },
+                "SnapshotTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-626-rds_snapshot_without_tag_information/red_policy_test.py b/tests/ecc-aws-626-rds_snapshot_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..9bbc6eb78
--- /dev/null
+++ b/tests/ecc-aws-626-rds_snapshot_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(len(resources[0]['Tags']), 0)
diff --git a/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..3717aee7d
--- /dev/null
+++ b/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-627-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-627-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 20,
+                    "hour": 7,
+                    "minute": 41,
+                    "second": 11,
+                    "microsecond": 906000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1f",
+                "PreferredMaintenanceWindow": "mon:07:30-mon:08:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCTADLNb7lSAPZLZPZgrA0pNEFbHWk6O+sdE/gigxHE7hxs2pEQ4mg7ZOWeDo3MFwD3HEJw/E05NjC4Hctfc5hJHcu4pcwZpqlFUPdr30Z3fKLKk6uHYLjesrNCvFyidLKf0elS8W59YrRt5b5olQ43DW6v5lF7zvJPFy5f65SecbgdnnxfGMEAGuabQiug4YFYl1oG5HwZc42lfS7PdWhVtsaoSr8hG7p4A36+32aAiMEr/wKqClnk2RWD9DAW2gWjBiQT8KAD+dEOh8qWe+w0r1vQGTDDLUoz15p2ztJalwhos/Qw69f2FSs+8VR1p5BdgOkpH5Hr4u7PfrqrgFMr Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.64.83",
+                        "PublicIPAddress": "54.86.189.5"
+                    }
+                ],
+                "ClusterRevisionNumber": "40083",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-627-redshift_clusters_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:8df86128-2683-41c5-af32-e38256e132f8",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..1b96bb0b5
--- /dev/null
+++ b/tests/ecc-aws-627-redshift_clusters_without_tag_information/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,85 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-627-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshiftred",
+                "Endpoint": {
+                    "Address": "c7n-627-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 20,
+                    "hour": 7,
+                    "minute": 46,
+                    "second": 28,
+                    "microsecond": 27000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1f",
+                "PreferredMaintenanceWindow": "mon:07:30-mon:08:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfw+ab07xcysQLxLOtVZ7HfZ2H3V6Ghpd4kgYmIbxlh4r0FRZMrVCKtWUh/Xoh77ypMnz5vsOqhlOAalEbjikkpu/YEG4NX1+wuodoAgYg5vDDnknkwJWFz2Bd+udCuGCcwnLFIbvHHuZpk2G6waEbWEmJYOmsro78vRGyiJbbccg1f1hS96+l3kDdju4RVrL5SGl0xjsJIbyzZaCCfZcMWlBZrDpoX2lx+8R7hty16yfH2E/FtRk5utSlbHC/56gNc4LLqknwJG0iUBohPRKpcoYP7KxtlFPfwF+XEbqigxal1AwKstHMnccXBnfYGMh3QBwEP34LepMeV8pq5JYV Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.79.83",
+                        "PublicIPAddress": "34.238.140.160"
+                    }
+                ],
+                "ClusterRevisionNumber": "40083",
+                "Tags": [],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:647d6232-15bf-4869-b5b3-186ec0757b06",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-627-redshift_clusters_without_tag_information/red_policy_test.py b/tests/ecc-aws-627-redshift_clusters_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-627-redshift_clusters_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..6b4e7cef4
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/630-sagemaker-notebook-instance-green",
+        "NotebookInstanceName": "630-sagemaker-notebook-instance-green",
+        "NotebookInstanceStatus": "InService",
+        "Url": "630-sagemaker-notebook-instance-green.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/630_role_green",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 31,
+            "hour": 13,
+            "minute": 39,
+            "second": 40,
+            "microsecond": 873000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 31,
+            "hour": 13,
+            "minute": 34,
+            "second": 11,
+            "microsecond": 676000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al2-v2",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..26207b5fd
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "630-sagemaker-notebook-instance-green",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/630-sagemaker-notebook-instance-green",
+                "NotebookInstanceStatus": "InService",
+                "Url": "630-sagemaker-notebook-instance-green.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 13,
+                    "minute": 34,
+                    "second": 11,
+                    "microsecond": 676000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 13,
+                    "minute": 39,
+                    "second": 40,
+                    "microsecond": 873000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListTags_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..5337763cf
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-green/api.sagemaker.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-630-sagemaker_instances_without_tag_information"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
new file mode 100644
index 000000000..f76789043
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.DescribeNotebookInstance_1.json
@@ -0,0 +1,37 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/630-sagemaker-notebook-instance-red",
+        "NotebookInstanceName": "630-sagemaker-notebook-instance-red",
+        "NotebookInstanceStatus": "InService",
+        "Url": "630-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+        "InstanceType": "ml.t2.medium",
+        "SecurityGroups": [],
+        "RoleArn": "arn:aws:iam::111111111111:role/630_role_red",
+        "LastModifiedTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 31,
+            "hour": 13,
+            "minute": 34,
+            "second": 37,
+            "microsecond": 712000
+        },
+        "CreationTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 31,
+            "hour": 13,
+            "minute": 30,
+            "second": 41,
+            "microsecond": 55000
+        },
+        "DirectInternetAccess": "Enabled",
+        "VolumeSizeInGB": 5,
+        "RootAccess": "Enabled",
+        "PlatformIdentifier": "notebook-al2-v2",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListNotebookInstances_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListNotebookInstances_1.json
new file mode 100644
index 000000000..7f85bd0f6
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListNotebookInstances_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "NotebookInstances": [
+            {
+                "NotebookInstanceName": "630-sagemaker-notebook-instance-red",
+                "NotebookInstanceArn": "arn:aws:sagemaker:us-east-1:111111111111:notebook-instance/630-sagemaker-notebook-instance-red",
+                "NotebookInstanceStatus": "InService",
+                "Url": "630-sagemaker-notebook-instance-red.notebook.us-east-1.sagemaker.aws",
+                "InstanceType": "ml.t2.medium",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 13,
+                    "minute": 30,
+                    "second": 41,
+                    "microsecond": 55000
+                },
+                "LastModifiedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 13,
+                    "minute": 34,
+                    "second": 37,
+                    "microsecond": 712000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListTags_1.json b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListTags_1.json
new file mode 100644
index 000000000..e41b16b3e
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/placebo-red/api.sagemaker.ListTags_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-630-sagemaker_instances_without_tag_information/red_policy_test.py b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-630-sagemaker_instances_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.GetTopicAttributes_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..c8cd01557
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.GetTopicAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:sns-632-green\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-632-green",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.ListTopics_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.ListTopics_1.json
new file mode 100644
index 000000000..735baf046
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-632-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..a724a676a
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sns:us-east-1:111111111111:sns-632-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-632-sns_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.GetTopicAttributes_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..e9dd8246d
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.GetTopicAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:sns-632-red\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-632-red",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTagsForResource_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTagsForResource_1.json
new file mode 100644
index 000000000..e535abfac
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTagsForResource_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTopics_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTopics_1.json
new file mode 100644
index 000000000..876448fbc
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-632-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-632-sns_without_tag_information/red_policy_test.py b/tests/ecc-aws-632-sns_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..677213bd8
--- /dev/null
+++ b/tests/ecc-aws-632-sns_without_tag_information/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        sns_arn = resources[0]['TopicArn']
+        client = local_session.client("sns").list_tags_for_resource(ResourceArn=sns_arn)
+        base_test.assertFalse(client['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..c955ee6ae
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:633_sqs_green",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1661936938",
+            "LastModifiedTimestamp": "1661936938",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.ListQueues_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.ListQueues_1.json
new file mode 100644
index 000000000..756b493af
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/633_sqs_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..12dd2c22b
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sqs:us-east-1:111111111111:633_sqs_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-633-sqs_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.GetQueueAttributes_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.GetQueueAttributes_1.json
new file mode 100644
index 000000000..8ccc44186
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.GetQueueAttributes_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "QueueArn": "arn:aws:sqs:us-east-1:111111111111:633_sqs_red",
+            "ApproximateNumberOfMessages": "0",
+            "ApproximateNumberOfMessagesNotVisible": "0",
+            "ApproximateNumberOfMessagesDelayed": "0",
+            "CreatedTimestamp": "1661936719",
+            "LastModifiedTimestamp": "1661936719",
+            "VisibilityTimeout": "30",
+            "MaximumMessageSize": "2048",
+            "MessageRetentionPeriod": "86400",
+            "DelaySeconds": "90",
+            "ReceiveMessageWaitTimeSeconds": "10",
+            "SqsManagedSseEnabled": "false"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.ListQueues_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.ListQueues_1.json
new file mode 100644
index 000000000..f8618a3d8
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/sqs.ListQueues_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "QueueUrls": [
+            "https://queue.amazonaws.com/111111111111/633_sqs_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-633-sqs_without_tag_information/red_policy_test.py b/tests/ecc-aws-633-sqs_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-633-sqs_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..40413c764
--- /dev/null
+++ b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-638-green:b-6875c09b-72c5-436c-aa43-e2e897dea5d4",
+        "BrokerId": "b-6875c09b-72c5-436c-aa43-e2e897dea5d4",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.23.174"
+            },
+            {
+                "ConsoleURL": "https://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-6875c09b-72c5-436c-aa43-e2e897dea5d4-2.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.79.185"
+            }
+        ],
+        "BrokerName": "mq-broker-active-638-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 5,
+            "hour": 10,
+            "minute": 53,
+            "second": 52,
+            "microsecond": 711000
+        },
+        "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.16.4",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-6875c09b-72c5-436c-aa43-e2e897dea5d4/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-6875c09b-72c5-436c-aa43-e2e897dea5d4/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "TUESDAY",
+            "TimeOfDay": "20:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-247c052a",
+            "subnet-fa9dcab7"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-638-mq_broker_active_deployment_mode",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..5860dba76
--- /dev/null
+++ b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-638-green:b-6875c09b-72c5-436c-aa43-e2e897dea5d4",
+                "BrokerId": "b-6875c09b-72c5-436c-aa43-e2e897dea5d4",
+                "BrokerName": "mq-broker-active-638-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 10,
+                    "minute": 53,
+                    "second": 52,
+                    "microsecond": 711000
+                },
+                "DeploymentMode": "ACTIVE_STANDBY_MULTI_AZ",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..d02ea5097
--- /dev/null
+++ b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-638-red:b-dbd9cf80-6664-47c8-8774-2bbddc89b13b",
+        "BrokerId": "b-dbd9cf80-6664-47c8-8774-2bbddc89b13b",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-dbd9cf80-6664-47c8-8774-2bbddc89b13b-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.13.141"
+            }
+        ],
+        "BrokerName": "mq-broker-active-638-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 5,
+            "hour": 11,
+            "minute": 27,
+            "second": 13,
+            "microsecond": 692000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.16.4",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-dbd9cf80-6664-47c8-8774-2bbddc89b13b/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-dbd9cf80-6664-47c8-8774-2bbddc89b13b/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "THURSDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-b045c2d6"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-638-mq_broker_active_deployment_mode",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..f151441b9
--- /dev/null
+++ b/tests/ecc-aws-638-mq_broker_active_deployment_mode/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-638-red:b-dbd9cf80-6664-47c8-8774-2bbddc89b13b",
+                "BrokerId": "b-dbd9cf80-6664-47c8-8774-2bbddc89b13b",
+                "BrokerName": "mq-broker-active-638-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 11,
+                    "minute": 27,
+                    "second": 13,
+                    "microsecond": 692000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-638-mq_broker_active_deployment_mode/red_policy_test.py b/tests/ecc-aws-638-mq_broker_active_deployment_mode/red_policy_test.py
new file mode 100644
index 000000000..28d9028ff
--- /dev/null
+++ b/tests/ecc-aws-638-mq_broker_active_deployment_mode/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DeploymentMode'], 'SINGLE_INSTANCE')
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..888483101
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-rabbit-639-green:b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604",
+        "BrokerId": "b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604.mq.us-east-1.amazonaws.com",
+                "Endpoints": [
+                    "amqps://b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604.mq.us-east-1.amazonaws.com:5671"
+                ]
+            }
+        ],
+        "BrokerName": "mq-broker-rabbit-639-green",
+        "BrokerState": "RUNNING",
+        "Created": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 11,
+            "minute": 46,
+            "second": 27,
+            "microsecond": 783000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "RabbitMQ",
+        "EngineVersion": "3.10.10",
+        "HostInstanceType": "mq.t3.micro",
+        "Logs": {
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "WEDNESDAY",
+            "TimeOfDay": "19:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": true,
+        "SecurityGroups": [],
+        "StorageType": "ebs",
+        "SubnetIds": [
+            "subnet-8158d8de"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-639-mq_brocker_latest_version",
+            "ComplianceStatus": "Green"
+        },
+        "Users": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_2.json b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_2.json
new file mode 100644
index 000000000..d9b394917
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.DescribeBroker_2.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-639-green:b-f403de1b-8969-4297-983d-06e1fa9f7675",
+        "BrokerId": "b-f403de1b-8969-4297-983d-06e1fa9f7675",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-f403de1b-8969-4297-983d-06e1fa9f7675-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.37.173"
+            }
+        ],
+        "BrokerName": "mq-broker-active-639-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 1,
+            "day": 3,
+            "hour": 11,
+            "minute": 46,
+            "second": 25,
+            "microsecond": 542000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.17.1",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-f403de1b-8969-4297-983d-06e1fa9f7675/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-f403de1b-8969-4297-983d-06e1fa9f7675/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "FRIDAY",
+            "TimeOfDay": "21:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-8158d8de"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-639-mq_brocker_latest_version",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..70705a58c
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-rabbit-639-green:b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604",
+                "BrokerId": "b-6bfc14fc-3acb-41d9-9fd4-f4931e15e604",
+                "BrokerName": "mq-broker-rabbit-639-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 46,
+                    "second": 27,
+                    "microsecond": 783000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "RabbitMQ",
+                "HostInstanceType": "mq.t3.micro"
+            },
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-active-639-green:b-f403de1b-8969-4297-983d-06e1fa9f7675",
+                "BrokerId": "b-f403de1b-8969-4297-983d-06e1fa9f7675",
+                "BrokerName": "mq-broker-active-639-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 46,
+                    "second": 25,
+                    "microsecond": 542000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..7d9e2d25c
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,57 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-rabbit-639-red:b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2",
+        "BrokerId": "b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2.mq.us-east-1.amazonaws.com",
+                "Endpoints": [
+                    "amqps://b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2.mq.us-east-1.amazonaws.com:5671"
+                ]
+            }
+        ],
+        "BrokerName": "mq-broker-rabbit-639-red",
+        "BrokerState": "RUNNING",
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 4,
+            "hour": 9,
+            "minute": 3,
+            "second": 22,
+            "microsecond": 69000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "UseAwsOwnedKey": true
+        },
+        "EngineType": "RabbitMQ",
+        "EngineVersion": "3.8.30",
+        "HostInstanceType": "mq.t3.micro",
+        "Logs": {
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "MONDAY",
+            "TimeOfDay": "17:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": true,
+        "SecurityGroups": [],
+        "StorageType": "ebs",
+        "SubnetIds": [
+            "subnet-247c052a"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-639-mq_brocker_latest_version",
+            "ComplianceStatus": "Red"
+        },
+        "Users": []
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..6abe2f32c
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-rabbit-639-red:b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2",
+                "BrokerId": "b-3147bbc4-8ebd-4bbe-b2d6-286249deeec2",
+                "BrokerName": "mq-broker-rabbit-639-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 3,
+                    "second": 22,
+                    "microsecond": 69000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "RabbitMQ",
+                "HostInstanceType": "mq.t3.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-639-mq_broker_latest_version/red_policy_test.py b/tests/ecc-aws-639-mq_broker_latest_version/red_policy_test.py
new file mode 100644
index 000000000..480c60473
--- /dev/null
+++ b/tests/ecc-aws-639-mq_broker_latest_version/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['EngineType'], 'RabbitMQ')
+        base_test.assertEqual(resources[0]['EngineVersion'], '3.8.30')
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..9dbe445c0
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "27b443b5-648f-4a7a-8fdc-7b22c92504b3",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/27b443b5-648f-4a7a-8fdc-7b22c92504b3",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 5,
+                "hour": 7,
+                "minute": 52,
+                "second": 54,
+                "microsecond": 390000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt MQ",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..a505874cc
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/640-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/640-green",
+                "TargetKeyId": "27b443b5-648f-4a7a-8fdc-7b22c92504b3",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 7,
+                    "minute": 53,
+                    "second": 7,
+                    "microsecond": 645000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 7,
+                    "minute": 53,
+                    "second": 7,
+                    "microsecond": 645000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..b62ba8823
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.DescribeBroker_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-640-green:b-4d707a1a-0360-465b-a184-b88d4edbeada",
+        "BrokerId": "b-4d707a1a-0360-465b-a184-b88d4edbeada",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-4d707a1a-0360-465b-a184-b88d4edbeada-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.94.160"
+            }
+        ],
+        "BrokerName": "mq-broker-640-green",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 5,
+            "hour": 7,
+            "minute": 54,
+            "second": 57,
+            "microsecond": 731000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/27b443b5-648f-4a7a-8fdc-7b22c92504b3",
+            "UseAwsOwnedKey": false
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-4d707a1a-0360-465b-a184-b88d4edbeada/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-4d707a1a-0360-465b-a184-b88d4edbeada/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "FRIDAY",
+            "TimeOfDay": "17:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-cd7af8ec"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-640-mq_broker_encrypted_with_kms_cmk",
+            "ComplianceStatus": "Green"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.ListBrokers_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.ListBrokers_1.json
new file mode 100644
index 000000000..d9e4ee3ec
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-640-green:b-4d707a1a-0360-465b-a184-b88d4edbeada",
+                "BrokerId": "b-4d707a1a-0360-465b-a184-b88d4edbeada",
+                "BrokerName": "mq-broker-640-green",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 7,
+                    "minute": 54,
+                    "second": 57,
+                    "microsecond": 731000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..192a8ee4e
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/27b443b5-648f-4a7a-8fdc-7b22c92504b3",
+                "Tags": [
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "CustodiaRule",
+                        "Value": "ecc-aws-640-mq_broker_encrypted_with_kms_cmk"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..2dd9c3ee2
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "56bfb5e3-102f-44bb-b8a0-9509d18c4b68",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/56bfb5e3-102f-44bb-b8a0-9509d18c4b68",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 5,
+                "hour": 8,
+                "minute": 12,
+                "second": 8,
+                "microsecond": 554000
+            },
+            "Enabled": true,
+            "Description": "Default key that protects my MQ data when no other key is defined",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "AWS",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..bdc8784fb
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/aws/mq",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/mq",
+                "TargetKeyId": "56bfb5e3-102f-44bb-b8a0-9509d18c4b68",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 8,
+                    "microsecond": 764000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 8,
+                    "microsecond": 764000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.DescribeBroker_1.json
new file mode 100644
index 000000000..dd7445b28
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.DescribeBroker_1.json
@@ -0,0 +1,78 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "AuthenticationStrategy": "simple",
+        "AutoMinorVersionUpgrade": false,
+        "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-640-red:b-8fe42657-d316-4dcf-a301-c3c04106e7f4",
+        "BrokerId": "b-8fe42657-d316-4dcf-a301-c3c04106e7f4",
+        "BrokerInstances": [
+            {
+                "ConsoleURL": "https://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:8162",
+                "Endpoints": [
+                    "ssl://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:61617",
+                    "amqp+ssl://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:5671",
+                    "stomp+ssl://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:61614",
+                    "mqtt+ssl://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:8883",
+                    "wss://b-8fe42657-d316-4dcf-a301-c3c04106e7f4-1.mq.us-east-1.amazonaws.com:61619"
+                ],
+                "IpAddress": "172.31.43.189"
+            }
+        ],
+        "BrokerName": "mq-broker-640-red",
+        "BrokerState": "RUNNING",
+        "Configurations": {
+            "Current": {
+                "Id": "c-111qqq2-asdf-qwer-1111-asdfghqwe",
+                "Revision": 1
+            },
+            "History": []
+        },
+        "Created": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 7,
+            "day": 5,
+            "hour": 8,
+            "minute": 12,
+            "second": 8,
+            "microsecond": 809000
+        },
+        "DeploymentMode": "SINGLE_INSTANCE",
+        "EncryptionOptions": {
+            "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/56bfb5e3-102f-44bb-b8a0-9509d18c4b68",
+            "UseAwsOwnedKey": false
+        },
+        "EngineType": "ActiveMQ",
+        "EngineVersion": "5.15.9",
+        "HostInstanceType": "mq.t2.micro",
+        "Logs": {
+            "Audit": false,
+            "AuditLogGroup": "/aws/amazonmq/broker/b-8fe42657-d316-4dcf-a301-c3c04106e7f4/audit",
+            "General": false,
+            "GeneralLogGroup": "/aws/amazonmq/broker/b-8fe42657-d316-4dcf-a301-c3c04106e7f4/general"
+        },
+        "MaintenanceWindowStartTime": {
+            "DayOfWeek": "WEDNESDAY",
+            "TimeOfDay": "18:00",
+            "TimeZone": "UTC"
+        },
+        "PubliclyAccessible": false,
+        "SecurityGroups": [
+            "sg-a5befc90"
+        ],
+        "StorageType": "efs",
+        "SubnetIds": [
+            "subnet-8158d8de"
+        ],
+        "Tags": {
+            "CustodianRule": "ecc-aws-640-mq_broker_encrypted_with_kms_cmk",
+            "ComplianceStatus": "Red"
+        },
+        "Users": [
+            {
+                "Username": "root"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.ListBrokers_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.ListBrokers_1.json
new file mode 100644
index 000000000..c486c83f4
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/mq.ListBrokers_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "BrokerSummaries": [
+            {
+                "BrokerArn": "arn:aws:mq:us-east-1:111111111111:broker:mq-broker-640-red:b-8fe42657-d316-4dcf-a301-c3c04106e7f4",
+                "BrokerId": "b-8fe42657-d316-4dcf-a301-c3c04106e7f4",
+                "BrokerName": "mq-broker-640-red",
+                "BrokerState": "RUNNING",
+                "Created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 12,
+                    "second": 8,
+                    "microsecond": 809000
+                },
+                "DeploymentMode": "SINGLE_INSTANCE",
+                "EngineType": "ActiveMQ",
+                "HostInstanceType": "mq.t2.micro"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8b704d185
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..80819ef0d
--- /dev/null
+++ b/tests/ecc-aws-640-mq_broker_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        key_raw = resources[0]['EncryptionOptions']['KmsKeyId']
+        key_id = key_raw.split('/')
+        kms = local_session.client("kms").describe_key(KeyId=key_id[1])
+        base_test.assertEqual(kms['KeyMetadata']['KeyManager'], 'AWS')        
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.DescribeStream_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..7060e12b7
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.DescribeStream_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "641_kinesis_stream_green",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/641_kinesis_stream_green",
+            "StreamStatus": "ACTIVE",
+            "StreamModeDetails": {
+                "StreamMode": "PROVISIONED"
+            },
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211455"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49636711835700084412026214882556301244808753780250116098"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 3,
+                "hour": 10,
+                "minute": 44,
+                "second": 30,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": [
+                        "IncomingBytes",
+                        "OutgoingRecords",
+                        "IteratorAgeMilliseconds",
+                        "IncomingRecords",
+                        "ReadProvisionedThroughputExceeded",
+                        "WriteProvisionedThroughputExceeded",
+                        "OutgoingBytes"
+                    ]
+                }
+            ],
+            "EncryptionType": "NONE"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.ListStreams_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..24d353480
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "641_kinesis_stream_green"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f63e8b0f0
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/641_kinesis_stream_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+	    ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.DescribeStream_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.DescribeStream_1.json
new file mode 100644
index 000000000..d893885e9
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.DescribeStream_1.json
@@ -0,0 +1,44 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamDescription": {
+            "StreamName": "641_kinesis_stream_red",
+            "StreamARN": "arn:aws:kinesis:us-east-1:111111111111:stream/641_kinesis_stream_red",
+            "StreamStatus": "ACTIVE",
+            "StreamModeDetails": {
+                "StreamMode": "PROVISIONED"
+            },
+            "Shards": [
+                {
+                    "ShardId": "shardId-111111111111",
+                    "HashKeyRange": {
+                        "StartingHashKey": "0",
+                        "EndingHashKey": "340282366920938463463374607431768211455"
+                    },
+                    "SequenceNumberRange": {
+                        "StartingSequenceNumber": "49636712310259942236757875334436386086765978024417427458"
+                    }
+                }
+            ],
+            "HasMoreShards": false,
+            "RetentionPeriodHours": 24,
+            "StreamCreationTimestamp": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 3,
+                "hour": 11,
+                "minute": 6,
+                "second": 40,
+                "microsecond": 0
+            },
+            "EnhancedMonitoring": [
+                {
+                    "ShardLevelMetrics": []
+                }
+            ],
+            "EncryptionType": "NONE"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.ListStreams_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.ListStreams_1.json
new file mode 100644
index 000000000..fdaddaf40
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/kinesis.ListStreams_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "StreamNames": [
+            "641_kinesis_stream_red"
+        ],
+        "HasMoreStreams": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..845974515
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesis:us-east-1:111111111111:stream/641_kinesis_stream_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red_policy_test.py b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red_policy_test.py
new file mode 100644
index 000000000..c412ed7b7
--- /dev/null
+++ b/tests/ecc-aws-641_kinesis_streams_shard_level_monitoring_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['EnhancedMonitoring'][0]['ShardLevelMetrics'])
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.DescribeLedger_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..520bd9816
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.DescribeLedger_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-643-green",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-643-green",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 1,
+            "hour": 9,
+            "minute": 1,
+            "second": 25,
+            "microsecond": 401000
+        },
+        "PermissionsMode": "STANDARD",
+        "DeletionProtection": true
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.ListLedgers_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..9e07ef55e
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-643-green",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 1,
+                    "second": 25,
+                    "microsecond": 401000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ca8244285
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-643-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-643-qldb_persmission_mode_is_standard"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.DescribeLedger_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..b9e9ea4ff
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.DescribeLedger_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-643-red",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-643-red",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 1,
+            "hour": 9,
+            "minute": 1,
+            "second": 51,
+            "microsecond": 169000
+        },
+        "PermissionsMode": "ALLOW_ALL",
+        "DeletionProtection": true
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.ListLedgers_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..408208482
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-643-red",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 1,
+                    "hour": 9,
+                    "minute": 1,
+                    "second": 51,
+                    "microsecond": 169000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..952ef5b3d
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-643-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-643-qldb_persmission_mode_is_standard"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-643-qldb_permission_mode_is_standard/red_policy_test.py b/tests/ecc-aws-643-qldb_permission_mode_is_standard/red_policy_test.py
new file mode 100644
index 000000000..c08c5feed
--- /dev/null
+++ b/tests/ecc-aws-643-qldb_permission_mode_is_standard/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['PermissionsMode'], "ALLOW_ALL")
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.DescribeLedger_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..e3e7a19f9
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.DescribeLedger_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-644-green",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-644-green",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 8,
+            "day": 31,
+            "hour": 12,
+            "minute": 3,
+            "second": 37,
+            "microsecond": 76000
+        },
+        "PermissionsMode": "STANDARD",
+        "DeletionProtection": true
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.ListLedgers_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..5dfbf3a7f
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-644-green",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 12,
+                    "minute": 3,
+                    "second": 37,
+                    "microsecond": 76000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f2c9ec995
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-644-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-644-qldb_deletion_protection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.DescribeLedger_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.DescribeLedger_1.json
new file mode 100644
index 000000000..925db2466
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.DescribeLedger_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Name": "qldb-644-red",
+        "Arn": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-644-red",
+        "State": "ACTIVE",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 8,
+            "day": 31,
+            "hour": 11,
+            "minute": 47,
+            "second": 1,
+            "microsecond": 852000
+        },
+        "PermissionsMode": "STANDARD",
+        "DeletionProtection": false
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.ListLedgers_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.ListLedgers_1.json
new file mode 100644
index 000000000..83ed47d22
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/qldb.ListLedgers_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Ledgers": [
+            {
+                "Name": "qldb-644-red",
+                "State": "ACTIVE",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 8,
+                    "day": 31,
+                    "hour": 11,
+                    "minute": 47,
+                    "second": 1,
+                    "microsecond": 852000
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..cda041af1
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:qldb:us-east-1:111111111111:ledger/qldb-644-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-644-qldb_deletion_protection_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-644-qldb_deletion_protection_enabled/red_policy_test.py b/tests/ecc-aws-644-qldb_deletion_protection_enabled/red_policy_test.py
new file mode 100644
index 000000000..5aed4952c
--- /dev/null
+++ b/tests/ecc-aws-644-qldb_deletion_protection_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['DeletionProtection'])
\ No newline at end of file
diff --git a/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..9c29a8d2b
--- /dev/null
+++ b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_652_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 20,
+                "hour": 9,
+                "minute": 34,
+                "second": 17,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/652_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 34,
+                    "second": 17,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_652_green-DAGProcessing",
+                    "Enabled": true,
+                    "LogLevel": "DEBUG"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_652_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_652_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-09fe7e43cc25cd3c1"
+                ],
+                "SubnetIds": [
+                    "subnet-044d74bb28b111bcf",
+                    "subnet-05c1353f5033b6404"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::652-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-652-mwaa_dag_processing_logs_set_correctly",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "e53defd8-e818-4b4a-a315-ae2c7a94b4c5-vpce.c7.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "FRI:22:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..4f39e77af
--- /dev/null
+++ b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_652_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..7b23407ad
--- /dev/null
+++ b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_652_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 20,
+                "hour": 9,
+                "minute": 46,
+                "second": 27,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/652_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 46,
+                    "second": 27,
+                    "microsecond": 0
+                },
+                "Status": "PENDING"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_652_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0bdd285cb21f4d509"
+                ],
+                "SubnetIds": [
+                    "subnet-079db14b7c4fb3a18",
+                    "subnet-0c20c29225a1db03b"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::652-bucket-red",
+            "Status": "CREATING",
+            "Tags": {
+                "CustodianRule": "ecc-aws-652-mwaa_dag_processing_logs_set_correctly",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WeeklyMaintenanceWindowStart": "TUE:18:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..de1f07f47
--- /dev/null
+++ b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_652_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..b0771517e
--- /dev/null
+++ b/tests/ecc-aws-652-mwaa_dag_processing_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LoggingConfiguration']['DagProcessingLogs']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..fdcd1bd90
--- /dev/null
+++ b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_653_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 21,
+                "hour": 8,
+                "minute": 46,
+                "second": 36,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/653_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 8,
+                    "minute": 46,
+                    "second": 36,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_653_green-Scheduler",
+                    "Enabled": true,
+                    "LogLevel": "DEBUG"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_653_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_653_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-08d3cb1376fcc2ab0"
+                ],
+                "SubnetIds": [
+                    "subnet-0fd343be1eb83a149",
+                    "subnet-0d2a17c33da489143"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::653-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-653-mwaa_scheduler_logs_set_correctly",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "c66ba919-de4d-43e0-afd4-314a56a0cc49-vpce.c75.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "TUE:10:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..1441ef13f
--- /dev/null
+++ b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_653_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..7b903eddf
--- /dev/null
+++ b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_653_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 21,
+                "hour": 8,
+                "minute": 46,
+                "second": 55,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/653_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 8,
+                    "minute": 46,
+                    "second": 55,
+                    "microsecond": 0
+                },
+                "Status": "PENDING"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_653_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0f23e16c87da561e4"
+                ],
+                "SubnetIds": [
+                    "subnet-052aed044f0405c10",
+                    "subnet-03f5a18932eeb514c"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::653-bucket-red",
+            "Status": "CREATING",
+            "Tags": {
+                "CustodianRule": "ecc-aws-653-mwaa_scheduler_logs_set_correctly",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WeeklyMaintenanceWindowStart": "THU:23:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..44d78e084
--- /dev/null
+++ b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_653_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..6c6befdf0
--- /dev/null
+++ b/tests/ecc-aws-653-mwaa_scheduler_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LoggingConfiguration']['SchedulerLogs']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..c79cf4c3c
--- /dev/null
+++ b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_654_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 21,
+                "hour": 12,
+                "minute": 46,
+                "second": 41,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/654_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 12,
+                    "minute": 46,
+                    "second": 41,
+                    "microsecond": 0
+                },
+                "Status": "PENDING"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "Enabled": true,
+                    "LogLevel": "DEBUG"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_654_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0e0095dd94ce0c997"
+                ],
+                "SubnetIds": [
+                    "subnet-07dc6f7594545f351",
+                    "subnet-0a98eb2f58cb8dba0"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::654-bucket-green",
+            "Status": "CREATING",
+            "Tags": {
+                "CustodianRule": "ecc-aws-654-mwaa_task_logs_set_correctly",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WeeklyMaintenanceWindowStart": "FRI:04:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..50cd4f231
--- /dev/null
+++ b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_654_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..f335b37d1
--- /dev/null
+++ b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_654_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 21,
+                "hour": 12,
+                "minute": 17,
+                "second": 34,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/654_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 12,
+                    "minute": 17,
+                    "second": 34,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_654_red-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_654_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-018eb517ccf743194"
+                ],
+                "SubnetIds": [
+                    "subnet-0df95d3d333f1751c",
+                    "subnet-0cc8673af7c00ff5b"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::654-bucket-red",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-654-mwaa_task_logs_set_correctly",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "304ee7ad-f02b-438f-984d-4d6df2d7865e-vpce.c75.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "SAT:23:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..16e36dd23
--- /dev/null
+++ b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_654_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-654-mwaa_task_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..f6168ef6d
--- /dev/null
+++ b/tests/ecc-aws-654-mwaa_task_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['LoggingConfiguration']['TaskLogs']['Enabled'])
+        base_test.assertEqual(resources[0]['LoggingConfiguration']['TaskLogs']['LogLevel'], 'INFO')
\ No newline at end of file
diff --git a/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..859186ed3
--- /dev/null
+++ b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_655_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 25,
+                "hour": 7,
+                "minute": 23,
+                "second": 57,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/655_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 57,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_655_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_655_green-WebServer",
+                    "Enabled": true,
+                    "LogLevel": "DEBUG"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_655_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-05aa848b0bf884d7c"
+                ],
+                "SubnetIds": [
+                    "subnet-0d151a5d40555cf40",
+                    "subnet-04b1be103428fbdc9"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::655-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-655-mwaa_webserver_logs_set_correctly",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "f1ed266e-065a-4a4b-8de6-e6cbc3a34830-vpce.c23.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "THU:15:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..915330549
--- /dev/null
+++ b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_655_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..596b975b4
--- /dev/null
+++ b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_655_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 25,
+                "hour": 7,
+                "minute": 50,
+                "second": 51,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/655_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 7,
+                    "minute": 50,
+                    "second": 51,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_655_red-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_655_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0d0bf3d535420cd71"
+                ],
+                "SubnetIds": [
+                    "subnet-02bed26f3cc218e0a",
+                    "subnet-019038d21a97e6607"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::655-bucket-red",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-655-mwaa_webserver_logs_set_correctly",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "307cfc45-9be8-4920-bbdf-2e60239211da-vpce.c0.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "THU:17:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..acbeaa05b
--- /dev/null
+++ b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_655_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..5da5002a9
--- /dev/null
+++ b/tests/ecc-aws-655-mwaa_webserver_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LoggingConfiguration']['WebserverLogs']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..8c9130a5b
--- /dev/null
+++ b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_656_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 25,
+                "hour": 11,
+                "minute": 38,
+                "second": 37,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/656_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 37,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_656_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+					"CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_656_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "DEBUG"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_656_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-030282d78ef5a9119"
+                ],
+                "SubnetIds": [
+                    "subnet-0d0f8d1b312e3ee0b",
+                    "subnet-0599f078189c601d5"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::656-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-656-mwaa_worker_logs_set_correctly",
+                "ComplianceStatus": "green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "e144f980-60b2-4b86-af62-954fbee4ebfb-vpce.c76.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "SAT:07:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..6426206cc
--- /dev/null
+++ b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_656_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..7ae4531d8
--- /dev/null
+++ b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.2.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_656_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 25,
+                "hour": 11,
+                "minute": 38,
+                "second": 37,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/656_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 25,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 37,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_656_red-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_656_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-030282d78ef5a9119"
+                ],
+                "SubnetIds": [
+                    "subnet-0d0f8d1b312e3ee0b",
+                    "subnet-0599f078189c601d5"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::656-bucket-red",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-656-mwaa_worker_logs_set_correctly",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "e144f980-60b2-4b86-af62-954fbee4ebfb-vpce.c76.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "SAT:07:30"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..65fcbf617
--- /dev/null
+++ b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_656_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/red_policy_test.py b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/red_policy_test.py
new file mode 100644
index 000000000..f0bba454a
--- /dev/null
+++ b/tests/ecc-aws-656-mwaa_worker_logs_set_correctly/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LoggingConfiguration']['WorkerLogs']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..4e55e54bb
--- /dev/null
+++ b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,108 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-657-redshift-green",
+                "NodeType": "ra3.xlplus",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftgreen",
+                "Endpoint": {
+                    "Address": "c7n-657-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439,
+                    "VpcEndpoints": [
+                        {
+                            "VpcEndpointId": "vpce-0b53d8d1250ec9f77",
+                            "VpcId": "vpc-12345asdfg",
+                            "NetworkInterfaces": [
+                                {
+                                    "NetworkInterfaceId": "eni-05da82ba6b0c07ae3",
+                                    "SubnetId": "subnet-cd7af8ec",
+                                    "PrivateIpAddress": "172.31.85.96",
+                                    "AvailabilityZone": "us-east-1c"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 10,
+                    "minute": 46,
+                    "second": 18,
+                    "microsecond": 797000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1c",
+                "PreferredMaintenanceWindow": "wed:09:00-wed:09:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": false,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCAyg3oNKc25jTe8odzUkz/sxGXewgeAIqaFdmIY5YmERDeQE/8oUzumJf6wCiWpUk/7LNV6QiWsQLtgS9ODgpgBKn6An0R4pLt8m4VpRdyXzKdWd8IkwYFrFwUM9JS+nL9x/8RYo4cj8854QV6YLyUoiu5ep0YyIS+eaZDYPT5wPIP34qmTvLjv0B4/yZjku7zIPMinjbKO3YQQS+9p1Uo8wJW0kRj27EIyfaRtU/uYsq9f5elLdDm2lMN4z6/SoHdUId7rZX66e5gHcvzJWofXMRHaeGwlIcnpvh5rdG7QpOHMA0zVx1GhpY/SXSBVzTWijsxXzTADcGkoXcJWN5J Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.89.69",
+                        "PublicIPAddress": "3.232.88.205"
+                    }
+                ],
+                "ClusterRevisionNumber": "38698",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 13,
+                    "hour": 9,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "enabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:a04da04d-a082-480f-ac90-b0077d6c9fea",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..b0f42a2c2
--- /dev/null
+++ b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-657-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "c7nredshiftred",
+                "Endpoint": {
+                    "Address": "c7n-657-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 6,
+                    "hour": 10,
+                    "minute": 51,
+                    "second": 40,
+                    "microsecond": 157000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "thu:03:30-thu:04:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtQ4/PWoUcrZvSSIyGC/lG/z2c9C00wLDi6/FjLX32OxCGkIsB6Dg+TkiR+CrrJSCpSTzHSB0IW660fFde1vvrPhb/3mGqbZ1nPZrjF1KwQ6ci7RNnwibpit+YiLTE7PSXRFje8ND58NDBBPPXEkzx7V1p3EsI+45nUkEgetnMrVwgK9UGUU1NPAOZ6to68l9X0CmAmI3rhiZJFosV6/S7fnrRlWHfhMZPkRj0qZezpnzgQFeLtLOkX09U8QrIADXjK8PoOfYKRLfUkL4+QisV2iVGJah9aEp9B7yYi/Bbx6dfB5avzKsEhZbJLp5ysfSeFKaZczlKE+gR/ODV56iZ Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.60.214",
+                        "PublicIPAddress": "23.20.203.135"
+                    }
+                ],
+                "ClusterRevisionNumber": "38698",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 7,
+                    "hour": 3,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:8342dcbc-3ed3-40e5-9532-eab2e7f8e0cd",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/red_policy_test.py b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/red_policy_test.py
new file mode 100644
index 000000000..8bf31d444
--- /dev/null
+++ b/tests/ecc-aws-657-redshift_availability_zone_relocation_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['AvailabilityZoneRelocationStatus'], 'disabled')
\ No newline at end of file
diff --git a/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..3852c2ac3
--- /dev/null
+++ b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-664-elasticache-cluster-green",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "7.0.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1a",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 33,
+                    "second": 42,
+                    "microsecond": 323000
+                },
+                "PreferredMaintenanceWindow": "wed:09:00-wed:10:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis7",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "04:30-05:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-664-elasticache-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": [
+                    {
+                        "LogType": "engine-log",
+                        "DestinationType": "cloudwatch-logs",
+                        "DestinationDetails": {
+                            "CloudWatchLogsDetails": {
+                                "LogGroup": "664-log-group-green"
+                            }
+                        },
+                        "LogFormat": "json",
+                        "Status": "active"
+                    },
+                    {
+                        "LogType": "slow-log",
+                        "DestinationType": "cloudwatch-logs",
+                        "DestinationDetails": {
+                            "CloudWatchLogsDetails": {
+                                "LogGroup": "664-log-group-green"
+                            }
+                        },
+                        "LogFormat": "text",
+                        "Status": "active"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..ad7a5ddf9
--- /dev/null
+++ b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-664-elasticache-cluster-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-664-elasticache_redis_logs_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..2f77aed80
--- /dev/null
+++ b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-664-elasticache-cluster-red",
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "redis",
+                "EngineVersion": "7.0.5",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1f",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 26,
+                    "second": 5,
+                    "microsecond": 557000
+                },
+                "PreferredMaintenanceWindow": "mon:07:30-mon:08:30",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.redis7",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "SnapshotRetentionLimit": 0,
+                "SnapshotWindow": "08:30-09:30",
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-664-elasticache-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..eb5a36fd5
--- /dev/null
+++ b/tests/ecc-aws-664-elasticache_redis_logs_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-664-elasticache-cluster-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-664-elasticache_redis_logs_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-664-elasticache_redis_logs_enabled/red_policy_test.py b/tests/ecc-aws-664-elasticache_redis_logs_enabled/red_policy_test.py
new file mode 100644
index 000000000..def889591
--- /dev/null
+++ b/tests/ecc-aws-664-elasticache_redis_logs_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['LogDeliveryConfigurations'])
\ No newline at end of file
diff --git a/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..fde44b7d9
--- /dev/null
+++ b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-665-elasticache-memcached-cluster-green",
+                "ConfigurationEndpoint": {
+                    "Address": "c7n-665-elasticache-memcached-cluster-green.ps5uie.cfg.use1.cache.amazonaws.com",
+                    "Port": 11211
+                },
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "memcached",
+                "EngineVersion": "1.5.16",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1e",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 7,
+                    "second": 35,
+                    "microsecond": 770000
+                },
+                "PreferredMaintenanceWindow": "tue:04:00-tue:05:00",
+                "PendingModifiedValues": {},
+                "NotificationConfiguration": {
+                    "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-topic-665-green",
+                    "TopicStatus": "active"
+                },
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.memcached1.5",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-665-elasticache-memcached-cluster-green",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..545352708
--- /dev/null
+++ b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-665-elasticache-memcached-cluster-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-665-elasticache_notifications_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
new file mode 100644
index 000000000..be56a6def
--- /dev/null
+++ b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/elasticache.DescribeCacheClusters_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "CacheClusters": [
+            {
+                "CacheClusterId": "c7n-665-elasticache-memcached-cluster-red",
+                "ConfigurationEndpoint": {
+                    "Address": "c7n-665-elasticache-memcached-cluster-red.ps5uie.cfg.use1.cache.amazonaws.com",
+                    "Port": 11211
+                },
+                "ClientDownloadLandingPage": "https://console.aws.amazon.com/elasticache/home#client-download:",
+                "CacheNodeType": "cache.t2.micro",
+                "Engine": "memcached",
+                "EngineVersion": "1.5.16",
+                "CacheClusterStatus": "available",
+                "NumCacheNodes": 1,
+                "PreferredAvailabilityZone": "us-east-1c",
+                "CacheClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 20,
+                    "hour": 9,
+                    "minute": 8,
+                    "second": 41,
+                    "microsecond": 268000
+                },
+                "PreferredMaintenanceWindow": "mon:08:00-mon:09:00",
+                "PendingModifiedValues": {},
+                "CacheSecurityGroups": [],
+                "CacheParameterGroup": {
+                    "CacheParameterGroupName": "default.memcached1.5",
+                    "ParameterApplyStatus": "in-sync",
+                    "CacheNodeIdsToReboot": []
+                },
+                "CacheSubnetGroupName": "default",
+                "AutoMinorVersionUpgrade": true,
+                "AuthTokenEnabled": false,
+                "TransitEncryptionEnabled": false,
+                "AtRestEncryptionEnabled": false,
+                "ARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-665-elasticache-memcached-cluster-red",
+                "ReplicationGroupLogDeliveryEnabled": false,
+                "LogDeliveryConfigurations": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6e46e6552
--- /dev/null
+++ b/tests/ecc-aws-665-elasticache_notifications_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticache:us-east-1:111111111111:cluster:c7n-665-elasticache-memcached-cluster-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-665-elasticache_notifications_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-665-elasticache_notifications_enabled/red_policy_test.py b/tests/ecc-aws-665-elasticache_notifications_enabled/red_policy_test.py
new file mode 100644
index 000000000..0ec4c7063
--- /dev/null
+++ b/tests/ecc-aws-665-elasticache_notifications_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('NotificationConfiguration', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..f807e8730
--- /dev/null
+++ b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-98RIDSQQQPV",
+            "Name": "669_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 7,
+                        "minute": 43,
+                        "second": 47,
+                        "microsecond": 635000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 7,
+                        "minute": 52,
+                        "second": 22,
+                        "microsecond": 887000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-043cf2d0896216e5f",
+                "RequestedEc2SubnetIds": [
+                    "subnet-043cf2d0896216e5f"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/669_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-01906266a0fa1d55e",
+                "EmrManagedSlaveSecurityGroup": "sg-01906266a0fa1d55e",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": true,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-669-emr_termination_protection_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/669_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "18.234.123.234",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-98RIDSQQQPV",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..2c6c438a0
--- /dev/null
+++ b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-98RIDSQQQPV",
+                "Name": "669_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 7,
+                            "day": 8,
+                            "hour": 7,
+                            "minute": 43,
+                            "second": 47,
+                            "microsecond": 635000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 7,
+                            "day": 8,
+                            "hour": 7,
+                            "minute": 52,
+                            "second": 22,
+                            "microsecond": 887000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-98RIDSQQQPV"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..8bccf1b28
--- /dev/null
+++ b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,88 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-33YO7CLXN0V2S",
+            "Name": "669_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 7,
+                        "minute": 54,
+                        "second": 11,
+                        "microsecond": 205000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 8,
+                        "hour": 8,
+                        "minute": 2,
+                        "second": 43,
+                        "microsecond": 708000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-046c64b0a12c8f960",
+                "RequestedEc2SubnetIds": [
+                    "subnet-046c64b0a12c8f960"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::111111111111:instance-profile/669_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-0027b2a83424c481e",
+                "EmrManagedSlaveSecurityGroup": "sg-0027b2a83424c481e",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-669-emr_termination_protection_enabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::111111111111:role/669_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "54.165.25.238",
+            "Configurations": [],
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-33YO7CLXN0V2S",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..39492ba3b
--- /dev/null
+++ b/tests/ecc-aws-669-emr_termination_protection_enabled/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-33YO7CLXN0V2S",
+                "Name": "669_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 7,
+                            "day": 8,
+                            "hour": 7,
+                            "minute": 54,
+                            "second": 11,
+                            "microsecond": 205000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 7,
+                            "day": 8,
+                            "hour": 8,
+                            "minute": 2,
+                            "second": 43,
+                            "microsecond": 708000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:111111111111:cluster/j-33YO7CLXN0V2S"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-669-emr_termination_protection_enabled/red_policy_test.py b/tests/ecc-aws-669-emr_termination_protection_enabled/red_policy_test.py
new file mode 100644
index 000000000..39bfcc772
--- /dev/null
+++ b/tests/ecc-aws-669-emr_termination_protection_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['TerminationProtected'])
\ No newline at end of file
diff --git a/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/glue.GetJobs_1.json b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/glue.GetJobs_1.json
new file mode 100644
index 000000000..11352006e
--- /dev/null
+++ b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/glue.GetJobs_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "672_glue_job_green",
+                "Role": "arn:aws:iam::111111111111:role/672_role_green",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 24,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 24,
+                    "microsecond": 921000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 24,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 24,
+                    "microsecond": 921000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-672-green/script",
+                    "PythonVersion": "2"
+                },
+                "DefaultArguments": {
+                    "--enable-spark-ui": "true"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "GlueVersion": "0.9"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..16d46ed04
--- /dev/null
+++ b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/672_glue_job_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-672-glue_spark_ui_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/glue.GetJobs_1.json b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/glue.GetJobs_1.json
new file mode 100644
index 000000000..8a7bd311a
--- /dev/null
+++ b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/glue.GetJobs_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "672_glue_job_red",
+                "Role": "arn:aws:iam::111111111111:role/672_role_red",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 24,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 7,
+                    "microsecond": 369000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 24,
+                    "hour": 13,
+                    "minute": 4,
+                    "second": 7,
+                    "microsecond": 369000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-672-red/script",
+                    "PythonVersion": "2"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "GlueVersion": "0.9"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..820a564a3
--- /dev/null
+++ b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/672_glue_job_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-672-glue_spark_ui_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/red_policy_test.py b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/red_policy_test.py
new file mode 100644
index 000000000..3688d4aac
--- /dev/null
+++ b/tests/ecc-aws-672-glue_spark_ui_monitoring_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('DefaultArguments', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..690eab7b9
--- /dev/null
+++ b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "677_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:677_lambda_green",
+                "Runtime": "python3.9",
+                "Role": "arn:aws:iam::111111111111:role/677_role_green",
+                "Handler": "lambda_function.lambda_handler",
+                "CodeSize": 274,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-20T09:50:40.000+0000",
+                "CodeSha256": "veQIlTnzZIYTZGyLfkSgPTI75Ak3/N9scJVIWj2M+tU=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "0a3ca98d-3587-4c28-a42a-365467339e1d",
+                "Layers": [
+                    {
+                        "Arn": "arn:aws:lambda:us-east-1:111111111111:layer:LambdaInsightsExtension:21",
+                        "CodeSize": 4197733
+                    },
+                    {
+                        "Arn": "arn:aws:lambda:us-east-1:111111111111:layer:rd-lambda-layer:2",
+                        "CodeSize": 43297309
+                    }
+                ],
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..72f598cdc
--- /dev/null
+++ b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:677_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-677-lambda_functions_enhanced_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..0e831b59b
--- /dev/null
+++ b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "677_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:677_lambda_red",
+                "Runtime": "python3.9",
+                "Role": "arn:aws:iam::111111111111:role/677_role_red",
+                "Handler": "lambda_function.lambda_handler",
+                "CodeSize": 274,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-20T09:56:15.181+0000",
+                "CodeSha256": "veQIlTnzZIYTZGyLfkSgPTI75Ak3/N9scJVIWj2M+tU=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "3469c48e-132e-4f43-bc5d-85b49ceec635",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..3937d88c8
--- /dev/null
+++ b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:677_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-677-lambda_functions_enhanced_monitoring_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red_policy_test.py b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red_policy_test.py
new file mode 100644
index 000000000..79b63cd4e
--- /dev/null
+++ b/tests/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('Layers',resources[0])
+
+
diff --git a/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..d9c040ee6
--- /dev/null
+++ b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "679_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:679_lambda_green",
+                "Runtime": "python3.9",
+                "Role": "arn:aws:iam::111111111111:role/679_role_green",
+                "Handler": "lambda_function.lambda_handler",
+                "CodeSize": 520,
+                "Description": "",
+                "Timeout": 5,
+                "MemorySize": 128,
+                "LastModified": "2023-01-20T16:55:42.000+0000",
+                "CodeSha256": "rhQ+bO32SDYy4HNxNGDNOCyYEeJ/QRUXMryH7IwXa+I=",
+                "Version": "$LATEST",
+                "Environment": {
+                    "Variables": {
+                        "foo": "AQICAHgMd32Evm7kY+idWX5X+R2WPiMESmexs5JbNw23irR9jAEtlAXRejV8K4H27mscAQmfAAAAYTBfBgkqhkiG9w0BBwagUjBQAgEAMEsGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMq20VTvz7mL0BvaZDAgEQgB5BeolKpdsrBFft1naVbbV9kRU49thRALVNFyG8FAg="
+                    }
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "bade49b1-7f6f-4065-8b0a-5c54499c418d",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..546ed1c77
--- /dev/null
+++ b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:679_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-679-lambda_environment_variables_encrypted_in_transit"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..b71948979
--- /dev/null
+++ b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "679_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:679_lambda_red",
+                "Runtime": "python3.9",
+                "Role": "arn:aws:iam::111111111111:role/679_role_red",
+                "Handler": "lambda_function.lambda_handler",
+                "CodeSize": 520,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-20T16:58:04.353+0000",
+                "CodeSha256": "rhQ+bO32SDYy4HNxNGDNOCyYEeJ/QRUXMryH7IwXa+I=",
+                "Version": "$LATEST",
+                "Environment": {
+                    "Variables": {
+                        "foo": "bar"
+                    }
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "1ec2d58a-a577-4dac-94f3-dd4781fe3ded",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..8934ef3ab
--- /dev/null
+++ b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:679_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-679-lambda_environment_variables_encrypted_in_transit"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red_policy_test.py b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red_policy_test.py
new file mode 100644
index 000000000..7d888fcf2
--- /dev/null
+++ b/tests/ecc-aws-679-lambda_environment_variables_encrypted_in_transit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotRegexpMatches(resources[0]['Environment']['Variables']['foo'], '^AQICAH.*')
\ No newline at end of file
diff --git a/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..2a8acae87
--- /dev/null
+++ b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "680_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:680_lambda_green",
+                "Runtime": "python3.9",
+                "Role": "arn:aws:iam::111111111111:role/680_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-05T11:56:56.896+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "bd7c0106-2c1f-419d-9abf-747be16549ce",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..21c080714
--- /dev/null
+++ b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:680_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-680-lambda_latest_runtime_environment_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..f5ed201d2
--- /dev/null
+++ b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "680_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:680_lambda_red",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/680_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-05T11:54:14.873+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "5b1c43f9-3792-4f52-a844-e8985161557e",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..0069388e3
--- /dev/null
+++ b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:680_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-680-lambda_latest_runtime_environment_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-680-lambda_latest_runtime_environment_version/red_policy_test.py b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/red_policy_test.py
new file mode 100644
index 000000000..410ff3e21
--- /dev/null
+++ b/tests/ecc-aws-680-lambda_latest_runtime_environment_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Runtime'], 'python3.8')
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.GetFunction_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.GetFunction_1.json
new file mode 100644
index 000000000..1b5056498
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.GetFunction_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Configuration": {
+            "FunctionName": "681_lambda_green",
+            "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_green",
+            "Runtime": "python3.8",
+            "Role": "arn:aws:iam::111111111111:role/681_role_green",
+            "Handler": "func.py",
+            "CodeSize": 299,
+            "Description": "",
+            "Timeout": 3,
+            "MemorySize": 128,
+            "LastModified": "2022-12-09T12:03:49.594+0000",
+            "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+            "Version": "$LATEST",
+            "TracingConfig": {
+                "Mode": "PassThrough"
+            },
+            "RevisionId": "04cc2057-7b8d-4d2d-b490-9d15d418b2aa",
+            "State": "Active",
+            "LastUpdateStatus": "Successful",
+            "PackageType": "Zip",
+            "Architectures": [
+                "x86_64"
+            ]
+        },
+        "Code": {
+            "RepositoryType": "S3",
+            "Location": "https://prod-04-2014-tasks.s3.us-east-1.amazonaws.com/snapshots/111111111111/681_lambda_green-35d55f4f-bd11-42a9-88c8-158db91dbe0c?versionId=CeCAGhhn24wSEfc6X6GELDVHkGW9idCM&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDQaCXVzLWVhc3QtMSJHMEUCIHBKVw5egoUQiMniKMJmCG5JxYSTmWeye3fgnC2o0kc7AiEA00EOuzkiJJWTOw1DYGKn%2FuVNSsVxZb7HHy7rR6UKNLQqzAQIXRAAGgw3NDk2Nzg5MDI4MzkiDAgmLjrRx1c8KpYFvyqpBNWoPGbXeWIioVwQWkewjaw9RuQYwZgwVB55tZ9UkSMZiumKLq1otKA%2F9N7oIo7MbLUV5pNrMisuEaaBTkg8K13CbwiNmem%2BAQnTRhgvhJk6twHUwNPberAlEueJ1ktF9KGSXgWPcV9oZrazlY%2BM06pXQx5edKRN1xsyRSIL5ySU1kQhcIACxY0W%2FAccP0QtJgZ5p%2FkDM%2FfUU58pIxHUOjSLQLr6qu5FcSaLatSFN4pyzxPp9QLOYZmjD655cPwLWtLYTjRJ7VT%2FOG%2FIE5c7bG6xrNG%2FCt2PRpM0a6bvH8POqMi%2FEFoPotgJwIeQYxOIBGT8%2BUXfzRzB3g1ASxZ750nZqQptc0Ti0w57QXAsKKnaoK1bBspJwaQgCvKzBAiHdcMArrHLqJXFHNLf2fNAprnyXfktqGVbOppLj4ad%2FYT70FjS1eyXO1T9533mrEpCB5ytaCkvdQM%2B8XSkWQ8aRWEroAH5XulNaCsH6om1EmBdNatfU%2F%2BtW97kWsVh5otp%2BdthWtD2eKqWvfam53pFLzDlpTcWYPuptZ4beZQYA30IjZri8yOPnELfpwI0v3AFogex0K376%2BaCupmZHWdVeRp27%2BNfAuWgwKpGaMGhTv8qsbaB6zt6K%2Blf3Ez6%2BzoW2Vg68vllGhE%2BFqrDbMfsjd7zsLXNIyQm9hsL214vrVFOeElu8SmeH9R240p1DT66fFWb44R%2B0he3x2fcbYAjhpKVNF7KGaimXIYw7bnMnAY6qQGCaD8%2BIoqYAsoL648PLDyhDYkLO6YpZg%2BAKj5009iPgjsZq9DHJQPdbxYgDcvvbCxYGcgltp6Smj0RTdH9RDC7OD%2FGRYjE0L67eh0exj5oHN8fulJAgphwU33jJLRrUzyYd8hBkn1BrqsUc7UQCBbTGWzWiAqRU112aHynBdzMPXu6LkrAFdbUdEoNNlDe%2B8rQTpFBeKcHhHevahr5y%2Fuvu51FghCaGlub&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20221209T123412Z&X-Amz-SignedHeaders=host&X-Amz-Expires=600&X-Amz-Credential=ASIA25DCYHY3SDCBOO4%2F20221209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dea95f6fb89f3c752e13bf5bb937571c82e2eee955a885c88f8853f903c6d74f"
+        },
+        "Tags": {
+            "CustodianRule": "ecc-aws-681-lambda_concurrency_enabled",
+            "ComplianceStatus": "Green"
+        },
+        "Concurrency": {
+            "ReservedConcurrentExecutions": 1
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..714665d42
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "681_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/681_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-12-09T12:03:49.594+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "04cc2057-7b8d-4d2d-b490-9d15d418b2aa",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f9179fc83
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-681-lambda_concurrency_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.GetFunction_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.GetFunction_1.json
new file mode 100644
index 000000000..730a2a839
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.GetFunction_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Configuration": {
+            "FunctionName": "681_lambda_red",
+            "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_red",
+            "Runtime": "python3.8",
+            "Role": "arn:aws:iam::111111111111:role/681_role_red",
+            "Handler": "func.py",
+            "CodeSize": 299,
+            "Description": "",
+            "Timeout": 3,
+            "MemorySize": 128,
+            "LastModified": "2022-12-09T12:02:15.778+0000",
+            "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+            "Version": "$LATEST",
+            "TracingConfig": {
+                "Mode": "PassThrough"
+            },
+            "RevisionId": "a7b4306f-1752-4bc8-ba15-7612062780be",
+            "State": "Active",
+            "LastUpdateStatus": "Successful",
+            "PackageType": "Zip",
+            "Architectures": [
+                "x86_64"
+            ]
+        },
+        "Code": {
+            "RepositoryType": "S3",
+            "Location": "https://prod-04-2014-tasks.s3.us-east-1.amazonaws.com/snapshots/111111111111/681_lambda_red-51bea2e9-d6c5-4edd-91c6-7167d5fdbec8?versionId=xjiw3t9ahUZyUzxsc_gnj_ZxB5MaBeLD&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEDUaCXVzLWVhc3QtMSJHMEUCIQCkEgquiHK4jxhqXB877Ormgh6NQOymzDz8c4gYyzTYJgIgcSCz%2Fp%2FoOLrxq3JjfMwSEsmBRWARGX5zWva7HEmu8p0qzAQIXRAAGgw3NDk2Nzg5MDI4MzkiDDd2%2BSjYoaQvutnXyyqpBBVV7S9ZvfmsuL6wP4RzR6T081D%2B%2Bj%2BDw3qTbpFNTqQ15OO9fYPfp%2FvRtzHlu49nmvv9nUwXnOGOAp6hLNk0VXc%2F2P5MHEmWkxPm5E0yMc81i6UNTyxW%2BkixrL%2BVfGRJxZpj3Gza%2FaTaZHDXON2iJebc0Dt6jspMJJLWEdJlAxdNYRmttexHW%2BIm21LAUrtAPBZ5JijLHs%2BvunylS%2FypaYAeKtEHp8dooWQA2aY3qjvUsTR6TitTUQAPrNQ7UVWIUnDZIi0jzyxIP7l1WVMaQvKT3x15ECDLJByNXu3cBiN0GjTmI03V8gHehfdki%2BcM3lOaxtSGfx3Ikfy2AZcG58RdoI6ASe6PaoyJ0XKwf%2FEM7Qukc77spWv4a%2BPOQBMWyH2kq6IcZ69vj7tD9Vp2bYmW5mSkrR4g7mVq7p4B39%2FnM5lG74vvJdnFcqJsWl0noW9WXnDeJo1nh84s%2BoM%2FsshE6LZuyO6ev3KTOfsLHakts%2BH3CqYD4QKcTjRtIAfA8XnbPeKrNEIK4auh30gGmubizLxMf2uCArv4u6mQMnQpG9YSuC%2F%2B14jeS9SfYnh5o3GCwaW7zkUNmSZZIVyBujwiesFwmkfuxHHLXwVXDDxpJcb7wVERRqEH6J9DZXwbiaiv5D%2Fu%2FJI%2BI8DCiGDCv9%2BzsUfHQVLISebxDAUngnKiUW2zGk3vaWbsdYIHp1amOfqyFPgqTQRMs5jKnMzCf3g9TXK0by5dmx4w%2FMnMnAY6qQEkiuL0rcpMMjwDwDJOzvD0OO5jnj40MaF2MxaoKGBWHNnYd%2BNQ5u%2BcdMQUlK88zUIbItsUot1LSu440dJSdUiDlI8aWsiFwEOLRqrRGIU2xQqGrb%2B6fdAAusH0NEvWXNGuYgcboB4qlzQv09%2FoXjQvh8T69sAwa18FNu%2BuNv8HD3eUSI%2BqwVshyehSNs%2BD2qBz8kbtkRZYMdyY6bTiPck9sTaCgRyccusx&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20221209T123412Z&X-Amz-SignedHeaders=host&X-Amz-Expires=600&X-Amz-Credential=ASIA25DCYHY3TSZEA23%2F20221209%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=67aacd661d0e565540ee660e25514bf305d5958b31a67a76bd2f29c5d4f8b97c"
+        },
+        "Tags": {
+            "CustodianRule": "ecc-aws-681-lambda_concurrency_enabled",
+            "ComplianceStatus": "Red"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..10d2b84be
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "681_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_red",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/681_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-12-09T12:02:15.778+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "a7b4306f-1752-4bc8-ba15-7612062780be",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..05848945e
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:681_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-681-lambda_concurrency_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-681-lambda_concurrency_enabled/red_policy_test.py b/tests/ecc-aws-681-lambda_concurrency_enabled/red_policy_test.py
new file mode 100644
index 000000000..8e22e8966
--- /dev/null
+++ b/tests/ecc-aws-681-lambda_concurrency_enabled/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..de71e4205
--- /dev/null
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/690_ecs_cluster_green",
+                "clusterName": "690_ecs_cluster_green",
+                "configuration": {
+                    "executeCommandConfiguration": {
+                        "logging": "OVERRIDE",
+                        "logConfiguration": {
+                            "cloudWatchEncryptionEnabled": false,
+                            "s3BucketName": "bucket-690-green",
+                            "s3EncryptionEnabled": false,
+                            "s3KeyPrefix": "exec-output"
+                        }
+                    }
+                },
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 0,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 0,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-690-ecs_exec_logging_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.ListClusters_1.json
new file mode 100644
index 000000000..6fc7d6888
--- /dev/null
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/690_ecs_cluster_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..b42b2a3cc
--- /dev/null
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/690_ecs_cluster_red",
+                "clusterName": "690_ecs_cluster_red",
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 0,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 0,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-690-ecs_exec_logging_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "settings": [],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.ListClusters_1.json
new file mode 100644
index 000000000..bf280d5b9
--- /dev/null
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/690_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/red_policy_test.py b/tests/ecc-aws-690-ecs_exec_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..2e6316c0a
--- /dev/null
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('configuration',resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..b2c2b383b
--- /dev/null
+++ b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 9,
+                    "minute": 47,
+                    "second": 48,
+                    "microsecond": 293000
+                },
+                "FileSystemId": "fs-021f06a902de40959",
+                "FileSystemType": "OPENZFS",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 64,
+                "StorageType": "SSD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-088a71cea56f9db06"
+                ],
+                "DNSName": "fs-021f06a902de40959.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-021f06a902de40959",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "691_fsx_openzfs_file_system_green"
+                    }
+                ],
+                "OpenZFSConfiguration": {
+                    "AutomaticBackupRetentionDays": 10,
+                    "CopyTagsToBackups": false,
+                    "CopyTagsToVolumes": false,
+                    "DailyAutomaticBackupStartTime": "08:30",
+                    "DeploymentType": "SINGLE_AZ_1",
+                    "ThroughputCapacity": 64,
+                    "WeeklyMaintenanceStartTime": "5:07:00",
+                    "DiskIopsConfiguration": {
+                        "Mode": "AUTOMATIC",
+                        "Iops": 192
+                    },
+                    "RootVolumeId": "fsvol-09984a788780917a8"
+                }
+            },
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 9,
+                    "minute": 48,
+                    "second": 18,
+                    "microsecond": 593000
+                },
+                "FileSystemId": "fs-04552eff6bf06b561",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0a5fbeec6d9197014",
+                    "eni-0c1ebc187c1a55770"
+                ],
+                "DNSName": "fs-04552eff6bf06b561.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-04552eff6bf06b561",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "691_fsx_lustre_file_system_green"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "4:06:00",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "ougahbev",
+                    "DailyAutomaticBackupStartTime": "00:00",
+                    "AutomaticBackupRetentionDays": 10,
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "LZ4",
+                    "LogConfiguration": {
+                        "Level": "DISABLED"
+                    }
+                },
+                "AdministrativeActions": [
+                    {
+                        "AdministrativeActionType": "FILE_SYSTEM_UPDATE",
+                        "RequestTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 7,
+                            "day": 26,
+                            "hour": 10,
+                            "minute": 6,
+                            "second": 13,
+                            "microsecond": 268000
+                        },
+                        "Status": "COMPLETED",
+                        "TargetFileSystemValues": {
+                            "LustreConfiguration": {
+                                "DataCompressionType": "LZ4"
+                            }
+                        }
+                    }
+                ],
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..564803dc9
--- /dev/null
+++ b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,64 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 12,
+                    "minute": 22,
+                    "second": 2,
+                    "microsecond": 288000
+                },
+                "FileSystemId": "fs-02586e973b26c15a7",
+                "FileSystemType": "LUSTRE",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 6000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0f26136802151f7b5",
+                    "eni-0e8b638074e045430"
+                ],
+                "DNSName": "fs-02586e973b26c15a7.fsx.us-east-1.amazonaws.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-02586e973b26c15a7",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-691-fsx_daily_automatic_backup_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "691-fsx_lustre_file_system-red"
+                    }
+                ],
+                "LustreConfiguration": {
+                    "WeeklyMaintenanceStartTime": "3:07:00",
+                    "DeploymentType": "PERSISTENT_1",
+                    "PerUnitStorageThroughput": 12,
+                    "MountName": "4qmahbev",
+                    "CopyTagsToBackups": false,
+                    "DriveCacheType": "NONE",
+                    "DataCompressionType": "NONE",
+                    "LogConfiguration": {
+                        "Level": "DISABLED"
+                    }
+                },
+                "FileSystemTypeVersion": "2.10"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/red_policy_test.py b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/red_policy_test.py
new file mode 100644
index 000000000..061b06e89
--- /dev/null
+++ b/tests/ecc-aws-691-fsx_daily_automatic_backup_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("AutomaticBackupRetentionDays",resources[0]["LustreConfiguration"])
\ No newline at end of file
diff --git a/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..5f6c73c1f
--- /dev/null
+++ b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,82 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 15,
+                    "minute": 56,
+                    "second": 3,
+                    "microsecond": 971000
+                },
+                "FileSystemId": "fs-0cb7f9c0553b6c2d6",
+                "FileSystemType": "ONTAP",
+                "Lifecycle": "CREATING",
+                "StorageCapacity": 1024,
+                "StorageType": "SSD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec",
+                    "subnet-fa9dcab7"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-00bc827e11482a115",
+                    "eni-0f386300483916f6d"
+                ],
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0cb7f9c0553b6c2d6",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-692-fsx_netapp_ontap_multi_az_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "692_fsx_ontap_file_system_green"
+                    }
+                ],
+                "OntapConfiguration": {
+                    "AutomaticBackupRetentionDays": 10,
+                    "DailyAutomaticBackupStartTime": "06:30",
+                    "DeploymentType": "MULTI_AZ_1",
+                    "EndpointIpAddressRange": "198.19.255.0/24",
+                    "Endpoints": {
+                        "Intercluster": {
+                            "DNSName": "intercluster.fs-0cb7f9c0553b6c2d6.fsx.us-east-1.amazonaws.com",
+                            "IpAddresses": [
+                                "172.31.94.60",
+                                "172.31.23.61"
+                            ]
+                        },
+                        "Management": {
+                            "DNSName": "management.fs-0cb7f9c0553b6c2d6.fsx.us-east-1.amazonaws.com",
+                            "IpAddresses": [
+                                "198.19.255.37"
+                            ]
+                        }
+                    },
+                    "DiskIopsConfiguration": {
+                        "Mode": "AUTOMATIC",
+                        "Iops": 3072
+                    },
+                    "PreferredSubnetId": "subnet-cd7af8ec",
+                    "RouteTableIds": [
+                        "rtb-57f8a729"
+                    ],
+                    "ThroughputCapacity": 128,
+                    "WeeklyMaintenanceStartTime": "4:03:30"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..7bc18816a
--- /dev/null
+++ b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 15,
+                    "minute": 56,
+                    "second": 38,
+                    "microsecond": 18000
+                },
+                "FileSystemId": "fs-040a0870ea93942d7",
+                "FileSystemType": "ONTAP",
+                "Lifecycle": "CREATING",
+                "StorageCapacity": 1024,
+                "StorageType": "SSD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-011d456495e003fd7",
+                    "eni-04eb9cc1f70bac622"
+                ],
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-040a0870ea93942d7",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-692-fsx_netapp_ontap_multi_az_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "692_fsx_ontap_file_system_red"
+                    }
+                ],
+                "OntapConfiguration": {
+                    "AutomaticBackupRetentionDays": 10,
+                    "DailyAutomaticBackupStartTime": "08:30",
+                    "DeploymentType": "SINGLE_AZ_1",
+                    "Endpoints": {
+                        "Intercluster": {
+                            "DNSName": "intercluster.fs-040a0870ea93942d7.fsx.us-east-1.amazonaws.com",
+                            "IpAddresses": [
+                                "172.31.89.95",
+                                "172.31.95.25"
+                            ]
+                        },
+                        "Management": {
+                            "DNSName": "management.fs-040a0870ea93942d7.fsx.us-east-1.amazonaws.com",
+                            "IpAddresses": [
+                                "172.31.82.253"
+                            ]
+                        }
+                    },
+                    "DiskIopsConfiguration": {
+                        "Mode": "AUTOMATIC",
+                        "Iops": 3072
+                    },
+                    "PreferredSubnetId": "subnet-cd7af8ec",
+                    "ThroughputCapacity": 128,
+                    "WeeklyMaintenanceStartTime": "6:03:30"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red_policy_test.py b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red_policy_test.py
new file mode 100644
index 000000000..32fdc92b1
--- /dev/null
+++ b/tests/ecc-aws-692-fsx_netapp_ontap_multi_az_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['FileSystemType'], 'ONTAP')
+        base_test.assertEqual(resources[0]['OntapConfiguration']['DeploymentType'], 'SINGLE_AZ_1')
diff --git a/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..5d205676e
--- /dev/null
+++ b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-green/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 38,
+                    "second": 52,
+                    "microsecond": 157000
+                },
+                "FileSystemId": "fs-0a85dfc9418421a3d",
+                "FileSystemType": "WINDOWS",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 2000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec",
+                    "subnet-fa9dcab7"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-0a2ee2f9605901f76",
+                    "eni-08792084982d927b1"
+                ],
+                "DNSName": "amznfsxcz2rb7rr.workspaces.example.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-0a85dfc9418421a3d",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-693-fsx_windows_file_server_multi_az_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "693_fsx_windows_file_system_green"
+                    }
+                ],
+                "WindowsConfiguration": {
+                    "ActiveDirectoryId": "d-9067a489ca",
+                    "DeploymentType": "MULTI_AZ_1",
+                    "RemoteAdministrationEndpoint": "amznfsxclsecqa1.workspaces.example.com",
+                    "PreferredSubnetId": "subnet-cd7af8ec",
+                    "PreferredFileServerIp": "172.31.92.209",
+                    "ThroughputCapacity": 8,
+                    "WeeklyMaintenanceStartTime": "6:06:00",
+                    "DailyAutomaticBackupStartTime": "08:00",
+                    "AutomaticBackupRetentionDays": 7,
+                    "CopyTagsToBackups": false,
+                    "AuditLogConfiguration": {
+                        "FileAccessAuditLogLevel": "DISABLED",
+                        "FileShareAccessAuditLogLevel": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
new file mode 100644
index 000000000..b08769afc
--- /dev/null
+++ b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/placebo-red/fsx.DescribeFileSystems_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "FileSystems": [
+            {
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 31,
+                    "second": 52,
+                    "microsecond": 864000
+                },
+                "FileSystemId": "fs-068a5a9986226cbb8",
+                "FileSystemType": "WINDOWS",
+                "Lifecycle": "AVAILABLE",
+                "StorageCapacity": 2000,
+                "StorageType": "HDD",
+                "VpcId": "vpc-12345asdfg",
+                "SubnetIds": [
+                    "subnet-cd7af8ec"
+                ],
+                "NetworkInterfaceIds": [
+                    "eni-07025972099c6fb87"
+                ],
+                "DNSName": "amznfsx3wo6jjhk.workspaces.example.com",
+                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/dd9fb145-9e61-4b40-a1d5-b079e1d5ccdd",
+                "ResourceARN": "arn:aws:fsx:us-east-1:111111111111:file-system/fs-068a5a9986226cbb8",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-693-fsx_windows_file_server_multi_az_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "693_fsx_windows_file_system_red"
+                    }
+                ],
+                "WindowsConfiguration": {
+                    "ActiveDirectoryId": "d-9067a48954",
+                    "DeploymentType": "SINGLE_AZ_2",
+                    "RemoteAdministrationEndpoint": "amznfsxoo51anzo.workspaces.example.com",
+                    "PreferredSubnetId": "subnet-cd7af8ec",
+                    "PreferredFileServerIp": "172.31.90.192",
+                    "ThroughputCapacity": 8,
+                    "WeeklyMaintenanceStartTime": "3:04:30",
+                    "DailyAutomaticBackupStartTime": "03:30",
+                    "AutomaticBackupRetentionDays": 7,
+                    "CopyTagsToBackups": false,
+                    "AuditLogConfiguration": {
+                        "FileAccessAuditLogLevel": "DISABLED",
+                        "FileShareAccessAuditLogLevel": "DISABLED"
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red_policy_test.py b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red_policy_test.py
new file mode 100644
index 000000000..e3c0905fd
--- /dev/null
+++ b/tests/ecc-aws-693-fsx_windows_file_server_multi_az_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['FileSystemType'], 'WINDOWS')
+        base_test.assertEqual(resources[0]['WindowsConfiguration']['DeploymentType'], 'SINGLE_AZ_2')
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..a0293554a
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": ""
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.preserve_host_header.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_header_processing.mode",
+                "Value": "append"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "defensive"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..caa663fad
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-696-green/6023bc0b3876b9d1",
+                "DNSName": "alb-696-green-87032039.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 11,
+                    "minute": 38,
+                    "second": 30,
+                    "microsecond": 880000
+                },
+                "LoadBalancerName": "alb-696-green",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0b00e608a423148af",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-0fb08a9778c7a7989",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-00dafd2faae53d1fb"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..10d6fc6d3
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-696-green/6023bc0b3876b9d1",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-696-alb_desync_mode_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..2adf7bc8d
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,60 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": [
+            {
+                "Key": "access_logs.s3.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "access_logs.s3.bucket",
+                "Value": ""
+            },
+            {
+                "Key": "access_logs.s3.prefix",
+                "Value": ""
+            },
+            {
+                "Key": "idle_timeout.timeout_seconds",
+                "Value": "60"
+            },
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http2.enabled",
+                "Value": "true"
+            },
+            {
+                "Key": "routing.http.drop_invalid_header_fields.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_client_port.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.preserve_host_header.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.xff_header_processing.mode",
+                "Value": "append"
+            },
+            {
+                "Key": "routing.http.desync_mitigation_mode",
+                "Value": "monitor"
+            },
+            {
+                "Key": "waf.fail_open.enabled",
+                "Value": "false"
+            },
+            {
+                "Key": "routing.http.x_amzn_tls_version_and_cipher_suite.enabled",
+                "Value": "false"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..68a77dbf9
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-696-red/41f34b2e65d2ba72",
+                "DNSName": "alb-696-red-1689571504.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 27,
+                    "hour": 11,
+                    "minute": 2,
+                    "second": 39,
+                    "microsecond": 970000
+                },
+                "LoadBalancerName": "alb-696-red",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0a836d1ddc51a5825",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-0bbb2e4e86f11a0fc",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-0f31bc19d2a9479d1"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..f6e855d8a
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-696-red/41f34b2e65d2ba72",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-696-alb_desync_mode_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-696-alb_desync_mode_check/red_policy_test.py b/tests/ecc-aws-696-alb_desync_mode_check/red_policy_test.py
new file mode 100644
index 000000000..df4febc0b
--- /dev/null
+++ b/tests/ecc-aws-696-alb_desync_mode_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Attributes']['routing.http.desync_mitigation_mode'], "monitor")
\ No newline at end of file
diff --git a/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-green/apigateway.GetRestApis_1.json b/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-green/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..a63d3ccca
--- /dev/null
+++ b/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-green/apigateway.GetRestApis_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "krsm2atdga",
+                "name": "697_api_green",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 26,
+                    "second": 12,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "EDGE"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Green",
+                    "CustodianRule": "ecc-aws-697-api_gw_endpoint_type_check"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-red/apigateway.GetRestApis_1.json b/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-red/apigateway.GetRestApis_1.json
new file mode 100644
index 000000000..5ce4ea9c9
--- /dev/null
+++ b/tests/ecc-aws-697-api_gw_endpoint_type_check/placebo-red/apigateway.GetRestApis_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "items": [
+            {
+                "id": "433ixb9nhe",
+                "name": "697_api_red",
+                "createdDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 16,
+                    "hour": 12,
+                    "minute": 17,
+                    "second": 29,
+                    "microsecond": 0
+                },
+                "apiKeySource": "HEADER",
+                "endpointConfiguration": {
+                    "types": [
+                        "REGIONAL"
+                    ]
+                },
+                "tags": {
+                    "ComplianceStatus": "Red",
+                    "CustodianRule": "ecc-aws-697-api_gw_endpoint_type_check"
+                },
+                "disableExecuteApiEndpoint": false
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-697-api_gw_endpoint_type_check/red_policy_test.py b/tests/ecc-aws-697-api_gw_endpoint_type_check/red_policy_test.py
new file mode 100644
index 000000000..06ab625fe
--- /dev/null
+++ b/tests/ecc-aws-697-api_gw_endpoint_type_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['endpointConfiguration']['types'], ['REGIONAL'])
\ No newline at end of file
diff --git a/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..31bac9016
--- /dev/null
+++ b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,79 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "702-autoscaling_group-green",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:11c581bf-d87b-4b45-b648-33ee89136ac1:autoScalingGroupName/702-autoscaling_group-green",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-09f1ba913e038c70c",
+                    "LaunchTemplateName": "702_launch_template_green20221214091334072500000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1b"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-0d8684874acc84e92",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-09f1ba913e038c70c",
+                            "LaunchTemplateName": "702_launch_template_green20221214091334072500000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 9,
+                    "minute": 13,
+                    "second": 36,
+                    "microsecond": 822000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "subnet-0fadf1d39f2412160,subnet-072a9b009016ed7a1",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "702-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Green",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "702-autoscaling_group-green",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",
+                "CapacityRebalance": true
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..7fcef2413
--- /dev/null
+++ b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,77 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "702-autoscaling_group-red",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:4c0634f9-de86-4c6d-9e58-24dfaba3ca9d:autoScalingGroupName/702-autoscaling_group-red",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-0afedbc15c415607b",
+                    "LaunchTemplateName": "702_launch_template_red20221214091042739600000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 1,
+                "MaxSize": 1,
+                "DesiredCapacity": 1,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [
+                    {
+                        "InstanceId": "i-06e9c6b259f8fabf2",
+                        "InstanceType": "t2.micro",
+                        "AvailabilityZone": "us-east-1a",
+                        "LifecycleState": "InService",
+                        "HealthStatus": "Healthy",
+                        "LaunchTemplate": {
+                            "LaunchTemplateId": "lt-0afedbc15c415607b",
+                            "LaunchTemplateName": "702_launch_template_red20221214091042739600000001",
+                            "Version": "1"
+                        },
+                        "ProtectedFromScaleIn": false
+                    }
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 14,
+                    "hour": 9,
+                    "minute": 10,
+                    "second": 43,
+                    "microsecond": 941000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [
+                    {
+                        "ResourceId": "702-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "ComplianceStatus",
+                        "Value": "Red",
+                        "PropagateAtLaunch": true
+                    },
+                    {
+                        "ResourceId": "702-autoscaling_group-red",
+                        "ResourceType": "auto-scaling-group",
+                        "Key": "CsutodianRule",
+                        "Value": "ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled",
+                        "PropagateAtLaunch": true
+                    }
+                ],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red_policy_test.py b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red_policy_test.py
new file mode 100644
index 000000000..9ec9dc039
--- /dev/null
+++ b/tests/ecc-aws-702-autoscaling_groups_capacity_rebalancing_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('CapacityRebalance', resources[0])
diff --git a/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..88d8f8f0b
--- /dev/null
+++ b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "703_launch_configuration_green20220926090252030400000001",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:f9b87782-358e-4db4-b127-70f599632f6e:launchConfigurationName/703_launch_configuration_green20220926090252030400000001",
+                "ImageId": "ami-0464d49b8794eba32",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 26,
+                    "hour": 9,
+                    "minute": 2,
+                    "second": 52,
+                    "microsecond": 280000
+                },
+                "EbsOptimized": false,
+                "MetadataOptions": {
+                    "HttpTokens": "required",
+                    "HttpPutResponseHopLimit": 2,
+                    "HttpEndpoint": "enabled"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..7fc322b83
--- /dev/null
+++ b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "703_launch_configuration_red20220926085601285100000001",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:4ffc4acb-07ed-46a2-92ad-465c7bf14c55:launchConfigurationName/703_launch_configuration_red20220926085601285100000001",
+                "ImageId": "ami-0464d49b8794eba32",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 26,
+                    "hour": 8,
+                    "minute": 56,
+                    "second": 1,
+                    "microsecond": 591000
+                },
+                "EbsOptimized": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red_policy_test.py b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red_policy_test.py
new file mode 100644
index 000000000..6d2633548
--- /dev/null
+++ b/tests/ecc-aws-703-autoscaling_launchconfig_requires_imdsv2/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('MetadataOptions', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..fdabf7f8e
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": false,
+                "Timeout": 300
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..fa1a58d0d
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-707-green",
+                "DNSName": "elb-707-green-1898036169.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-707-green-1898036169.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 9,
+                    "second": 59,
+                    "microsecond": 930000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..825e94491
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-707-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-707-clb_desync_mode_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..121392d85
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": false,
+                "Timeout": 300
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "monitor"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..f18b813a9
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-707-red",
+                "DNSName": "elb-707-red-347902179.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-707-red-347902179.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 28,
+                    "hour": 10,
+                    "minute": 46,
+                    "second": 4,
+                    "microsecond": 490000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..972b35e7e
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-707-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-707-clb_desync_mode_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-707-clb_desync_mode_check/red_policy_test.py b/tests/ecc-aws-707-clb_desync_mode_check/red_policy_test.py
new file mode 100644
index 000000000..806fd42c1
--- /dev/null
+++ b/tests/ecc-aws-707-clb_desync_mode_check/red_policy_test.py
@@ -0,0 +1,11 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        lbName = resources[0]['LoadBalancerName']
+        connection = local_session.client("elb").describe_load_balancer_attributes(LoadBalancerName = lbName)
+        attributes = connection['LoadBalancerAttributes']['AdditionalAttributes']
+      
+        for attribute in attributes:
+          if attribute['Key']=='elb.http.desyncmitigationmode':
+            base_test.assertEqual(attribute['Value'], 'monitor')
\ No newline at end of file
diff --git a/tests/ecc-aws-708-clb-multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-708-clb-multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..3d02bcae8
--- /dev/null
+++ b/tests/ecc-aws-708-clb-multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-708-green",
+                "DNSName": "elb-708-green-2146196800.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-708-green-2146196800.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 14,
+                    "minute": 27,
+                    "second": 6,
+                    "microsecond": 690000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-708-clb-multiple_az/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-708-clb-multiple_az/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d39b2bdc8
--- /dev/null
+++ b/tests/ecc-aws-708-clb-multiple_az/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-708-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-708-clb-multiple_az"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-708-clb-multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-708-clb-multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..5b405c821
--- /dev/null
+++ b/tests/ecc-aws-708-clb-multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,64 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-708-red",
+                "DNSName": "elb-708-red-1683668274.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-708-red-1683668274.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 14,
+                    "minute": 27,
+                    "second": 52,
+                    "microsecond": 60000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-708-clb-multiple_az/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-708-clb-multiple_az/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..cbaf08a97
--- /dev/null
+++ b/tests/ecc-aws-708-clb-multiple_az/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-708-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-708-clb-multiple_az"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-708-clb-multiple_az/red_policy_test.py b/tests/ecc-aws-708-clb-multiple_az/red_policy_test.py
new file mode 100644
index 000000000..b4e75b096
--- /dev/null
+++ b/tests/ecc-aws-708-clb-multiple_az/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(len(resources[0]['AvailabilityZones']), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..fdabf7f8e
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": true
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": false,
+                "Timeout": 300
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 400
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..ed7a16a81
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-709-green",
+                "DNSName": "elb-709-green-1361664653.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-709-green-1361664653.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 55,
+                    "second": 32,
+                    "microsecond": 470000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..06e46cae8
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-709-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-709-clb_cross_zone_load_balancing_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
new file mode 100644
index 000000000..ba4800a87
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancerAttributes_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerAttributes": {
+            "CrossZoneLoadBalancing": {
+                "Enabled": false
+            },
+            "AccessLog": {
+                "Enabled": false
+            },
+            "ConnectionDraining": {
+                "Enabled": false,
+                "Timeout": 300
+            },
+            "ConnectionSettings": {
+                "IdleTimeout": 60
+            },
+            "AdditionalAttributes": [
+                {
+                    "Key": "elb.http.desyncmitigationmode",
+                    "Value": "defensive"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..6eb02eb28
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-709-red",
+                "DNSName": "elb-709-red-1199917921.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-709-red-1199917921.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 31,
+                    "hour": 10,
+                    "minute": 58,
+                    "second": 41,
+                    "microsecond": 680000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..e7eb1b585
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-709-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-709-clb_cross_zone_load_balancing_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red_policy_test.py b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red_policy_test.py
new file mode 100644
index 000000000..a2cb65c34
--- /dev/null
+++ b/tests/ecc-aws-709-clb_cross_zone_load_balancing_enabled/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        lbName = resources[0]['LoadBalancerName']
+        connection = local_session.client("elb").describe_load_balancer_attributes(LoadBalancerName = lbName)
+        base_test.assertFalse(connection['LoadBalancerAttributes']['CrossZoneLoadBalancing']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-green/cloudformation.DescribeStacks_1.json b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-green/cloudformation.DescribeStacks_1.json
new file mode 100644
index 000000000..d8a18e7a5
--- /dev/null
+++ b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-green/cloudformation.DescribeStacks_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Stacks": [
+            {
+                "StackId": "arn:aws:cloudformation:us-east-1:111111111111:stack/stack-710-green/a54052d0-06ca-11ed-b2a9-0ebf32735591",
+                "StackName": "stack-710-green",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 18,
+                    "hour": 18,
+                    "minute": 51,
+                    "second": 34,
+                    "microsecond": 433000
+                },
+                "RollbackConfiguration": {},
+                "StackStatus": "CREATE_COMPLETE",
+                "DisableRollback": false,
+                "NotificationARNs": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "DriftInformation": {
+                    "StackDriftStatus": "IN_SYNC",
+                    "LastCheckTimestamp": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 18,
+                        "hour": 18,
+                        "minute": 52,
+                        "second": 48,
+                        "microsecond": 560000
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-red/cloudformation.DescribeStacks_1.json b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-red/cloudformation.DescribeStacks_1.json
new file mode 100644
index 000000000..715177049
--- /dev/null
+++ b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/placebo-red/cloudformation.DescribeStacks_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Stacks": [
+            {
+                "StackId": "arn:aws:cloudformation:us-east-1:111111111111:stack/stack-710-red/8b4a36c0-06d9-11ed-9110-12bd5528e831",
+                "StackName": "stack-710-red",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 18,
+                    "hour": 20,
+                    "minute": 38,
+                    "second": 13,
+                    "microsecond": 358000
+                },
+                "RollbackConfiguration": {},
+                "StackStatus": "CREATE_COMPLETE",
+                "DisableRollback": false,
+                "NotificationARNs": [],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-657-redshift_availability_zone_relocation_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "DriftInformation": {
+                    "StackDriftStatus": "DRIFTED",
+                    "LastCheckTimestamp": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 7,
+                        "day": 18,
+                        "hour": 20,
+                        "minute": 39,
+                        "second": 24,
+                        "microsecond": 676000
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/red_policy_test.py b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/red_policy_test.py
new file mode 100644
index 000000000..c79fe3c5a
--- /dev/null
+++ b/tests/ecc-aws-710-cloudformation_stack_drift_detection_check/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]["StackStatus"],"CREATE_COMPLETE")
+        base_test.assertEqual(resources[0]["DriftInformation"]["StackDriftStatus"],"DRIFTED")
diff --git a/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..f88422960
--- /dev/null
+++ b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 5,
+            "Items": [
+                {
+                    "Id": "E23AVVBTXKP8C2",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E23AVVBTXKP8C2",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 9,
+                        "day": 27,
+                        "hour": 10,
+                        "minute": 7,
+                        "second": 38,
+                        "microsecond": 620000
+                    },
+                    "DomainName": "d1ushn47d8xhn6.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "12345asdfg",
+                                "DomainName": "bucket-712-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myS3Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": false,
+                        "ACMCertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/be20bf17-a37d-4de7-8736-b859b4be016c",
+                        "SSLSupportMethod": "sni-only",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "Certificate": "arn:aws:acm:us-east-1:111111111111:certificate/be20bf17-a37d-4de7-8736-b859b4be016c",
+                        "CertificateSource": "acm"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "US",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..720e20a8d
--- /dev/null
+++ b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E23AVVBTXKP8C2",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-712-cloudfront_sni_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..81843910b
--- /dev/null
+++ b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 5,
+            "Items": [
+                {
+                    "Id": "ENM51XE4M776R",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/ENM51XE4M776R",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 9,
+                        "day": 27,
+                        "hour": 9,
+                        "minute": 57,
+                        "second": 25,
+                        "microsecond": 183000
+                    },
+                    "DomainName": "d2k35pabua17zu.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "12345asdfg",
+                                "DomainName": "bucket-712-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myS3Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": false,
+                        "ACMCertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/7a217503-16f7-41f8-bbf0-8363e20d18a8",
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "Certificate": "arn:aws:acm:us-east-1:111111111111:certificate/7a217503-16f7-41f8-bbf0-8363e20d18a8",
+                        "CertificateSource": "acm"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "US",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..35207e584
--- /dev/null
+++ b/tests/ecc-aws-712-cloudfront_sni_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/ENM51XE4M776R",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-712-cloudfront_sni_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-712-cloudfront_sni_enabled/red_policy_test.py b/tests/ecc-aws-712-cloudfront_sni_enabled/red_policy_test.py
new file mode 100644
index 000000000..a64f8d51a
--- /dev/null
+++ b/tests/ecc-aws-712-cloudfront_sni_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['ViewerCertificate']['SSLSupportMethod'], 'vip')
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..5115f62ae
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "3b30d9fa-da49-49de-9730-f95b4de21e95",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/3b30d9fa-da49-49de-9730-f95b4de21e95",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 7,
+                "hour": 10,
+                "minute": 23,
+                "second": 27,
+                "microsecond": 678000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt Cloudwatch Log Group",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..57bcd6aba
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/715-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/715-green",
+                "TargetKeyId": "3b30d9fa-da49-49de-9730-f95b4de21e95",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 7,
+                    "hour": 10,
+                    "minute": 23,
+                    "second": 40,
+                    "microsecond": 951000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 7,
+                    "hour": 10,
+                    "minute": 23,
+                    "second": 40,
+                    "microsecond": 951000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/logs.DescribeLogGroups_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..4fe498b87
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/logs.DescribeLogGroups_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+            {
+                "logGroupName": "cloudwatch_715_log_group_green",
+                "creationTime": 1657189560178,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_715_log_group_green:*",
+                "storedBytes": 0,
+                "kmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/3b30d9fa-da49-49de-9730-f95b4de21e95"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..6e1a35694
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_715_log_group_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-715-cloudwatch_log_group_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..d97015c2a
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,5 @@
+{
+    "status_code": 200,
+    "data": {},
+        "ResponseMetadata": {}
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..e50fb444a
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/logs.DescribeLogGroups_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..9751554a0
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/logs.DescribeLogGroups_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+            {
+                "logGroupName": "cloudwatch_715_log_group_red",
+                "creationTime": 1657189669365,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_715_log_group_red:*",
+                "storedBytes": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f04ea42eb
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_715_log_group_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-715-cloudwatch_log_group_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-715-cloudwatch_log_group_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..fb1f70180
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,99 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "717_codebuilt_green",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/717_codebuilt_green",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "S3",
+                    "location": "717-bucket-green",
+                    "path": "/",
+                    "namespaceType": "NONE",
+                    "name": "717_codebuilt_green",
+                    "packaging": "ZIP",
+                    "overrideArtifactName": false,
+                    "encryptionDisabled": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "717-bucket-green"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/717_role_green",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-717-codebuild_project_artifact_encryption"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 36,
+                    "second": 37,
+                    "microsecond": 28000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 36,
+                    "second": 37,
+                    "microsecond": 28000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..b03be75ec
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "717_codebuilt_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..82228f705
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/717_codebuilt_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-717-codebuild_project_artifact_encryption"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..d661ba889
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,99 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "717_codebuilt_red",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/717_codebuilt_red",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "S3",
+                    "location": "717-bucket-red",
+                    "path": "/",
+                    "namespaceType": "NONE",
+                    "name": "717_codebuilt_red",
+                    "packaging": "ZIP",
+                    "overrideArtifactName": false,
+                    "encryptionDisabled": true
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "717-bucket-red"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/717_role_red",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-717-codebuild_project_artifact_encryption"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 33,
+                    "second": 32,
+                    "microsecond": 834000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 9,
+                    "minute": 34,
+                    "second": 24,
+                    "microsecond": 223000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..81ea84d5d
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "717_codebuilt_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d6c724d9f
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/717_codebuilt_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-717-codebuild_project_artifact_encryption"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-717-codebuild_project_artifact_encryption/red_policy_test.py b/tests/ecc-aws-717-codebuild_project_artifact_encryption/red_policy_test.py
new file mode 100644
index 000000000..f5706fda9
--- /dev/null
+++ b/tests/ecc-aws-717-codebuild_project_artifact_encryption/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['artifacts']['encryptionDisabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..c45279dc7
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "718_codebuilt_green",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/718_codebuilt_green",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "718-bucket-green"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/718_role_green",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-718-codebuild_project_environment_privileged_check"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 48,
+                    "second": 38,
+                    "microsecond": 621000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 51,
+                    "second": 24,
+                    "microsecond": 654000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "fileSystemLocations": [],
+                "projectVisibility": "PRIVATE",
+                "publicProjectAlias": "eyJlbmNyeXB0ZWREYXRhIjoiMy82c1I4K1JHT2x2ZVNTMVFCcXFkaUtLaC9GVHZzREY4ci9HaGdGYzJLVUJOdGM2WVY4VFQreE5NcHc2VkFYcVlVRldEYWRIbUNqME5tNnpoWUYxVWRJQ0VRSzFkVi9lOFhHZ3A4NUVwWWdYck9GSiIsIml2UGFyYW1ldGVyU3BlYyI6Ik1sdERScWQyYm9jYXlvTFUiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..f49372afd
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "718_codebuilt_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..3c3508d84
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/718_codebuilt_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-718-codebuild_project_environment_privileged_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..15d2613d9
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "718_codebuilt_red",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/718_codebuilt_red",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "718-bucket-red"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": true,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/718_role_red",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-718-codebuild_project_environment_privileged_check"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 47,
+                    "second": 44,
+                    "microsecond": 567000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 19,
+                    "hour": 12,
+                    "minute": 47,
+                    "second": 44,
+                    "microsecond": 567000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..14602bf4f
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "718_codebuilt_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..28a665828
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/718_codebuilt_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-718-codebuild_project_environment_privileged_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-718-codebuild_project_environment_privileged_check/red_policy_test.py b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/red_policy_test.py
new file mode 100644
index 000000000..0bf75e51b
--- /dev/null
+++ b/tests/ecc-aws-718-codebuild_project_environment_privileged_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['environment']['privilegedMode'])
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..c806732ab
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "719_codebuilt_green",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/719_codebuilt_green",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "719-bucket-green"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/719_role_green",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-719-codebuild_project_logging_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 13,
+                    "second": 41,
+                    "microsecond": 698000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 29,
+                    "second": 44,
+                    "microsecond": 339000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED",
+                        "groupName": "log-group-719-green",
+                        "streamName": "log-stream-719-green"
+                    },
+                    "s3Logs": {
+                        "status": "ENABLED",
+                        "location": "719-bucket-green/build-log",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..02356bd0d
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "719_codebuilt_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..5e30c15d0
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/719_codebuilt_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-719-codebuild_project_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..0d1dc11a2
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "719_codebuilt_red",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/719_codebuilt_red",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "719-bucket-red"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/719_role_red",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-719-codebuild_project_logging_enabled"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 19,
+                    "second": 7,
+                    "microsecond": 64000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 21,
+                    "hour": 13,
+                    "minute": 28,
+                    "second": 20,
+                    "microsecond": 247000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "DISABLED"
+                    },
+                    "s3Logs": {
+                        "status": "DISABLED",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..171d7ec52
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "719_codebuilt_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..7bec66941
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/719_codebuilt_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-719-codebuild_project_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-719-codebuild_project_logging_enabled/red_policy_test.py b/tests/ecc-aws-719-codebuild_project_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..dfaf8fea4
--- /dev/null
+++ b/tests/ecc-aws-719-codebuild_project_logging_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['logsConfig']['cloudWatchLogs']['status'], "DISABLED")
+        base_test.assertEqual(resources[0]['logsConfig']['s3Logs']['status'], "DISABLED")
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..926481d56
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "720_codebuilt_green",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/720_codebuilt_green",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "720-bucket-green"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/720_role_green",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 18,
+                    "minute": 34,
+                    "second": 2,
+                    "microsecond": 355000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 18,
+                    "minute": 34,
+                    "second": 2,
+                    "microsecond": 355000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED",
+                        "groupName": "log-group-720-green",
+                        "streamName": "log-stream-720-green"
+                    },
+                    "s3Logs": {
+                        "status": "ENABLED",
+                        "location": "720-bucket-green/build-log",
+                        "encryptionDisabled": false
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.ListProjects_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..95565ba37
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "720_codebuilt_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..880aa7cf9
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/720_codebuilt_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.BatchGetProjects_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.BatchGetProjects_1.json
new file mode 100644
index 000000000..908a0204f
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.BatchGetProjects_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            {
+                "name": "720_codebuilt_red",
+                "arn": "arn:aws:codebuild:us-east-1:111111111111:project/720_codebuilt_red",
+                "source": {
+                    "type": "GITHUB",
+                    "location": "https://github.com/mitchellh/packer.git",
+                    "gitCloneDepth": 1,
+                    "gitSubmodulesConfig": {
+                        "fetchSubmodules": true
+                    },
+                    "buildspec": "",
+                    "reportBuildStatus": false,
+                    "insecureSsl": false
+                },
+                "artifacts": {
+                    "type": "NO_ARTIFACTS",
+                    "overrideArtifactName": false
+                },
+                "cache": {
+                    "type": "S3",
+                    "location": "720-bucket-red"
+                },
+                "environment": {
+                    "type": "LINUX_CONTAINER",
+                    "image": "aws/codebuild/amazonlinux2-x86_64-standard:3.0",
+                    "computeType": "BUILD_GENERAL1_SMALL",
+                    "environmentVariables": [
+                        {
+                            "name": "SOME_KEY1",
+                            "value": "SOME_VALUE1",
+                            "type": "PLAINTEXT"
+                        }
+                    ],
+                    "privilegedMode": false,
+                    "imagePullCredentialsType": "CODEBUILD"
+                },
+                "serviceRole": "arn:aws:iam::111111111111:role/720_role_red",
+                "timeoutInMinutes": 60,
+                "queuedTimeoutInMinutes": 480,
+                "encryptionKey": "arn:aws:kms:us-east-1:111111111111:alias/aws/s3",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 18,
+                    "minute": 34,
+                    "second": 26,
+                    "microsecond": 416000
+                },
+                "lastModified": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 3,
+                    "hour": 18,
+                    "minute": 36,
+                    "second": 20,
+                    "microsecond": 447000
+                },
+                "badge": {
+                    "badgeEnabled": false
+                },
+                "logsConfig": {
+                    "cloudWatchLogs": {
+                        "status": "ENABLED",
+                        "groupName": "log-group-720-red",
+                        "streamName": "log-stream-720-red"
+                    },
+                    "s3Logs": {
+                        "status": "ENABLED",
+                        "location": "720-bucket-red/build-log",
+                        "encryptionDisabled": true
+                    }
+                },
+                "projectVisibility": "PRIVATE"
+            }
+        ],
+        "projectsNotFound": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.ListProjects_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.ListProjects_1.json
new file mode 100644
index 000000000..8b75ba0e1
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/codebuild.ListProjects_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "projects": [
+            "720_codebuilt_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..36fbd3949
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codebuild:us-east-1:111111111111:project/720_codebuilt_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-720-codebuild_project_s3_logs_encrypted"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/red_policy_test.py b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/red_policy_test.py
new file mode 100644
index 000000000..3fc4bbef6
--- /dev/null
+++ b/tests/ecc-aws-720-codebuild_project_s3_logs_encrypted/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['logsConfig']['s3Logs']['status'], "ENABLED")
+        base_test.assertTrue(resources[0]['logsConfig']['s3Logs']['encryptionDisabled'])
+
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.GetDeploymentGroup_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
new file mode 100644
index 000000000..1d1a8b6cb
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "deploymentGroupInfo": {
+            "applicationName": "721_codedeploy-app_green",
+            "deploymentGroupId": "422cb80d-9e2c-4d5b-9c21-0c5ba3681c59",
+            "deploymentGroupName": "721_codedeploy_deployment_group_green",
+            "deploymentConfigName": "721_deployment-config_green",
+            "ec2TagFilters": [],
+            "onPremisesInstanceTagFilters": [],
+            "autoScalingGroups": [],
+            "serviceRoleArn": "arn:aws:iam::111111111111:role/721_AWSCodeDeployRoleForLambda_green",
+            "targetRevision": {
+                "revisionType": "AppSpecContent",
+                "appSpecContent": {
+                    "sha256": "6bf47791c03f125b2b14b6b4888da72a55a55a860e3a4bb98a0960ee502c937f"
+                }
+            },
+            "triggerConfigurations": [],
+            "alarmConfiguration": {
+                "enabled": true,
+                "ignorePollAlarmFailure": false,
+                "alarms": [
+                    {
+                        "name": "721_alarm2_green"
+                    },
+                    {
+                        "name": "721_alarm1_green"
+                    }
+                ]
+            },
+            "autoRollbackConfiguration": {
+                "enabled": true,
+                "events": [
+                    "DEPLOYMENT_STOP_ON_ALARM"
+                ]
+            },
+            "deploymentStyle": {
+                "deploymentType": "BLUE_GREEN",
+                "deploymentOption": "WITH_TRAFFIC_CONTROL"
+            },
+            "outdatedInstancesStrategy": "UPDATE",
+            "lastSuccessfulDeployment": {
+                "deploymentId": "d-4EJIE3JTI",
+                "status": "Succeeded",
+                "endTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 24,
+                    "second": 14,
+                    "microsecond": 197000
+                },
+                "createTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 24,
+                    "second": 10,
+                    "microsecond": 864000
+                }
+            },
+            "lastAttemptedDeployment": {
+                "deploymentId": "d-4EJIE3JTI",
+                "status": "Succeeded",
+                "endTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 24,
+                    "second": 14,
+                    "microsecond": 197000
+                },
+                "createTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 21,
+                    "hour": 14,
+                    "minute": 24,
+                    "second": 10,
+                    "microsecond": 864000
+                }
+            },
+            "computePlatform": "Lambda"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListApplications_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListApplications_1.json
new file mode 100644
index 000000000..8e0f8952b
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListApplications_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "applications": [
+            "721_codedeploy-app_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListDeploymentGroups_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
new file mode 100644
index 000000000..45f8eb779
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "applicationName": "721_codedeploy-app_green",
+        "deploymentGroups": [
+            "721_codedeploy_deployment_group_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListTagsForResource_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListTagsForResource_1.json
new file mode 100644
index 000000000..66808ff8b
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-green/codedeploy.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-715-cloudwatch_log_group_encrypted"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.GetDeploymentGroup_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
new file mode 100644
index 000000000..b35853e88
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "deploymentGroupInfo": {
+            "applicationName": "721_codedeploy-app_red1",
+            "deploymentGroupId": "1f3fe41d-d4be-46fe-8da0-77e62889519c",
+            "deploymentGroupName": "721_codedeploy_deployment_group_red1",
+            "deploymentConfigName": "721_deployment-config_red1",
+            "ec2TagFilters": [],
+            "onPremisesInstanceTagFilters": [],
+            "autoScalingGroups": [],
+            "serviceRoleArn": "arn:aws:iam::111111111111:role/721_AWSCodeDeployRoleForLambda_red1",
+            "triggerConfigurations": [],
+            "alarmConfiguration": {
+                "enabled": false,
+                "ignorePollAlarmFailure": false,
+                "alarms": [
+                    {
+                        "name": "721_alarm1_red"
+                    }
+                ]
+            },
+            "autoRollbackConfiguration": {
+                "enabled": true,
+                "events": [
+                    "DEPLOYMENT_STOP_ON_ALARM"
+                ]
+            },
+            "deploymentStyle": {
+                "deploymentType": "BLUE_GREEN",
+                "deploymentOption": "WITH_TRAFFIC_CONTROL"
+            },
+            "outdatedInstancesStrategy": "UPDATE",
+            "computePlatform": "Lambda"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListApplications_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListApplications_1.json
new file mode 100644
index 000000000..b3a28f593
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListApplications_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "applications": [
+            "721_codedeploy-app_red1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListDeploymentGroups_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
new file mode 100644
index 000000000..acd6c2543
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "applicationName": "721_codedeploy-app_red1",
+        "deploymentGroups": [
+            "721_codedeploy_deployment_group_red1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListTagsForResource_1.json b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListTagsForResource_1.json
new file mode 100644
index 000000000..cdd99cc44
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/placebo-red/codedeploy.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-715-cloudwatch_log_group_encrypted"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red1"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red_policy_test.py b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red_policy_test.py
new file mode 100644
index 000000000..0ee4aa898
--- /dev/null
+++ b/tests/ecc-aws-721-codedeploy_auto_rollback_monitor_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]["autoRollbackConfiguration"]["enabled"])
+        base_test.assertFalse(resources[0]["alarmConfiguration"]["enabled"])
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.GetDeploymentGroup_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
new file mode 100644
index 000000000..495f6d4d8
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.GetDeploymentGroup_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "deploymentGroupInfo": {
+            "applicationName": "723_codedeploy-app_green",
+            "deploymentGroupId": "91572c68-4470-4727-a345-cc8e05e38cf9",
+            "deploymentGroupName": "723_codedeploy_deployment_group_green",
+            "deploymentConfigName": "723_deployment-config_green",
+            "ec2TagFilters": [],
+            "onPremisesInstanceTagFilters": [],
+            "autoScalingGroups": [],
+            "serviceRoleArn": "arn:aws:iam::111111111111:role/723_AWSCodeDeployRoleForLambda_green",
+            "triggerConfigurations": [],
+            "deploymentStyle": {
+                "deploymentType": "BLUE_GREEN",
+                "deploymentOption": "WITH_TRAFFIC_CONTROL"
+            },
+            "outdatedInstancesStrategy": "UPDATE",
+            "computePlatform": "Lambda"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListApplications_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListApplications_1.json
new file mode 100644
index 000000000..dac04c015
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListApplications_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "applications": [
+            "723_codedeploy-app_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListDeploymentGroups_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
new file mode 100644
index 000000000..f1a346db7
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListDeploymentGroups_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "applicationName": "723_codedeploy-app_green",
+        "deploymentGroups": [
+            "723_codedeploy_deployment_group_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListTagsForResource_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListTagsForResource_1.json
new file mode 100644
index 000000000..23bd01da9
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-green/codedeploy.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.GetDeploymentGroup_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
new file mode 100644
index 000000000..fd761d482
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.GetDeploymentGroup_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "deploymentGroupInfo": {
+            "applicationName": "723_codedeploy-app_red",
+            "deploymentGroupId": "28217e71-46f0-4757-9653-8e84c5bdcd96",
+            "deploymentGroupName": "723_codedeploy_deployment_group_red",
+            "deploymentConfigName": "CodeDeployDefault.LambdaAllAtOnce",
+            "ec2TagFilters": [],
+            "onPremisesInstanceTagFilters": [],
+            "autoScalingGroups": [],
+            "serviceRoleArn": "arn:aws:iam::111111111111:role/723_AWSCodeDeployRoleForLambda_red",
+            "triggerConfigurations": [],
+            "deploymentStyle": {
+                "deploymentType": "BLUE_GREEN",
+                "deploymentOption": "WITH_TRAFFIC_CONTROL"
+            },
+            "outdatedInstancesStrategy": "UPDATE",
+            "computePlatform": "Lambda"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListApplications_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListApplications_1.json
new file mode 100644
index 000000000..9413a89dc
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListApplications_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "applications": [
+            "723_codedeploy-app_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListDeploymentGroups_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
new file mode 100644
index 000000000..2592e7c3b
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListDeploymentGroups_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "applicationName": "723_codedeploy-app_red",
+        "deploymentGroups": [
+            "723_codedeploy_deployment_group_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListTagsForResource_1.json b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListTagsForResource_1.json
new file mode 100644
index 000000000..058d00409
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/placebo-red/codedeploy.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red_policy_test.py b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red_policy_test.py
new file mode 100644
index 000000000..e0874538c
--- /dev/null
+++ b/tests/ecc-aws-723-codedeploy_lambda_allatonce_traffic_shift_disabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]["deploymentConfigName"],"CodeDeployDefault.LambdaAllAtOnce")
+        base_test.assertEqual(resources[0]["computePlatform"],"Lambda")
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.GetPipeline_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.GetPipeline_1.json
new file mode 100644
index 000000000..20408c536
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.GetPipeline_1.json
@@ -0,0 +1,126 @@
+{
+    "status_code": 200,
+    "data": {
+        "pipeline": {
+            "name": "724-codepipeline-green",
+            "roleArn": "arn:aws:iam::111111111111:role/724-role-green",
+            "artifactStore": {
+                "type": "S3",
+                "location": "724-bucket-green",
+                "encryptionKey": {
+                    "id": "arn:aws:kms:us-east-1:111111111111:alias/k-724",
+                    "type": "KMS"
+                }
+            },
+            "stages": [
+                {
+                    "name": "Source",
+                    "actions": [
+                        {
+                            "name": "Source",
+                            "actionTypeId": {
+                                "category": "Source",
+                                "owner": "AWS",
+                                "provider": "CodeStarSourceConnection",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "BranchName": "main",
+                                "ConnectionArn": "arn:aws:codestar-connections:us-east-1:111111111111:connection/8899d4ec-787e-4181-90f9-ebf4ecd7f476",
+                                "FullRepositoryId": "my-organization/example"
+                            },
+                            "outputArtifacts": [
+                                {
+                                    "name": "source_output"
+                                }
+                            ],
+                            "inputArtifacts": []
+                        }
+                    ]
+                },
+                {
+                    "name": "724-build-green",
+                    "actions": [
+                        {
+                            "name": "Build",
+                            "actionTypeId": {
+                                "category": "Build",
+                                "owner": "AWS",
+                                "provider": "CodeBuild",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "ProjectName": "724-project-green"
+                            },
+                            "outputArtifacts": [
+                                {
+                                    "name": "build_output"
+                                }
+                            ],
+                            "inputArtifacts": [
+                                {
+                                    "name": "source_output"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "name": "724-deploy-green",
+                    "actions": [
+                        {
+                            "name": "Deploy",
+                            "actionTypeId": {
+                                "category": "Deploy",
+                                "owner": "AWS",
+                                "provider": "CloudFormation",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "ActionMode": "REPLACE_ON_FAILURE",
+                                "Capabilities": "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM",
+                                "OutputFileName": "CreateStackOutput.json",
+                                "StackName": "MyStack",
+                                "TemplatePath": "build_output::sam-templated.yaml"
+                            },
+                            "outputArtifacts": [],
+                            "inputArtifacts": [
+                                {
+                                    "name": "build_output"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ],
+            "version": 1
+        },
+        "metadata": {
+            "pipelineArn": "arn:aws:codepipeline:us-east-1:111111111111:724-codepipeline-green",
+            "created": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 31,
+                "hour": 12,
+                "minute": 4,
+                "second": 41,
+                "microsecond": 948000
+            },
+            "updated": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 31,
+                "hour": 12,
+                "minute": 4,
+                "second": 41,
+                "microsecond": 948000
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.ListPipelines_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.ListPipelines_1.json
new file mode 100644
index 000000000..cb87eb278
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/codepipeline.ListPipelines_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "pipelines": [
+            {
+                "name": "724-codepipeline-green",
+                "version": 1,
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 12,
+                    "minute": 4,
+                    "second": 41,
+                    "microsecond": 948000
+                },
+                "updated": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 12,
+                    "minute": 4,
+                    "second": 41,
+                    "microsecond": 948000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..b14b91e40
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codepipeline:us-east-1:111111111111:724-codepipeline-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.GetPipeline_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.GetPipeline_1.json
new file mode 100644
index 000000000..841ef3f14
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.GetPipeline_1.json
@@ -0,0 +1,122 @@
+{
+    "status_code": 200,
+    "data": {
+        "pipeline": {
+            "name": "724-codepipeline-red",
+            "roleArn": "arn:aws:iam::111111111111:role/724-role-red",
+            "artifactStore": {
+                "type": "S3",
+                "location": "724-bucket-red"
+            },
+            "stages": [
+                {
+                    "name": "Source",
+                    "actions": [
+                        {
+                            "name": "Source",
+                            "actionTypeId": {
+                                "category": "Source",
+                                "owner": "AWS",
+                                "provider": "CodeStarSourceConnection",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "BranchName": "main",
+                                "ConnectionArn": "arn:aws:codestar-connections:us-east-1:111111111111:connection/640ebfa0-4e69-48cf-92c2-5f5ecec49e68",
+                                "FullRepositoryId": "my-organization/example"
+                            },
+                            "outputArtifacts": [
+                                {
+                                    "name": "source_output"
+                                }
+                            ],
+                            "inputArtifacts": []
+                        }
+                    ]
+                },
+                {
+                    "name": "724-build-red",
+                    "actions": [
+                        {
+                            "name": "Build",
+                            "actionTypeId": {
+                                "category": "Build",
+                                "owner": "AWS",
+                                "provider": "CodeBuild",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "ProjectName": "724-project-red"
+                            },
+                            "outputArtifacts": [
+                                {
+                                    "name": "build_output"
+                                }
+                            ],
+                            "inputArtifacts": [
+                                {
+                                    "name": "source_output"
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "name": "724-deploy-red",
+                    "actions": [
+                        {
+                            "name": "Deploy",
+                            "actionTypeId": {
+                                "category": "Deploy",
+                                "owner": "AWS",
+                                "provider": "CloudFormation",
+                                "version": "1"
+                            },
+                            "runOrder": 1,
+                            "configuration": {
+                                "ActionMode": "REPLACE_ON_FAILURE",
+                                "Capabilities": "CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM",
+                                "OutputFileName": "CreateStackOutput.json",
+                                "StackName": "MyStack",
+                                "TemplatePath": "build_output::sam-templated.yaml"
+                            },
+                            "outputArtifacts": [],
+                            "inputArtifacts": [
+                                {
+                                    "name": "build_output"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            ],
+            "version": 1
+        },
+        "metadata": {
+            "pipelineArn": "arn:aws:codepipeline:us-east-1:111111111111:724-codepipeline-red",
+            "created": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 31,
+                "hour": 11,
+                "minute": 51,
+                "second": 37,
+                "microsecond": 529000
+            },
+            "updated": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 31,
+                "hour": 11,
+                "minute": 51,
+                "second": 37,
+                "microsecond": 529000
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.ListPipelines_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.ListPipelines_1.json
new file mode 100644
index 000000000..4aca3e135
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/codepipeline.ListPipelines_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "pipelines": [
+            {
+                "name": "724-codepipeline-red",
+                "version": 1,
+                "created": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 11,
+                    "minute": 51,
+                    "second": 37,
+                    "microsecond": 529000
+                },
+                "updated": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 31,
+                    "hour": 11,
+                    "minute": 51,
+                    "second": 37,
+                    "microsecond": 529000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f2d599a80
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:codepipeline:us-east-1:111111111111:724-codepipeline-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red_policy_test.py
new file mode 100644
index 000000000..237c0b8f9
--- /dev/null
+++ b/tests/ecc-aws-724-codepipeline_s3_artifact_bucket_encrypted_with_kms_cmk/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('encryptionKey', resources[0]['artifactStore'])
\ No newline at end of file
diff --git a/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/logs.DescribeLogGroups_1.json b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..7da6cf567
--- /dev/null
+++ b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/logs.DescribeLogGroups_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+
+            {
+                "logGroupName": "cloudwatch_725_log_group_green",
+                "creationTime": 1673860834364,
+                "retentionInDays": 180,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_725_log_group_green:*",
+                "storedBytes": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..efaab43dc
--- /dev/null
+++ b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_725_log_group_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-725-cloudwatch_log_group_retention_period_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/logs.DescribeLogGroups_1.json b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/logs.DescribeLogGroups_1.json
new file mode 100644
index 000000000..6f1d4f95f
--- /dev/null
+++ b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/logs.DescribeLogGroups_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "logGroups": [
+            {
+                "logGroupName": "cloudwatch_725_log_group_red",
+                "creationTime": 1673860604921,
+                "retentionInDays": 7,
+                "metricFilterCount": 0,
+                "arn": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_725_log_group_red:*",
+                "storedBytes": 0
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..90f1ef650
--- /dev/null
+++ b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:logs:us-east-1:111111111111:log-group:cloudwatch_725_log_group_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-725-cloudwatch_log_group_retention_period_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/red_policy_test.py b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/red_policy_test.py
new file mode 100644
index 000000000..4f26218d4
--- /dev/null
+++ b/tests/ecc-aws-725-cloudwatch_log_group_retention_period_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['retentionInDays'], 7)
\ No newline at end of file
diff --git a/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..600fe5b3a
--- /dev/null
+++ b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,194 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-02b972fec07f1e659",
+                        "InstanceId": "i-0fad0c2468fd1b270",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 23,
+                            "hour": 11,
+                            "minute": 11,
+                            "second": 27,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "enabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1d",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-30-178.ec2.internal",
+                        "PrivateIpAddress": "172.31.30.178",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-54-83-80-190.compute-1.amazonaws.com",
+                        "PublicIpAddress": "54.83.80.190",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-fa9dcab7",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2022,
+                                        "month": 11,
+                                        "day": 23,
+                                        "hour": 11,
+                                        "minute": 11,
+                                        "second": 28,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-03aaa34ec9a1a102d"
+                                }
+                            }
+                        ],
+                        "ClientToken": "terraform-20221123111126857100000001",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-54-83-80-190.compute-1.amazonaws.com",
+                                    "PublicIp": "54.83.80.190"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2022,
+                                        "month": 11,
+                                        "day": 23,
+                                        "hour": 11,
+                                        "minute": 11,
+                                        "second": 27,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0e2da5b1c3de25928",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0a:fe:08:33:48:7f",
+                                "NetworkInterfaceId": "eni-078bff34250e16632",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-30-178.ec2.internal",
+                                "PrivateIpAddress": "172.31.30.178",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-54-83-80-190.compute-1.amazonaws.com",
+                                            "PublicIp": "54.83.80.190"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-30-178.ec2.internal",
+                                        "PrivateIpAddress": "172.31.30.178"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-fa9dcab7",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "734_instance_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-734-ec2_instance_detailed_monitoring_enabled"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled",
+                            "HttpProtocolIpv6": "disabled",
+                            "InstanceMetadataTags": "disabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        },
+                        "PlatformDetails": "Linux/UNIX",
+                        "UsageOperation": "RunInstances",
+                        "UsageOperationUpdateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 23,
+                            "hour": 11,
+                            "minute": 11,
+                            "second": 27,
+                            "microsecond": 0
+                        },
+                        "PrivateDnsNameOptions": {
+                            "HostnameType": "ip-name",
+                            "EnableResourceNameDnsARecord": false,
+                            "EnableResourceNameDnsAAAARecord": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0506f40a25826c42b"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..7691d7fb9
--- /dev/null
+++ b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,194 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-02b972fec07f1e659",
+                        "InstanceId": "i-010c46d35b7b99a89",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 23,
+                            "hour": 11,
+                            "minute": 12,
+                            "second": 42,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1d",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-25-33.ec2.internal",
+                        "PrivateIpAddress": "172.31.25.33",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-52-55-208-239.compute-1.amazonaws.com",
+                        "PublicIpAddress": "52.55.208.239",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-fa9dcab7",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2022,
+                                        "month": 11,
+                                        "day": 23,
+                                        "hour": 11,
+                                        "minute": 12,
+                                        "second": 42,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-036e86f51144fb0c4"
+                                }
+                            }
+                        ],
+                        "ClientToken": "terraform-20221123111241130300000001",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-52-55-208-239.compute-1.amazonaws.com",
+                                    "PublicIp": "52.55.208.239"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2022,
+                                        "month": 11,
+                                        "day": 23,
+                                        "hour": 11,
+                                        "minute": 12,
+                                        "second": 42,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-05a767b33f44b0e64",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "0a:4c:b6:9c:9b:77",
+                                "NetworkInterfaceId": "eni-0b00d0e0fbf16b866",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-25-33.ec2.internal",
+                                "PrivateIpAddress": "172.31.25.33",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-52-55-208-239.compute-1.amazonaws.com",
+                                            "PublicIp": "52.55.208.239"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-25-33.ec2.internal",
+                                        "PrivateIpAddress": "172.31.25.33"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-fa9dcab7",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-734-ec2_instance_detailed_monitoring_enabled"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "734_instance_red"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled",
+                            "HttpProtocolIpv6": "disabled",
+                            "InstanceMetadataTags": "disabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        },
+                        "PlatformDetails": "Linux/UNIX",
+                        "UsageOperation": "RunInstances",
+                        "UsageOperationUpdateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 23,
+                            "hour": 11,
+                            "minute": 12,
+                            "second": 42,
+                            "microsecond": 0
+                        },
+                        "PrivateDnsNameOptions": {
+                            "HostnameType": "ip-name",
+                            "EnableResourceNameDnsARecord": false,
+                            "EnableResourceNameDnsAAAARecord": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-069de51ab60164514"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red_policy_test.py b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red_policy_test.py
new file mode 100644
index 000000000..f78e8aca4
--- /dev/null
+++ b/tests/ecc-aws-734-ec2_instance_detailed_monitoring_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Monitoring']['State'], "disabled")
\ No newline at end of file
diff --git a/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-green/ec2.DescribeInstances_1.json b/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-green/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..87bfdbc05
--- /dev/null
+++ b/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-green/ec2.DescribeInstances_1.json
@@ -0,0 +1,194 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0fe472d8a85bc7b0e",
+                        "InstanceId": "i-0730cc2459768d30a",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 10,
+                            "hour": 10,
+                            "minute": 5,
+                            "second": 4,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1c",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-88-206.ec2.internal",
+                        "PrivateIpAddress": "172.31.88.206",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-44-210-144-70.compute-1.amazonaws.com",
+                        "PublicIpAddress": "44.210.144.70",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-cd7af8ec",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 10,
+                                        "hour": 10,
+                                        "minute": 5,
+                                        "second": 5,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-08eb3b49d6ef956b4"
+                                }
+                            }
+                        ],
+                        "ClientToken": "terraform-20230110100502921700000001",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-44-210-144-70.compute-1.amazonaws.com",
+                                    "PublicIp": "44.210.144.70"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 10,
+                                        "hour": 10,
+                                        "minute": 5,
+                                        "second": 4,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-0545de9bb0eb31d3c",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "12:db:40:e6:83:7b",
+                                "NetworkInterfaceId": "eni-03c992c14f4cb0966",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-88-206.ec2.internal",
+                                "PrivateIpAddress": "172.31.88.206",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-44-210-144-70.compute-1.amazonaws.com",
+                                            "PublicIp": "44.210.144.70"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-88-206.ec2.internal",
+                                        "PrivateIpAddress": "172.31.88.206"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-cd7af8ec",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "Name",
+                                "Value": "739_instance_green"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-739-ec2_token_hop_limit_check"
+                            },
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Green"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 1,
+                            "HttpEndpoint": "enabled",
+                            "HttpProtocolIpv6": "disabled",
+                            "InstanceMetadataTags": "disabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        },
+                        "PlatformDetails": "Linux/UNIX",
+                        "UsageOperation": "RunInstances",
+                        "UsageOperationUpdateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 10,
+                            "hour": 10,
+                            "minute": 5,
+                            "second": 4,
+                            "microsecond": 0
+                        },
+                        "PrivateDnsNameOptions": {
+                            "HostnameType": "ip-name",
+                            "EnableResourceNameDnsARecord": false,
+                            "EnableResourceNameDnsAAAARecord": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-060727adb2b70a02c"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-red/ec2.DescribeInstances_1.json b/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-red/ec2.DescribeInstances_1.json
new file mode 100644
index 000000000..26f2182f4
--- /dev/null
+++ b/tests/ecc-aws-739-ec2_token_hop_limit_check/placebo-red/ec2.DescribeInstances_1.json
@@ -0,0 +1,194 @@
+{
+    "status_code": 200,
+    "data": {
+        "Reservations": [
+            {
+                "Groups": [],
+                "Instances": [
+                    {
+                        "AmiLaunchIndex": 0,
+                        "ImageId": "ami-0fe472d8a85bc7b0e",
+                        "InstanceId": "i-04d8d00e0555dc0b3",
+                        "InstanceType": "t2.micro",
+                        "LaunchTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 10,
+                            "hour": 10,
+                            "minute": 1,
+                            "second": 18,
+                            "microsecond": 0
+                        },
+                        "Monitoring": {
+                            "State": "disabled"
+                        },
+                        "Placement": {
+                            "AvailabilityZone": "us-east-1e",
+                            "GroupName": "",
+                            "Tenancy": "default"
+                        },
+                        "PrivateDnsName": "ip-172-31-49-232.ec2.internal",
+                        "PrivateIpAddress": "172.31.49.232",
+                        "ProductCodes": [],
+                        "PublicDnsName": "ec2-35-175-65-172.compute-1.amazonaws.com",
+                        "PublicIpAddress": "35.175.65.172",
+                        "State": {
+                            "Code": 16,
+                            "Name": "running"
+                        },
+                        "StateTransitionReason": "",
+                        "SubnetId": "subnet-5264af63",
+                        "VpcId": "vpc-12345asdfg",
+                        "Architecture": "x86_64",
+                        "BlockDeviceMappings": [
+                            {
+                                "DeviceName": "/dev/xvda",
+                                "Ebs": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 10,
+                                        "hour": 10,
+                                        "minute": 1,
+                                        "second": 19,
+                                        "microsecond": 0
+                                    },
+                                    "DeleteOnTermination": true,
+                                    "Status": "attached",
+                                    "VolumeId": "vol-0935b54f28020af42"
+                                }
+                            }
+                        ],
+                        "ClientToken": "terraform-20230110100117439600000001",
+                        "EbsOptimized": false,
+                        "EnaSupport": true,
+                        "Hypervisor": "xen",
+                        "NetworkInterfaces": [
+                            {
+                                "Association": {
+                                    "IpOwnerId": "amazon",
+                                    "PublicDnsName": "ec2-35-175-65-172.compute-1.amazonaws.com",
+                                    "PublicIp": "35.175.65.172"
+                                },
+                                "Attachment": {
+                                    "AttachTime": {
+                                        "__class__": "datetime",
+                                        "year": 2023,
+                                        "month": 1,
+                                        "day": 10,
+                                        "hour": 10,
+                                        "minute": 1,
+                                        "second": 18,
+                                        "microsecond": 0
+                                    },
+                                    "AttachmentId": "eni-attach-004779d4856ba0a68",
+                                    "DeleteOnTermination": true,
+                                    "DeviceIndex": 0,
+                                    "Status": "attached",
+                                    "NetworkCardIndex": 0
+                                },
+                                "Description": "",
+                                "Groups": [
+                                    {
+                                        "GroupName": "default",
+                                        "GroupId": "sg-1234567asdfg"
+                                    }
+                                ],
+                                "Ipv6Addresses": [],
+                                "MacAddress": "06:25:60:8e:0d:e1",
+                                "NetworkInterfaceId": "eni-0eddeb434cb54c6b4",
+                                "OwnerId": "111111111111",
+                                "PrivateDnsName": "ip-172-31-49-232.ec2.internal",
+                                "PrivateIpAddress": "172.31.49.232",
+                                "PrivateIpAddresses": [
+                                    {
+                                        "Association": {
+                                            "IpOwnerId": "amazon",
+                                            "PublicDnsName": "ec2-35-175-65-172.compute-1.amazonaws.com",
+                                            "PublicIp": "35.175.65.172"
+                                        },
+                                        "Primary": true,
+                                        "PrivateDnsName": "ip-172-31-49-232.ec2.internal",
+                                        "PrivateIpAddress": "172.31.49.232"
+                                    }
+                                ],
+                                "SourceDestCheck": true,
+                                "Status": "in-use",
+                                "SubnetId": "subnet-5264af63",
+                                "VpcId": "vpc-12345asdfg",
+                                "InterfaceType": "interface"
+                            }
+                        ],
+                        "RootDeviceName": "/dev/xvda",
+                        "RootDeviceType": "ebs",
+                        "SecurityGroups": [
+                            {
+                                "GroupName": "default",
+                                "GroupId": "sg-1234567asdfg"
+                            }
+                        ],
+                        "SourceDestCheck": true,
+                        "Tags": [
+                            {
+                                "Key": "ComplianceStatus",
+                                "Value": "Red"
+                            },
+                            {
+                                "Key": "CustodianRule",
+                                "Value": "ecc-aws-739-ec2_token_hop_limit_check"
+                            },
+                            {
+                                "Key": "Name",
+                                "Value": "739_instance_red"
+                            }
+                        ],
+                        "VirtualizationType": "hvm",
+                        "CpuOptions": {
+                            "CoreCount": 1,
+                            "ThreadsPerCore": 1
+                        },
+                        "CapacityReservationSpecification": {
+                            "CapacityReservationPreference": "open"
+                        },
+                        "HibernationOptions": {
+                            "Configured": false
+                        },
+                        "MetadataOptions": {
+                            "State": "applied",
+                            "HttpTokens": "optional",
+                            "HttpPutResponseHopLimit": 5,
+                            "HttpEndpoint": "enabled",
+                            "HttpProtocolIpv6": "disabled",
+                            "InstanceMetadataTags": "disabled"
+                        },
+                        "EnclaveOptions": {
+                            "Enabled": false
+                        },
+                        "PlatformDetails": "Linux/UNIX",
+                        "UsageOperation": "RunInstances",
+                        "UsageOperationUpdateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 10,
+                            "hour": 10,
+                            "minute": 1,
+                            "second": 18,
+                            "microsecond": 0
+                        },
+                        "PrivateDnsNameOptions": {
+                            "HostnameType": "ip-name",
+                            "EnableResourceNameDnsARecord": false,
+                            "EnableResourceNameDnsAAAARecord": false
+                        }
+                    }
+                ],
+                "OwnerId": "111111111111",
+                "ReservationId": "r-0881d03e478bfd5e6"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-739-ec2_token_hop_limit_check/red_policy_test.py b/tests/ecc-aws-739-ec2_token_hop_limit_check/red_policy_test.py
new file mode 100644
index 000000000..1c2e46d6a
--- /dev/null
+++ b/tests/ecc-aws-739-ec2_token_hop_limit_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MetadataOptions']['HttpPutResponseHopLimit'], 5)
\ No newline at end of file
diff --git a/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-green/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..ada662599
--- /dev/null
+++ b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-green/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0e8acc7afdbc6e198",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0e8acc7afdbc6e198",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 10,
+                    "minute": 9,
+                    "second": 29,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "disable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-0f5ae01e027a212f2",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-0f5ae01e027a212f2",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-red/ec2.DescribeTransitGateways_1.json b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
new file mode 100644
index 000000000..e902df83c
--- /dev/null
+++ b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/placebo-red/ec2.DescribeTransitGateways_1.json
@@ -0,0 +1,45 @@
+{
+    "status_code": 200,
+    "data": {
+        "TransitGateways": [
+            {
+                "TransitGatewayId": "tgw-0cfd7752cf9b289a0",
+                "TransitGatewayArn": "arn:aws:ec2:us-east-1:111111111111:transit-gateway/tgw-0cfd7752cf9b289a0",
+                "State": "available",
+                "OwnerId": "111111111111",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 3,
+                    "hour": 10,
+                    "minute": 6,
+                    "second": 26,
+                    "microsecond": 0
+                },
+                "Options": {
+                    "AmazonSideAsn": 64512,
+                    "AutoAcceptSharedAttachments": "enable",
+                    "DefaultRouteTableAssociation": "enable",
+                    "AssociationDefaultRouteTableId": "tgw-rtb-06c29b4252dcfb35b",
+                    "DefaultRouteTablePropagation": "enable",
+                    "PropagationDefaultRouteTableId": "tgw-rtb-06c29b4252dcfb35b",
+                    "VpnEcmpSupport": "enable",
+                    "DnsSupport": "enable",
+                    "MulticastSupport": "disable"
+                },
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red_policy_test.py b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red_policy_test.py
new file mode 100644
index 000000000..fc25dee61
--- /dev/null
+++ b/tests/ecc-aws-740-ec2_transit_gateway_auto_vpc_attach_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Options']['AutoAcceptSharedAttachments'], "enable")
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..b29a458c0
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/741_ecr_respository_green",
+                "registryId": "111111111111",
+                "repositoryName": "741_ecr_respository_green",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/741_ecr_respository_green",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 15,
+                    "minute": 18,
+                    "second": 28,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.GetLifecyclePolicy_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.GetLifecyclePolicy_1.json
new file mode 100644
index 000000000..1e1f062e9
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.GetLifecyclePolicy_1.json
@@ -0,0 +1,19 @@
+{
+    "status_code": 200,
+    "data": {
+        "registryId": "111111111111",
+        "repositoryName": "741_ecr_respository_green",
+        "lifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"description\":\"Expire images older than 14 days\",\"selection\":{\"tagStatus\":\"untagged\",\"countType\":\"sinceImagePushed\",\"countUnit\":\"days\",\"countNumber\":14},\"action\":{\"type\":\"expire\"}}]}",
+        "lastEvaluatedAt": {
+            "__class__": "datetime",
+            "year": 1970,
+            "month": 1,
+            "day": 1,
+            "hour": 2,
+            "minute": 0,
+            "second": 0,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..e31375895
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-green/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-741-ecr_private_lifecycle_policy_configured"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.DescribeRepositories_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.DescribeRepositories_1.json
new file mode 100644
index 000000000..f56e4ca07
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.DescribeRepositories_1.json
@@ -0,0 +1,31 @@
+{
+    "status_code": 200,
+    "data": {
+        "repositories": [
+            {
+                "repositoryArn": "arn:aws:ecr:us-east-1:111111111111:repository/741_ecr_respository_red",
+                "registryId": "111111111111",
+                "repositoryName": "741_ecr_respository_red",
+                "repositoryUri": "111111111111.dkr.ecr.us-east-1.amazonaws.com/741_ecr_respository_red",
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 15,
+                    "minute": 21,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "imageTagMutability": "MUTABLE",
+                "imageScanningConfiguration": {
+                    "scanOnPush": false
+                },
+                "encryptionConfiguration": {
+                    "encryptionType": "AES256"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.GetLifecyclePolicy_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.GetLifecyclePolicy_1.json
new file mode 100644
index 000000000..d2d8d49ad
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.GetLifecyclePolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 400,
+    "data": {
+        "Error": {
+            "Message": "Lifecycle policy does not exist for the repository with name '741_ecr_respository_red' in the registry with id '111111111111'",
+            "Code": "LifecyclePolicyNotFoundException"
+        },
+        "ResponseMetadata": {},
+        "message": "Lifecycle policy does not exist for the repository with name '741_ecr_respository_red' in the registry with id '111111111111'"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.ListTagsForResource_1.json b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.ListTagsForResource_1.json
new file mode 100644
index 000000000..590886ce9
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/placebo-red/api.ecr.ListTagsForResource_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-741-ecr_private_lifecycle_policy_configured"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/red_policy_test.py b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/red_policy_test.py
new file mode 100644
index 000000000..62c867cbb
--- /dev/null
+++ b/tests/ecc-aws-741-ecr_private_lifecycle_policy_configured/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]["c7n:lifecycle-policy"], {})
+
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
new file mode 100644
index 000000000..39fb1fd27
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
@@ -0,0 +1,234 @@
+{
+    "status_code": 200,
+    "data": {
+        "services": [
+            {
+                "serviceArn": "arn:aws:ecs:us-east-1:111111111111:service/744_ecs_cluster_green/744_ecs_service_green",
+                "serviceName": "744_ecs_service_green",
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/744_ecs_cluster_green",
+                "loadBalancers": [],
+                "serviceRegistries": [],
+                "status": "ACTIVE",
+                "desiredCount": 1,
+                "runningCount": 0,
+                "pendingCount": 0,
+                "launchType": "FARGATE",
+                "platformVersion": "LATEST",
+                "platformFamily": "Linux",
+                "taskDefinition": "arn:aws:ecs:us-east-1:111111111111:task-definition/service:31",
+                "deploymentConfiguration": {
+                    "deploymentCircuitBreaker": {
+                        "enable": false,
+                        "rollback": false
+                    },
+                    "maximumPercent": 200,
+                    "minimumHealthyPercent": 100
+                },
+                "deployments": [
+                    {
+                        "id": "ecs-svc/2132728681776188762",
+                        "status": "PRIMARY",
+                        "taskDefinition": "arn:aws:ecs:us-east-1:111111111111:task-definition/service:31",
+                        "desiredCount": 1,
+                        "pendingCount": 0,
+                        "runningCount": 0,
+                        "failedTasks": 7,
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 29,
+                            "second": 7,
+                            "microsecond": 408000
+                        },
+                        "updatedAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 29,
+                            "second": 7,
+                            "microsecond": 408000
+                        },
+                        "launchType": "FARGATE",
+                        "platformVersion": "1.4.0",
+                        "platformFamily": "Linux",
+                        "networkConfiguration": {
+                            "awsvpcConfiguration": {
+                                "subnets": [
+                                    "subnet-00bf897c5d38dcd25",
+                                    "subnet-0da4a99422afa5677"
+                                ],
+                                "securityGroups": [
+                                    "sg-0e57c163f19b954d1"
+                                ],
+                                "assignPublicIp": "ENABLED"
+                            }
+                        },
+                        "rolloutState": "IN_PROGRESS",
+                        "rolloutStateReason": "ECS deployment ecs-svc/2132728681776188762 in progress."
+                    }
+                ],
+                "roleArn": "arn:aws:iam::111111111111:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
+                "events": [
+                    {
+                        "id": "d8464edd-b8d4-4166-a093-66f610e905c8",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 13,
+                            "second": 21,
+                            "microsecond": 851000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task ed579bfe822a41dcbf0cd0baeffccf48)."
+                    },
+                    {
+                        "id": "8a43cfe6-7a64-40dc-83bc-ab8909531787",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 4,
+                            "second": 27,
+                            "microsecond": 278000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task 6f6550cfb5484a678e12a05fd19725ac)."
+                    },
+                    {
+                        "id": "08384bc3-a4d0-481e-b9af-effcd35c8334",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 55,
+                            "second": 46,
+                            "microsecond": 356000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task b6a9fdcf7cd64de3b45e3b908e95a36a)."
+                    },
+                    {
+                        "id": "a4948e97-1cdf-431d-81ee-65bf4b0c9eb5",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 46,
+                            "second": 52,
+                            "microsecond": 467000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task 7a9902df89ef40f9b952f5ac6dba4eec)."
+                    },
+                    {
+                        "id": "03ce99fb-f5da-4500-8603-8336027b9d39",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 42,
+                            "second": 26,
+                            "microsecond": 238000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task fdf63004c21c4c67bdc8ee24b3ef8201)."
+                    },
+                    {
+                        "id": "7ff79043-e7fe-4551-862d-96accb20d86b",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 38,
+                            "second": 1,
+                            "microsecond": 217000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task f8130b277b86414fbaa17ce5b6b8ece8)."
+                    },
+                    {
+                        "id": "5978f1f8-2465-4dea-84bc-0488dd4bdc4a",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 33,
+                            "second": 36,
+                            "microsecond": 448000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task 3579c1dff6af4570b44acbabeaaaf0fb)."
+                    },
+                    {
+                        "id": "595c698f-2b3b-4e36-b1d9-c1896aa1c20c",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 11,
+                            "minute": 29,
+                            "second": 11,
+                            "microsecond": 23000
+                        },
+                        "message": "(service 744_ecs_service_green) has started 1 tasks: (task 4c5241a94157441aa29d6fa91aaa571c)."
+                    }
+                ],
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 3,
+                    "hour": 11,
+                    "minute": 29,
+                    "second": 7,
+                    "microsecond": 408000
+                },
+                "placementConstraints": [],
+                "placementStrategy": [],
+                "networkConfiguration": {
+                    "awsvpcConfiguration": {
+                        "subnets": [
+                            "subnet-00bf897c5d38dcd25",
+                            "subnet-0da4a99422afa5677"
+                        ],
+                        "securityGroups": [
+                            "sg-0e57c163f19b954d1"
+                        ],
+                        "assignPublicIp": "ENABLED"
+                    }
+                },
+                "schedulingStrategy": "REPLICA",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-744-ecs_fargate_latest_platform_version"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "createdBy": "arn:aws:iam::111111111111:user/test",
+                "enableECSManagedTags": false,
+                "propagateTags": "NONE",
+                "enableExecuteCommand": false
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListClusters_1.json
new file mode 100644
index 000000000..cc3143e64
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/744_ecs_cluster_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListServices_1.json
new file mode 100644
index 000000000..f500a5515
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.ListServices_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "serviceArns": [
+            "arn:aws:ecs:us-east-1:111111111111:service/744_ecs_cluster_green/744_ecs_service_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
new file mode 100644
index 000000000..076c780b1
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
@@ -0,0 +1,164 @@
+{
+    "status_code": 200,
+    "data": {
+        "services": [
+            {
+                "serviceArn": "arn:aws:ecs:us-east-1:111111111111:service/744_ecs_cluster_red/744_ecs_service_red",
+                "serviceName": "744_ecs_service_red",
+                "clusterArn": "arn:aws:ecs:us-east-1:111111111111:cluster/744_ecs_cluster_red",
+                "loadBalancers": [],
+                "serviceRegistries": [],
+                "status": "ACTIVE",
+                "desiredCount": 1,
+                "runningCount": 1,
+                "pendingCount": 0,
+                "launchType": "FARGATE",
+                "platformVersion": "1.3.0",
+                "platformFamily": "Linux",
+                "taskDefinition": "arn:aws:ecs:us-east-1:111111111111:task-definition/service:33",
+                "deploymentConfiguration": {
+                    "deploymentCircuitBreaker": {
+                        "enable": false,
+                        "rollback": false
+                    },
+                    "maximumPercent": 200,
+                    "minimumHealthyPercent": 100
+                },
+                "deployments": [
+                    {
+                        "id": "ecs-svc/4655305331441726886",
+                        "status": "PRIMARY",
+                        "taskDefinition": "arn:aws:ecs:us-east-1:111111111111:task-definition/service:33",
+                        "desiredCount": 1,
+                        "pendingCount": 0,
+                        "runningCount": 1,
+                        "failedTasks": 0,
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 0,
+                            "second": 0,
+                            "microsecond": 580000
+                        },
+                        "updatedAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 1,
+                            "second": 36,
+                            "microsecond": 957000
+                        },
+                        "launchType": "FARGATE",
+                        "platformVersion": "1.3.0",
+                        "platformFamily": "Linux",
+                        "networkConfiguration": {
+                            "awsvpcConfiguration": {
+                                "subnets": [
+                                    "subnet-01476da0417aad114",
+                                    "subnet-0dcb26b71d28d3cca"
+                                ],
+                                "securityGroups": [
+                                    "sg-0c6892d033246f9a7"
+                                ],
+                                "assignPublicIp": "ENABLED"
+                            }
+                        },
+                        "rolloutState": "COMPLETED",
+                        "rolloutStateReason": "ECS deployment ecs-svc/4655305331441726886 completed."
+                    }
+                ],
+                "roleArn": "arn:aws:iam::111111111111:role/aws-service-role/ecs.amazonaws.com/AWSServiceRoleForECS",
+                "events": [
+                    {
+                        "id": "54e8beef-8b7a-459e-bd27-5a19a326df33",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 1,
+                            "second": 36,
+                            "microsecond": 963000
+                        },
+                        "message": "(service 744_ecs_service_red) has reached a steady state."
+                    },
+                    {
+                        "id": "fe13787b-7ba3-4834-af16-ff5b5baf6060",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 1,
+                            "second": 36,
+                            "microsecond": 962000
+                        },
+                        "message": "(service 744_ecs_service_red) (deployment ecs-svc/4655305331441726886) deployment completed."
+                    },
+                    {
+                        "id": "fde57811-baac-4f4e-a99e-5656a53750bd",
+                        "createdAt": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 10,
+                            "day": 3,
+                            "hour": 12,
+                            "minute": 0,
+                            "second": 1,
+                            "microsecond": 608000
+                        },
+                        "message": "(service 744_ecs_service_red) has started 1 tasks: (task 7a44409b59c34573b797af6e19331872)."
+                    }
+                ],
+                "createdAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 3,
+                    "hour": 12,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 580000
+                },
+                "placementConstraints": [],
+                "placementStrategy": [],
+                "networkConfiguration": {
+                    "awsvpcConfiguration": {
+                        "subnets": [
+                            "subnet-01476da0417aad114",
+                            "subnet-0dcb26b71d28d3cca"
+                        ],
+                        "securityGroups": [
+                            "sg-0c6892d033246f9a7"
+                        ],
+                        "assignPublicIp": "ENABLED"
+                    }
+                },
+                "schedulingStrategy": "REPLICA",
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "Value": "ecc-aws-744-ecs_fargate_latest_platform_version"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "createdBy": "arn:aws:iam::111111111111:user/test",
+                "enableECSManagedTags": false,
+                "propagateTags": "NONE",
+                "enableExecuteCommand": false
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListClusters_1.json
new file mode 100644
index 000000000..669c6a7a9
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:111111111111:cluster/744_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListServices_1.json
new file mode 100644
index 000000000..d1dd311e3
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.ListServices_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "serviceArns": [
+            "arn:aws:ecs:us-east-1:111111111111:service/744_ecs_cluster_red/744_ecs_service_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/red_policy_test.py b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/red_policy_test.py
new file mode 100644
index 000000000..e6b586b5e
--- /dev/null
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['platformVersion'], '1.3.0')
\ No newline at end of file
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..a729fc693
--- /dev/null
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/745_ecs_task_definition_green:1",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "745_ecs_task_definition_green",
+            "networkMode": "host",
+            "revision": 1,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
+                },
+                {
+                    "name": "ecs.capability.pid-ipc-namespace-sharing"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "pidMode": "task",
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 3,
+                "hour": 14,
+                "minute": 6,
+                "second": 7,
+                "microsecond": 999000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..f10dc6145
--- /dev/null
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/745_ecs_task_definition_green:1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..bb54850df
--- /dev/null
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,71 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/745_ecs_task_definition_red:1",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memoryReservation": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "745_ecs_task_definition_red",
+            "networkMode": "host",
+            "revision": 1,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
+                },
+                {
+                    "name": "ecs.capability.pid-ipc-namespace-sharing"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "pidMode": "task",
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 3,
+                "hour": 14,
+                "minute": 11,
+                "second": 32,
+                "microsecond": 165000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..604af7c7f
--- /dev/null
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/745_ecs_task_definition_red:1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/red_policy_test.py b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/red_policy_test.py
new file mode 100644
index 000000000..e307aad0c
--- /dev/null
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('memory', resources[0]['containerDefinitions'][0])
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..eb7c7d28c
--- /dev/null
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,68 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/746_ecs_task_definition_green:4",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "746_ecs_task_definition_green",
+            "networkMode": "host",
+            "revision": 4,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
+                },
+                {
+                    "name": "ecs.capability.pid-ipc-namespace-sharing"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "pidMode": "task",
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 12,
+                "hour": 9,
+                "minute": 17,
+                "second": 57,
+                "microsecond": 946000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..ffbf7885c
--- /dev/null
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/746_ecs_task_definition_green:4"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..6e66c1847
--- /dev/null
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/746_ecs_task_definition_red:2",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "746_ecs_task_definition_red",
+            "networkMode": "host",
+            "revision": 2,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "ecs.capability.pid-ipc-namespace-sharing"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "pidMode": "host",
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 12,
+                "hour": 9,
+                "minute": 18,
+                "second": 35,
+                "microsecond": 975000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..9b61f0e95
--- /dev/null
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/746_ecs_task_definition_red:2"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/red_policy_test.py b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/red_policy_test.py
new file mode 100644
index 000000000..93399bc24
--- /dev/null
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['pidMode'], "host")
\ No newline at end of file
diff --git a/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..903e02397
--- /dev/null
+++ b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "751_eks_cluster_green",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/751_eks_cluster_green",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 13,
+                "hour": 10,
+                "minute": 43,
+                "second": 28,
+                "microsecond": 144000
+            },
+            "version": "1.23",
+            "endpoint": "https://FB018462E830092FF71292F940D1E94B.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-751-cluster-green",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-08a3f2c775749f3a0",
+                    "subnet-07917d1902a40a15a"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-03e836f66c51a5e6e",
+                "vpcId": "vpc-096b31d91a44a99b3",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/FB018462E830092FF71292F940D1E94B"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMvakNDQWVhZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1UQXhNekV3TkRnMU1Gb1hEVE15TVRBeE1ERXdORGcxTUZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTUpZCm1LQVhWSWI1Sml5V0JRemZRTU1vaU5hYUl5OFZKYlJhK2kzZEVuLy9BN1p2Qy9vOHEzT2Y2bC9RL090dWpLY1YKVVZtTGdiaHV2WVkyUVU5bjYrNm9UQmhzZE1aYmFtZkFPSUZoMDNsK28zMTV5aW4rMTJ0NnF6ZHFGczhjYVNzbQpvT3JRSkZTSFlPWVZoZUJXUU5JQlN6QjE4eWhmSWRjUkxuaklHUnUvaXMxSkdEc0o5V0tZT2UvbWxKMmlYTkpECmdodUNRUGRRVS9HL3VQUkVLakZ1REZVTnkydmdYQUM5Y1hXN1NPVktrb3lYY2dFdjh2T2ErYlpaanZtU3RQTFAKSEJic3dwNE1kcTlIRE1lSG1xSEZMWUo2NURUK2JITVREVWk5M1Y4NURaR25Zak5BV2lTQ3VaZ2hoYy96RW1ZQgprOExPbzJmczhIazBETE5ybzI4Q0F3RUFBYU5aTUZjd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZBa2MvU25ZTjh3R0kwcFpjRERjVmJyb2h0a05NQlVHQTFVZEVRUU8KTUF5Q0NtdDFZbVZ5Ym1WMFpYTXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSjY4elVqR3NNR0VEZ25CWEZteAp2MVA5bnZZbVQyVjJMKzB4aE13a1NGbjkvTkhOUU8vZjBmY0NHVDZ6SzlIWklBNDhJMUNGVE4xVkozZnFsQ1NWCnUyNHhXczBZbHVzNms3azF0TEE2d2M0K0paZi83TE9DMEZOdlhEcmE2L1JlNWZnL3AwSmtIeWhtSWJ4VDRMZksKcm5ieDBKREFPQlE3T1BXeEQydUxYQzROVDhDMW4yaEp1UWVjQk5sMkVpNUNhNmRNNTM2K0trdWwxUE9JaFJ5WQozSjhna0JXWG9LR3dkeU9OdTlLaXptV0FrempJZmRoL3NiRjZXZk1DdGN1NFpaZFdERzVnQWJYenpvbHQzaHQ4CkhMRTRzZC9oNzYwL1U2bGJoMmt1Z1h1OUF3d1IrTkJpK25ULzhXNks0cTlnRnRENDVYVlA3NGRoaVdNOW8rNS8KYzU0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.2",
+            "tags": {
+                "CustodianRule": "ecc-aws-751-eks_cluster_oldest_supported_version",
+                "ComplianceStatus": "Green"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.ListClusters_1.json b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.ListClusters_1.json
new file mode 100644
index 000000000..a551a409e
--- /dev/null
+++ b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-green/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "751_eks_cluster_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.DescribeCluster_1.json
new file mode 100644
index 000000000..134158ba2
--- /dev/null
+++ b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.DescribeCluster_1.json
@@ -0,0 +1,69 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "cluster": {
+            "name": "751_eks_cluster_red",
+            "arn": "arn:aws:eks:us-east-1:111111111111:cluster/751_eks_cluster_red",
+            "createdAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 13,
+                "hour": 10,
+                "minute": 7,
+                "second": 40,
+                "microsecond": 495000
+            },
+            "version": "1.20",
+            "endpoint": "https://C5D85DB5640AED967C52D26D0A106A13.gr7.us-east-1.eks.amazonaws.com",
+            "roleArn": "arn:aws:iam::111111111111:role/eks-cluster-751-red",
+            "resourcesVpcConfig": {
+                "subnetIds": [
+                    "subnet-01944c66ebb9d11e7",
+                    "subnet-010c565d6570220ef"
+                ],
+                "securityGroupIds": [],
+                "clusterSecurityGroupId": "sg-04a171e711202e8e6",
+                "vpcId": "vpc-0d62f510e8262ab7d",
+                "endpointPublicAccess": true,
+                "endpointPrivateAccess": false,
+                "publicAccessCidrs": [
+                    "0.0.0.0/0"
+                ]
+            },
+            "kubernetesNetworkConfig": {
+                "serviceIpv4Cidr": "172.20.0.0/16",
+                "ipFamily": "ipv4"
+            },
+            "logging": {
+                "clusterLogging": [
+                    {
+                        "types": [
+                            "api",
+                            "audit",
+                            "authenticator",
+                            "controllerManager",
+                            "scheduler"
+                        ],
+                        "enabled": false
+                    }
+                ]
+            },
+            "identity": {
+                "oidc": {
+                    "issuer": "https://oidc.eks.us-east-1.amazonaws.com/id/C5D85DB5640AED967C52D26D0A106A13"
+                }
+            },
+            "status": "ACTIVE",
+            "certificateAuthority": {
+                "data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJeU1UQXhNekV3TVRJMU5sb1hEVE15TVRBeE1ERXdNVEkxTmxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTEhYCmpMQUF6bmF5OWszZ0FGQ3ZDNWJNMVRnKzNUMUoveDg2czZFL1ZLcVE1TFRTd1A3Q2d4ZHIwNFdrVTNlV2g2VWkKaktCTHdzVThJdHVXK0d2d2R6SjZiaVNENk90Njd5cWtVRVE2WU9FYkhBdUxST2JBTWhiMHVWSUtxeHo3MmQ3QwphSEYxek81WmVaak9EdGFxd1VSRWxvQTIyUnYwRklRWjZQTFQzaE82N3c1dWh1TGdJczlXU1ZaSy9mSVQ4RDh0CkhuRVlKSXJpV1RDUnN4a0I5bDY5cVQ3T1FmMHBoTjZwVHRTSE9hVURRODNjTkMrOEIrMnpsT0VJeGt5Z2VaankKREtrV25tTUs1aGdyU2dHRUFZNXJpZXFGWkZVdlhNY1JpbWFHaWpGb1dZakFkTHhZSGlmZVFsZWhTY1dEOE1xOQpKRkNCVjYwTzJjOHpwOE5ibVNVQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZIWk50Ym5oUjJaK2FyNnV3ZUh5Y1c4cHhoSk5NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCaHZkME52aXlmckM3eEYzN2E3Qm5GN2EyeXM0bmFGREpydnFVM0phT0ZWTm42NzlyRgpHb2w0c3gyMG5WM1lmQnJQUVdQbys2eC9yUlZlbnNocXcxWngvSllGcEwvM3drVFJkaVkzUVUzUWZkOElTTDNPCnJXdkU0S1B1N2p3S3FYdDZsSXFOSXQ5WG1BVFA0aHhpU3YrdUhkc3BsSzFPQ1RPME9ZMnVLWHR2VnBDaGw2TWUKYnRXTjRHam9LVGJrOVJybXJtNXV2ZjBNVkxtbFFjY2xlSmpSWVJLd3pJU1FxU2p2RXU3enhHTkhQQ2Nzc0FIUAp5djVpRndGczJwdTltTC9WRTE3ZkRHb3lrRkdtMVB0aWo2REdNT0VhdEMxY3B6TVh6V2E2b0VnSFlvTDZiTzFsCnhlZXlubCtuejAzUlM3U3VBNTcraGJiemVPZHc3YU9zYzhaYwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+            },
+            "platformVersion": "eks.9",
+            "tags": {
+                "CustodianRule": "ecc-aws-751-eks_cluster_oldest_supported_version",
+                "ComplianceStatus": "Red"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.ListClusters_1.json b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.ListClusters_1.json
new file mode 100644
index 000000000..d51865cd9
--- /dev/null
+++ b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/placebo-red/eks.ListClusters_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "clusters": [
+            "751_eks_cluster_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-751-eks_cluster_oldest_supported_version/red_policy_test.py b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/red_policy_test.py
new file mode 100644
index 000000000..79fbe6be3
--- /dev/null
+++ b/tests/ecc-aws-751-eks_cluster_oldest_supported_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['version'], "1.20")
\ No newline at end of file
diff --git a/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..279eef428
--- /dev/null
+++ b/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-755-green/45b9af0cb34428e8",
+                "DNSName": "nlb-755-green-45b9af0cb34428e8.elb.us-east-1.amazonaws.com",
+                "CanonicalHostedZoneId": "Z26RNL4JYFTOTI",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 2,
+                    "hour": 14,
+                    "minute": 6,
+                    "second": 56,
+                    "microsecond": 27000
+                },
+                "LoadBalancerName": "nlb-755-green",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "network",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-03b9bfe329c910c41",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-0968b4b2571a5cb09",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..5aa8aaf5e
--- /dev/null
+++ b/tests/ecc-aws-755-elbv2_multiple_az/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-755-green/45b9af0cb34428e8",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-755-elbv2_multiple_az"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..acada46c6
--- /dev/null
+++ b/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-755-red/540e5203f49e9c5d",
+                "DNSName": "nlb-755-red-540e5203f49e9c5d.elb.us-east-1.amazonaws.com",
+                "CanonicalHostedZoneId": "Z26RNL4JYFTOTI",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 11,
+                    "day": 2,
+                    "hour": 14,
+                    "minute": 13,
+                    "second": 32,
+                    "microsecond": 321000
+                },
+                "LoadBalancerName": "nlb-755-red",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "network",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-09b2726565cd11204",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..6d30f62da
--- /dev/null
+++ b/tests/ecc-aws-755-elbv2_multiple_az/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/net/nlb-755-red/540e5203f49e9c5d",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-755-elbv2_multiple_az"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-755-elbv2_multiple_az/red_policy_test.py b/tests/ecc-aws-755-elbv2_multiple_az/red_policy_test.py
new file mode 100644
index 000000000..b4e75b096
--- /dev/null
+++ b/tests/ecc-aws-755-elbv2_multiple_az/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(len(resources[0]['AvailabilityZones']), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.GetGroup_1.json b/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.GetGroup_1.json
new file mode 100644
index 000000000..845c71b54
--- /dev/null
+++ b/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.GetGroup_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Group": {
+            "Path": "/",
+            "GroupName": "760-group-green",
+            "GroupId": "sg-1234567asdfg",
+            "Arn": "arn:aws:iam::111111111111:group/760-group-green",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 15,
+                "hour": 12,
+                "minute": 19,
+                "second": 8,
+                "microsecond": 0
+            }
+        },
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "760-user-green",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::111111111111:user/760-user-green",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 15,
+                    "hour": 12,
+                    "minute": 19,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.ListGroups_1.json b/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.ListGroups_1.json
new file mode 100644
index 000000000..9a61a1d89
--- /dev/null
+++ b/tests/ecc-aws-760-iam_group_has_users_check/placebo-green/iam.ListGroups_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Groups": [
+            {
+                "Path": "/",
+                "GroupName": "760-group-green",
+                "GroupId": "sg-1234567asdfg",
+                "Arn": "arn:aws:iam::111111111111:group/760-group-green",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 15,
+                    "hour": 12,
+                    "minute": 19,
+                    "second": 8,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.GetGroup_1.json b/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.GetGroup_1.json
new file mode 100644
index 000000000..d4211edec
--- /dev/null
+++ b/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.GetGroup_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "Group": {
+            "Path": "/",
+            "GroupName": "760-group-red",
+            "GroupId": "sg-1234567asdfg",
+            "Arn": "arn:aws:iam::111111111111:group/760-group-red",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 15,
+                "hour": 12,
+                "minute": 12,
+                "second": 47,
+                "microsecond": 0
+            }
+        },
+        "Users": [],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.ListGroups_1.json b/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.ListGroups_1.json
new file mode 100644
index 000000000..c86f9f43f
--- /dev/null
+++ b/tests/ecc-aws-760-iam_group_has_users_check/placebo-red/iam.ListGroups_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Groups": [
+            {
+                "Path": "/",
+                "GroupName": "760-group-red",
+                "GroupId": "sg-1234567asdfg",
+                "Arn": "arn:aws:iam::111111111111:group/760-group-red",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 15,
+                    "hour": 12,
+                    "minute": 12,
+                    "second": 47,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-760-iam_group_has_users_check/red_policy_test.py b/tests/ecc-aws-760-iam_group_has_users_check/red_policy_test.py
new file mode 100644
index 000000000..aa0abe66a
--- /dev/null
+++ b/tests/ecc-aws-760-iam_group_has_users_check/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        group_name = resources[0]['GroupName']
+        iam_client = local_session.client("iam").get_group(GroupName=group_name)
+        base_test.assertFalse(iam_client["Users"])
\ No newline at end of file
diff --git a/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..8dd53c71f
--- /dev/null
+++ b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "762_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:762_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/762_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-04T14:54:43.569+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "VpcConfig": {
+                    "SubnetIds": [
+                        "subnet-cd7af8ec",
+                        "subnet-fa9dcab7"
+                    ],
+                    "SecurityGroupIds": [
+                        "sg-076c2bb263e5b6b08"
+                    ],
+                    "VpcId": "vpc-12345asdfg"
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "aac66a7a-4dc5-4e3b-a56e-5c3e54088fb5",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..93bf5509f
--- /dev/null
+++ b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:762_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-762-lambda_vpc_multi_az_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..766da100b
--- /dev/null
+++ b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,39 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "762_lambda_red1",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:762_lambda_red1",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/762_role_red1",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2023-01-04T14:59:02.089+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "VpcConfig": {
+                    "SubnetIds": [
+                        "subnet-cd7af8ec"
+                    ],
+                    "SecurityGroupIds": [
+                        "sg-0188571a1330d25ae"
+                    ],
+                    "VpcId": "vpc-12345asdfg"
+                },
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "de9721ab-014c-40f6-8f1c-e807c6432f8b",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..93dcaf276
--- /dev/null
+++ b/tests/ecc-aws-762-lambda_vpc_multi_az_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:762_lambda_red1",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-762-lambda_vpc_multi_az_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-762-lambda_vpc_multi_az_check/red_policy_test.py b/tests/ecc-aws-762-lambda_vpc_multi_az_check/red_policy_test.py
new file mode 100644
index 000000000..172508ce7
--- /dev/null
+++ b/tests/ecc-aws-762-lambda_vpc_multi_az_check/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(len(resources[0]['VpcConfig']['SubnetIds']),1)
+
+
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..348125310
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-769-green",
+                "DomainName": "domain-769-green",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-769-green",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-769-green-gk3lcsjbo2buixucdk5p344uha.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 3,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp3",
+                    "VolumeSize": 10,
+                    "Iops": 3000
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": true,
+                    "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:key/b0371366-f355-40c6-aa8d-ed45054edfea"
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": true
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20220323-P6",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": true,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-2-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": true,
+                    "InternalUserDatabaseEnabled": true,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLE_IN_PROGRESS"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListDomainNames_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListDomainNames_1.json
new file mode 100644
index 000000000..4f934d4b7
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-769-green",
+                "EngineType": "Elasticsearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListTags_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListTags_1.json
new file mode 100644
index 000000000..eb8a94917
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-green/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-769-opensearch_access_control_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
new file mode 100644
index 000000000..85b5e0701
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.DescribeElasticsearchDomains_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainStatusList": [
+            {
+                "DomainId": "111111111111/domain-769-red",
+                "DomainName": "domain-769-red",
+                "ARN": "arn:aws:es:us-east-1:111111111111:domain/domain-769-red",
+                "Created": true,
+                "Deleted": false,
+                "Endpoint": "search-domain-769-red-wbqbe5stpgle4n3gupdzewkqtu.us-east-1.es.amazonaws.com",
+                "Processing": false,
+                "UpgradeProcessing": false,
+                "ElasticsearchVersion": "7.10",
+                "ElasticsearchClusterConfig": {
+                    "InstanceType": "t3.small.elasticsearch",
+                    "InstanceCount": 1,
+                    "DedicatedMasterEnabled": true,
+                    "ZoneAwarenessEnabled": false,
+                    "DedicatedMasterType": "t3.small.elasticsearch",
+                    "DedicatedMasterCount": 2,
+                    "WarmEnabled": false,
+                    "ColdStorageOptions": {
+                        "Enabled": false
+                    }
+                },
+                "EBSOptions": {
+                    "EBSEnabled": true,
+                    "VolumeType": "gp3",
+                    "VolumeSize": 10,
+                    "Iops": 3000
+                },
+                "AccessPolicies": "",
+                "SnapshotOptions": {
+                    "AutomatedSnapshotStartHour": 0
+                },
+                "CognitoOptions": {
+                    "Enabled": false
+                },
+                "EncryptionAtRestOptions": {
+                    "Enabled": false
+                },
+                "NodeToNodeEncryptionOptions": {
+                    "Enabled": false
+                },
+                "AdvancedOptions": {
+                    "override_main_response_version": "false",
+                    "rest.action.multi.allow_explicit_index": "true"
+                },
+                "ServiceSoftwareOptions": {
+                    "CurrentVersion": "R20220323-P6",
+                    "NewVersion": "",
+                    "UpdateAvailable": false,
+                    "Cancellable": false,
+                    "UpdateStatus": "COMPLETED",
+                    "Description": "There is no software update available for this domain.",
+                    "AutomatedUpdateDate": {
+                        "__class__": "datetime",
+                        "year": 1970,
+                        "month": 1,
+                        "day": 1,
+                        "hour": 0,
+                        "minute": 0,
+                        "second": 0,
+                        "microsecond": 0
+                    },
+                    "OptionalDeployment": true
+                },
+                "DomainEndpointOptions": {
+                    "EnforceHTTPS": false,
+                    "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07",
+                    "CustomEndpointEnabled": false
+                },
+                "AdvancedSecurityOptions": {
+                    "Enabled": false,
+                    "InternalUserDatabaseEnabled": false,
+                    "AnonymousAuthEnabled": false
+                },
+                "AutoTuneOptions": {
+                    "State": "ENABLE_IN_PROGRESS"
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListDomainNames_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListDomainNames_1.json
new file mode 100644
index 000000000..e966f10c3
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListDomainNames_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DomainNames": [
+            {
+                "DomainName": "domain-769-red",
+                "EngineType": "Elasticsearch"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListTags_1.json b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListTags_1.json
new file mode 100644
index 000000000..9cb0764e9
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/placebo-red/es.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagList": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-769-opensearch_access_control_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-769-opensearch_access_control_enabled/red_policy_test.py b/tests/ecc-aws-769-opensearch_access_control_enabled/red_policy_test.py
new file mode 100644
index 000000000..5900f18ed
--- /dev/null
+++ b/tests/ecc-aws-769-opensearch_access_control_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AdvancedSecurityOptions']['Enabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..9e306a61c
--- /dev/null
+++ b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220930110704179300000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database770green",
+                "Endpoint": {
+                    "Address": "terraform-20220930110704179300000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 11,
+                    "minute": 11,
+                    "second": 32,
+                    "microsecond": 228000
+                },
+                "PreferredBackupWindow": "07:35-08:05",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1a",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:06:48-sun:07:18",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.38",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-2Y2IWXMUZMZRSYPO2HQTJP2ILM",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220930110704179300000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-770-rds_automatic_minor_version_upgrade_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..342605f71
--- /dev/null
+++ b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220930105945014000000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database770red",
+                "Endpoint": {
+                    "Address": "terraform-20220930105945014000000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 11,
+                    "minute": 3,
+                    "second": 45,
+                    "microsecond": 862000
+                },
+                "PreferredBackupWindow": "09:31-10:01",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1b",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "tue:10:15-tue:10:45",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.38",
+                "AutoMinorVersionUpgrade": false,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-CZG2CEZAWZDPJLTAZF3NXG52LE",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220930105945014000000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-770-rds_automatic_minor_version_upgrade_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red_policy_test.py b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red_policy_test.py
new file mode 100644
index 000000000..94ab24e94
--- /dev/null
+++ b/tests/ecc-aws-770-rds_automatic_minor_version_upgrade_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['AutoMinorVersionUpgrade'])
\ No newline at end of file
diff --git a/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..9bf5355ec
--- /dev/null
+++ b/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster771green",
+                "DBClusterIdentifier": "cluster-771-green",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 48,
+                    "second": 34,
+                    "microsecond": 533000
+                },
+                "Endpoint": "cluster-771-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-771-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.10.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 48,
+                    "second": 34,
+                    "microsecond": 533000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:29-04:59",
+                "PreferredMaintenanceWindow": "thu:07:56-thu:08:26",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-XY274QVDBUU7LMTG4X5XC477LM",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-771-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 47,
+                    "second": 45,
+                    "microsecond": 579000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-771-rds_cluster_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..001e30f73
--- /dev/null
+++ b/tests/ecc-aws-771-rds_cluster_default_admin_check/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,93 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "cluster771red",
+                "DBClusterIdentifier": "cluster-771-red",
+                "DBClusterParameterGroup": "default.aurora-mysql5.7",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 43,
+                    "second": 6,
+                    "microsecond": 984000
+                },
+                "Endpoint": "cluster-771-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "cluster-771-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.10.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 43,
+                    "second": 6,
+                    "microsecond": 984000
+                },
+                "Port": 3306,
+                "MasterUsername": "admin",
+                "PreferredBackupWindow": "07:05-07:35",
+                "PreferredMaintenanceWindow": "tue:03:17-tue:03:47",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ASASASASASASAS",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-NHXOT4KVPY32Q4VX6R3BE6EUH4",
+                "DBClusterArn": "arn:aws:rds:us-east-1:111111111111:cluster:cluster-771-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 11,
+                    "minute": 41,
+                    "second": 48,
+                    "microsecond": 57000
+                },
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-771-rds_cluster_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-771-rds_cluster_default_admin_check/red_policy_test.py b/tests/ecc-aws-771-rds_cluster_default_admin_check/red_policy_test.py
new file mode 100644
index 000000000..7c89d5886
--- /dev/null
+++ b/tests/ecc-aws-771-rds_cluster_default_admin_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MasterUsername'], 'admin')
\ No newline at end of file
diff --git a/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..f9421037d
--- /dev/null
+++ b/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220930072638525700000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "database773green",
+                "Endpoint": {
+                    "Address": "terraform-20220930072638525700000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 7,
+                    "minute": 30,
+                    "second": 40,
+                    "microsecond": 286000
+                },
+                "PreferredBackupWindow": "06:59-07:29",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "fri:05:41-fri:06:11",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.38",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-WN27W4O6ZRTJWCSDHHIKBIQXDM",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220930072638525700000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-773-rds_instance_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..c1bf372df
--- /dev/null
+++ b/tests/ecc-aws-773-rds_instance_default_admin_check/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "terraform-20220930071950044300000001",
+                "DBInstanceClass": "db.t3.micro",
+                "Engine": "mysql",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "admin",
+                "DBName": "database773red",
+                "Endpoint": {
+                    "Address": "terraform-20220930071950044300000001.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "ASASASASASASAS"
+                },
+                "AllocatedStorage": 10,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 7,
+                    "minute": 23,
+                    "second": 51,
+                    "microsecond": 351000
+                },
+                "PreferredBackupWindow": "08:50-09:20",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "default.mysql5.7",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1d",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-12345asdfg",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:05:50-sat:06:20",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "5.7.38",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "default:mysql-5-7",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-MFIDSQEWGKXXP7H3T4EUWQACFQ",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:111111111111:db:terraform-20220930071950044300000001",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-773-rds_instance_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-773-rds_instance_default_admin_check/red_policy_test.py b/tests/ecc-aws-773-rds_instance_default_admin_check/red_policy_test.py
new file mode 100644
index 000000000..7c89d5886
--- /dev/null
+++ b/tests/ecc-aws-773-rds_instance_default_admin_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MasterUsername'], 'admin')
\ No newline at end of file
diff --git a/tests/ecc-aws-776-redshift_default_admin_check/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-776-redshift_default_admin_check/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..4c14b2a1d
--- /dev/null
+++ b/tests/ecc-aws-776-redshift_default_admin_check/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-776-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift776green",
+                "Endpoint": {
+                    "Address": "c7n-776-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 43,
+                    "second": 32,
+                    "microsecond": 996000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1f",
+                "PreferredMaintenanceWindow": "wed:03:30-wed:04:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC68zU3ti+NMMbasRtW6E004QAshqpmvkMftsUOWprCF8DFNsNKDoDLSq3n05ARoQ6ppvPrltWjMJiqqqVwMlWpQSr1VhkBejyJ6j1Rw8CLN3KhyYxK3rv0d3Wkw3ndTJ/oet6mkcX37TAxEJOR2o5THm3APKbHAdIR15CnYRlx9d0S0+rY91mqDY9TcX2FxWfLwEn9WFNcjwqc/Sx0tAWUX2WdX2efba81Gj3DXKHoNzTcD91KQd+4XXF3ZyYw94Szjmwa5Kgk401DyrylVcEeS9rAWkIx33vzaV3m3whh92icM5cMIWUH9jG2C6QhstuuBBpHLgFReKWwE/glODmn Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.78.72",
+                        "PublicIPAddress": "54.162.120.60"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-776-redshift_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 3,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:2a2d5f98-64b8-424b-9f23-cd71fd8a6845",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-776-redshift_default_admin_check/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-776-redshift_default_admin_check/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..a435afc62
--- /dev/null
+++ b/tests/ecc-aws-776-redshift_default_admin_check/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-776-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "awsuser",
+                "DBName": "redshift776green",
+                "Endpoint": {
+                    "Address": "c7n-776-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 29,
+                    "hour": 8,
+                    "minute": 38,
+                    "second": 36,
+                    "microsecond": 706000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1f",
+                "PreferredMaintenanceWindow": "fri:10:00-fri:10:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXJe7vl7NWAb0+XPAG6rNueUe2GSfnZhmoXGng+WfR4GL1jlfTUE+kNskXvsvYajABCX8WSBJZ8tt8xhH7TohkrpD4N1Wc6bx7Y5PLfjL58wPaLvBxrEwHGAvx67WfzAKWKmPVb1xyA0c2Q6hBRH94Yl6cXNKGWSrHV62JLZYQ1hKM+4McG8XFyWl0I1IwJsbssk+IXt1CmK0djuou1fCwUt5CN47XEerYOFMZcDNXPVHH7aspd1E1+gAkmo7Rmp0jKS2xy0UCQ1RsPWk3TRKpSbXWB71pOYWIjB4Om25qDgHVVHFzxsTgjyZ2E4D8MM9VukRzWX/znc3ZqIBKbuAx Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.66.79",
+                        "PublicIPAddress": "34.239.6.146"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-776-redshift_default_admin_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 30,
+                    "hour": 10,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:f911190e-6675-44b2-99bb-59a73ec0d28b",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-776-redshift_default_admin_check/red_policy_test.py b/tests/ecc-aws-776-redshift_default_admin_check/red_policy_test.py
new file mode 100644
index 000000000..7377bc729
--- /dev/null
+++ b/tests/ecc-aws-776-redshift_default_admin_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MasterUsername'], 'awsuser')
\ No newline at end of file
diff --git a/tests/ecc-aws-777-redshift_default_db_name_check/placebo-green/redshift.DescribeClusters_1.json b/tests/ecc-aws-777-redshift_default_db_name_check/placebo-green/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..f46711bc2
--- /dev/null
+++ b/tests/ecc-aws-777-redshift_default_db_name_check/placebo-green/redshift.DescribeClusters_1.json
@@ -0,0 +1,95 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-777-redshift-green",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "redshift777green",
+                "Endpoint": {
+                    "Address": "c7n-777-redshift-green.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 10,
+                    "minute": 53,
+                    "second": 21,
+                    "microsecond": 93000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "tue:05:30-tue:06:00",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCPJV4Q2L/l5di1rlFlGh6uf409opj0QK0iBq4p0BIhmfciilW/cuQalN6eEobD9njDnLQT++sYO0le/A7qmGF3/RiwkYPsrSzizv+k1WkgFjTibIxKBD+J+FYUA/afhBu5zo1ETl22ChX9hMiV0Px/qer3j0oPZ9DROiPXS1bGAX8eIQBZjfoJPWX8S/zUIdYyOb03ZXBxOkFrBezBelUUJfHFg4+xvrrwwglT5hID9ypuIZGwij5XiKZlTmuE5tCLlPjiF70RxXO1yMDWyR3z8dSnPiGSvcJCyEj8/G4s1QLjPTXZB0c7pGZiAars00tkYMOSYZ5ZpAXkgE9Oy49r Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.51.90",
+                        "PublicIPAddress": "44.210.158.189"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-777-redshift_default_db_name_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 4,
+                    "hour": 5,
+                    "minute": 30,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:03e04a04-d3d1-47d7-8376-5df86bcef629",
+                "TotalStorageCapacityInMegaBytes": 400000,
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-777-redshift_default_db_name_check/placebo-red/redshift.DescribeClusters_1.json b/tests/ecc-aws-777-redshift_default_db_name_check/placebo-red/redshift.DescribeClusters_1.json
new file mode 100644
index 000000000..0aaca2a42
--- /dev/null
+++ b/tests/ecc-aws-777-redshift_default_db_name_check/placebo-red/redshift.DescribeClusters_1.json
@@ -0,0 +1,94 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterIdentifier": "c7n-777-redshift-red",
+                "NodeType": "dc2.large",
+                "ClusterStatus": "available",
+                "ClusterAvailabilityStatus": "Available",
+                "MasterUsername": "root",
+                "DBName": "dev",
+                "Endpoint": {
+                    "Address": "c7n-777-redshift-red.cqwaglj6btcm.us-east-1.redshift.amazonaws.com",
+                    "Port": 5439
+                },
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 28,
+                    "hour": 11,
+                    "minute": 24,
+                    "second": 43,
+                    "microsecond": 485000
+                },
+                "AutomatedSnapshotRetentionPeriod": 1,
+                "ManualSnapshotRetentionPeriod": -1,
+                "ClusterSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "ClusterParameterGroups": [
+                    {
+                        "ParameterGroupName": "default.redshift-1.0",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "ClusterSubnetGroupName": "default",
+                "VpcId": "vpc-12345asdfg",
+                "AvailabilityZone": "us-east-1e",
+                "PreferredMaintenanceWindow": "wed:10:00-wed:10:30",
+                "PendingModifiedValues": {},
+                "ClusterVersion": "1.0",
+                "AllowVersionUpgrade": true,
+                "NumberOfNodes": 1,
+                "PubliclyAccessible": true,
+                "Encrypted": false,
+                "ClusterPublicKey": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCRZiMcZL4DYQbn0iVGubrJEZ+gIf11hPCWDoWVehSEM0PAk1cecMiSahVOTP9d3D+AjfpeNAqmM1OvkfTcIFy9QtmV+B/Jb4VLxqQJsDaBdH/O5LWSOQUtwHanzNTOk7ttlC5Ga4q2qutsyrYVD8gCzOvPWzOF9JPvJxHk3Sc93yhi9x0z9Ciii1+lkg1VrZx/92br8rTEiccH8Uzn/C61OmLkZxUY3D//vhXxyaWoCwGVitzrQbJqSK4KJZJFI4eNqt4ATTdJ0IFrN6Wsc2DXZjSjLbnrXC4TnIbzTOG0+2QkXMlf5TXJDahr4YO8e7aRYQ9WPJBEh5e97fZBb4hB Amazon-Redshift\n",
+                "ClusterNodes": [
+                    {
+                        "NodeRole": "SHARED",
+                        "PrivateIPAddress": "172.31.55.203",
+                        "PublicIPAddress": "54.211.130.31"
+                    }
+                ],
+                "ClusterRevisionNumber": "41881",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-777-redshift_default_db_name_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "EnhancedVpcRouting": false,
+                "IamRoles": [],
+                "MaintenanceTrackName": "current",
+                "DeferredMaintenanceWindows": [],
+                "NextMaintenanceWindowStartTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 5,
+                    "hour": 10,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "AvailabilityZoneRelocationStatus": "disabled",
+                "ClusterNamespaceArn": "arn:aws:redshift:us-east-1:111111111111:namespace:b41b4b17-6647-46a7-b56d-53b90825ebe6",
+                "AquaConfiguration": {
+                    "AquaStatus": "disabled",
+                    "AquaConfigurationStatus": "auto"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-777-redshift_default_db_name_check/red_policy_test.py b/tests/ecc-aws-777-redshift_default_db_name_check/red_policy_test.py
new file mode 100644
index 000000000..011880762
--- /dev/null
+++ b/tests/ecc-aws-777-redshift_default_db_name_check/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DBName'], 'dev')
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.GetTopicAttributes_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..7f8b4f1c6
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.GetTopicAttributes_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:sns-780-green\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-780-green",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "HTTPFailureFeedbackRoleArn": "arn:aws:iam::111111111111:role/780-failure-role-green",
+            "HTTPSuccessFeedbackRoleArn": "arn:aws:iam::111111111111:role/780-success-role-green",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.ListTopics_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.ListTopics_1.json
new file mode 100644
index 000000000..ffc6af5d4
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-780-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9e5ea17e4
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sns:us-east-1:111111111111:sns-780-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-780-sns_topic_message_delivery_notification_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.GetTopicAttributes_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.GetTopicAttributes_1.json
new file mode 100644
index 000000000..bd276b113
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.GetTopicAttributes_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "Attributes": {
+            "Policy": "{\"Version\":\"2008-10-17\",\"Id\":\"__default_policy_ID\",\"Statement\":[{\"Sid\":\"__default_statement_ID\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"},\"Action\":[\"SNS:GetTopicAttributes\",\"SNS:SetTopicAttributes\",\"SNS:AddPermission\",\"SNS:RemovePermission\",\"SNS:DeleteTopic\",\"SNS:Subscribe\",\"SNS:ListSubscriptionsByTopic\",\"SNS:Publish\"],\"Resource\":\"arn:aws:sns:us-east-1:111111111111:sns-780-red\",\"Condition\":{\"StringEquals\":{\"AWS:SourceOwner\":\"111111111111\"}}}]}",
+            "LambdaSuccessFeedbackSampleRate": "0",
+            "Owner": "111111111111",
+            "SubscriptionsPending": "0",
+            "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-780-red",
+            "EffectiveDeliveryPolicy": "{\"http\":{\"defaultHealthyRetryPolicy\":{\"minDelayTarget\":20,\"maxDelayTarget\":20,\"numRetries\":3,\"numMaxDelayRetries\":0,\"numNoDelayRetries\":0,\"numMinDelayRetries\":0,\"backoffFunction\":\"linear\"},\"disableSubscriptionOverrides\":false,\"defaultRequestPolicy\":{\"headerContentType\":\"text/plain; charset=UTF-8\"}}}",
+            "FirehoseSuccessFeedbackSampleRate": "0",
+            "SubscriptionsConfirmed": "0",
+            "SQSSuccessFeedbackSampleRate": "0",
+            "HTTPSuccessFeedbackSampleRate": "0",
+            "ApplicationSuccessFeedbackSampleRate": "0",
+            "DisplayName": "",
+            "SubscriptionsDeleted": "0"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.ListTopics_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.ListTopics_1.json
new file mode 100644
index 000000000..7d0760082
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/sns.ListTopics_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "Topics": [
+            {
+                "TopicArn": "arn:aws:sns:us-east-1:111111111111:sns-780-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..459b70ff8
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:sns:us-east-1:111111111111:sns-780-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-780-sns_topic_message_delivery_notification_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red_policy_test.py b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red_policy_test.py
new file mode 100644
index 000000000..27e3a41e0
--- /dev/null
+++ b/tests/ecc-aws-780-sns_topic_message_delivery_notification_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+         base_test.assertEqual(len(resources), 1)
+         base_test.assertNotIn('HTTPFailureFeedbackRoleArn', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.GetEnvironment_1.json b/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..6e7ae0b8c
--- /dev/null
+++ b/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.4.3",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_787_green",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 3,
+                "day": 1,
+                "hour": 16,
+                "minute": 6,
+                "second": 25,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/787_role_green",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 3,
+                    "day": 1,
+                    "hour": 16,
+                    "minute": 6,
+                    "second": 25,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_787_green-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_787_green",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-0560bf89e35612bed"
+                ],
+                "SubnetIds": [
+                    "subnet-0542ff75e1d2fb439",
+                    "subnet-08ab2aa2fb79dd63e"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::787-bucket-green",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-787-mwaa_latest_version",
+                "ComplianceStatus": "Green"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "fbac2178-7eda-4b2a-a1ae-2a5824e7f420-vpce.c3.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "MON:12:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.ListEnvironments_1.json b/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..c0b98b614
--- /dev/null
+++ b/tests/ecc-aws-787-mwaa_latest_version/placebo-green/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_787_green"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.GetEnvironment_1.json b/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.GetEnvironment_1.json
new file mode 100644
index 000000000..9b048af4e
--- /dev/null
+++ b/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.GetEnvironment_1.json
@@ -0,0 +1,86 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environment": {
+            "AirflowConfigurationOptions": {
+                "core.default_task_retries": "16",
+                "core.parallelism": "1"
+            },
+            "AirflowVersion": "2.0.2",
+            "Arn": "arn:aws:airflow:us-east-1:111111111111:environment/mwaa_787_red",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 7,
+                "day": 26,
+                "hour": 8,
+                "minute": 2,
+                "second": 4,
+                "microsecond": 0
+            },
+            "DagS3Path": "dags/",
+            "EnvironmentClass": "mw1.small",
+            "ExecutionRoleArn": "arn:aws:iam::111111111111:role/787_role_red",
+            "LastUpdate": {
+                "CreatedAt": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 7,
+                    "day": 26,
+                    "hour": 8,
+                    "minute": 2,
+                    "second": 4,
+                    "microsecond": 0
+                },
+                "Status": "SUCCESS"
+            },
+            "LoggingConfiguration": {
+                "DagProcessingLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "SchedulerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "TaskLogs": {
+                    "CloudWatchLogGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:airflow-mwaa_787_red-Task",
+                    "Enabled": true,
+                    "LogLevel": "INFO"
+                },
+                "WebserverLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                },
+                "WorkerLogs": {
+                    "Enabled": false,
+                    "LogLevel": "INFO"
+                }
+            },
+            "MaxWorkers": 1,
+            "MinWorkers": 1,
+            "Name": "mwaa_787_red",
+            "NetworkConfiguration": {
+                "SecurityGroupIds": [
+                    "sg-017a210f6ba04013d"
+                ],
+                "SubnetIds": [
+                    "subnet-05ec904bc017cd5ae",
+                    "subnet-0b8f6fc77c91daefd"
+                ]
+            },
+            "Schedulers": 2,
+            "ServiceRoleArn": "arn:aws:iam::111111111111:role/aws-service-role/airflow.amazonaws.com/AWSServiceRoleForAmazonMWAA",
+            "SourceBucketArn": "arn:aws:s3:::787-bucket-red",
+            "Status": "AVAILABLE",
+            "Tags": {
+                "CustodianRule": "ecc-aws-787-mwaa_latest_version",
+                "ComplianceStatus": "Red"
+            },
+            "WebserverAccessMode": "PRIVATE_ONLY",
+            "WebserverUrl": "c18882a7-c9e4-4757-b435-9f36afab5e43-vpce.c59.us-east-1.airflow.amazonaws.com",
+            "WeeklyMaintenanceWindowStart": "WED:09:00"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.ListEnvironments_1.json b/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.ListEnvironments_1.json
new file mode 100644
index 000000000..f9288b1a3
--- /dev/null
+++ b/tests/ecc-aws-787-mwaa_latest_version/placebo-red/airflow.ListEnvironments_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Environments": [
+            "mwaa_787_red"
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-787-mwaa_latest_version/red_policy_test.py b/tests/ecc-aws-787-mwaa_latest_version/red_policy_test.py
new file mode 100644
index 000000000..1d469918f
--- /dev/null
+++ b/tests/ecc-aws-787-mwaa_latest_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['AirflowVersion'], '2.0.2')
\ No newline at end of file
diff --git a/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.DescribeClusters_1.json b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..b1f904546
--- /dev/null
+++ b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.DescribeClusters_1.json
@@ -0,0 +1,61 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-800-green",
+                "ClusterArn": "arn:aws:dax:us-east-1:111111111111:cache/cluster-800-green",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.t2.small",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-800-green.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 9111,
+                    "URL": "daxs://cluster-800-green.ps5uie.dax-clusters.us-east-1.amazonaws.com"
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-800-green-a",
+                        "Endpoint": {
+                            "Address": "cluster-800-green-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 9111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 11,
+                            "hour": 14,
+                            "minute": 46,
+                            "second": 10,
+                            "microsecond": 881000
+                        },
+                        "AvailabilityZone": "us-east-1b",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "sun:05:30-sun:06:30",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::111111111111:role/dax_800_green",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "DISABLED"
+                },
+                "ClusterEndpointEncryptionType": "TLS"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.ListTags_1.json b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.ListTags_1.json
new file mode 100644
index 000000000..1c162d764
--- /dev/null
+++ b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-green/dax.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-800-dax_encryptied_in_transit"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.DescribeClusters_1.json b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.DescribeClusters_1.json
new file mode 100644
index 000000000..75fc13c25
--- /dev/null
+++ b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.DescribeClusters_1.json
@@ -0,0 +1,61 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "ClusterName": "cluster-800-red",
+                "ClusterArn": "arn:aws:dax:us-east-1:111111111111:cache/cluster-800-red",
+                "TotalNodes": 1,
+                "ActiveNodes": 1,
+                "NodeType": "dax.t2.small",
+                "Status": "available",
+                "ClusterDiscoveryEndpoint": {
+                    "Address": "cluster-800-red.ps5uie.dax-clusters.us-east-1.amazonaws.com",
+                    "Port": 8111,
+                    "URL": "dax://cluster-800-red.ps5uie.dax-clusters.us-east-1.amazonaws.com"
+                },
+                "Nodes": [
+                    {
+                        "NodeId": "cluster-800-red-a",
+                        "Endpoint": {
+                            "Address": "cluster-800-red-a.ps5uie.nodes.dax-clusters.us-east-1.amazonaws.com",
+                            "Port": 8111
+                        },
+                        "NodeCreateTime": {
+                            "__class__": "datetime",
+                            "year": 2022,
+                            "month": 11,
+                            "day": 11,
+                            "hour": 15,
+                            "minute": 5,
+                            "second": 1,
+                            "microsecond": 540000
+                        },
+                        "AvailabilityZone": "us-east-1a",
+                        "NodeStatus": "available",
+                        "ParameterGroupStatus": "in-sync"
+                    }
+                ],
+                "PreferredMaintenanceWindow": "mon:05:30-mon:06:30",
+                "SubnetGroup": "default",
+                "SecurityGroups": [
+                    {
+                        "SecurityGroupIdentifier": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "IamRoleArn": "arn:aws:iam::111111111111:role/dax_800_red",
+                "ParameterGroup": {
+                    "ParameterGroupName": "default.dax1.0",
+                    "ParameterApplyStatus": "in-sync",
+                    "NodeIdsToReboot": []
+                },
+                "SSEDescription": {
+                    "Status": "DISABLED"
+                },
+                "ClusterEndpointEncryptionType": "NONE"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.ListTags_1.json b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.ListTags_1.json
new file mode 100644
index 000000000..cbd2f623f
--- /dev/null
+++ b/tests/ecc-aws-800-dax_ecnrypted_in_transit/placebo-red/dax.ListTags_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "Tags": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-800-dax_encrypted_in_transit"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-800-dax_ecnrypted_in_transit/red_policy_test.py b/tests/ecc-aws-800-dax_ecnrypted_in_transit/red_policy_test.py
new file mode 100644
index 000000000..e3f51568e
--- /dev/null
+++ b/tests/ecc-aws-800-dax_ecnrypted_in_transit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['ClusterEndpointEncryptionType'], 'NONE')
\ No newline at end of file
diff --git a/tests/ecc-aws-808-clb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-808-clb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..4eb13875d
--- /dev/null
+++ b/tests/ecc-aws-808-clb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-808-green",
+                "DNSName": "internal-elb-808-green-1920171249.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-022c9393cb7a0e33d",
+                    "subnet-0aec115193c37a260"
+                ],
+                "VPCId": "vpc-0d6caa09beec41f6e",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "808_security_group_green"
+                },
+                "SecurityGroups": [
+                    "sg-0062e5d88c64065b8"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 0,
+                    "second": 4,
+                    "microsecond": 180000
+                },
+                "Scheme": "internal"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-808-clb_internet_facing/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-808-clb_internet_facing/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8c1e2ae7a
--- /dev/null
+++ b/tests/ecc-aws-808-clb_internet_facing/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-808-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-808-clb_internet_facing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-808-clb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-808-clb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..15af3ab8d
--- /dev/null
+++ b/tests/ecc-aws-808-clb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "elb-808-red",
+                "DNSName": "elb-808-red-865818244.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "elb-808-red-865818244.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "HTTP",
+                            "LoadBalancerPort": 80,
+                            "InstanceProtocol": "HTTP",
+                            "InstancePort": 8000
+                        },
+                        "PolicyNames": []
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": []
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-043778d325b96f42e",
+                    "subnet-07a29e42be2a77599"
+                ],
+                "VPCId": "vpc-01370c4406808266b",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "808_security_group_red"
+                },
+                "SecurityGroups": [
+                    "sg-0d5601bd47158b95d"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 13,
+                    "minute": 0,
+                    "second": 15,
+                    "microsecond": 470000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-808-clb_internet_facing/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-808-clb_internet_facing/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..ddf608558
--- /dev/null
+++ b/tests/ecc-aws-808-clb_internet_facing/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/elb-808-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-808-clb_internet_facing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-808-clb_internet_facing/red_policy_test.py b/tests/ecc-aws-808-clb_internet_facing/red_policy_test.py
new file mode 100644
index 000000000..35d7faeb7
--- /dev/null
+++ b/tests/ecc-aws-808-clb_internet_facing/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Scheme'], 'internet-facing')
\ No newline at end of file
diff --git a/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..cc9ed07d5
--- /dev/null
+++ b/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-809-green/d8c2a96d55c5f7a1",
+                "DNSName": "internal-alb-809-green-2053259571.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 8,
+                    "minute": 56,
+                    "second": 5,
+                    "microsecond": 650000
+                },
+                "LoadBalancerName": "alb-809-green",
+                "Scheme": "internal",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-0076f5cc00b27549c",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-0c5d145e749de5141",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-0abd2a12537d2e69e"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..23f152f48
--- /dev/null
+++ b/tests/ecc-aws-809-elb_internet_facing/placebo-green/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-809-green/d8c2a96d55c5f7a1",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-809-elb_internet_facing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..c5b3144d5
--- /dev/null
+++ b/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,46 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancers": [
+            {
+                "LoadBalancerArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-809-Red/90ff5f192e829d1a",
+                "DNSName": "alb-809-Red-1806109469.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneId": "Z35SXDOTRQ7X7K",
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 13,
+                    "hour": 8,
+                    "minute": 57,
+                    "second": 2,
+                    "microsecond": 910000
+                },
+                "LoadBalancerName": "alb-809-Red",
+                "Scheme": "internet-facing",
+                "VpcId": "vpc-12345asdfg",
+                "State": {
+                    "Code": "active"
+                },
+                "Type": "application",
+                "AvailabilityZones": [
+                    {
+                        "ZoneName": "us-east-1a",
+                        "SubnetId": "subnet-03bff3327413c6140",
+                        "LoadBalancerAddresses": []
+                    },
+                    {
+                        "ZoneName": "us-east-1b",
+                        "SubnetId": "subnet-06989b4b7db07f432",
+                        "LoadBalancerAddresses": []
+                    }
+                ],
+                "SecurityGroups": [
+                    "sg-0a6ae152e2e1f1385"
+                ],
+                "IpAddressType": "ipv4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeTags_1.json b/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeTags_1.json
new file mode 100644
index 000000000..9b81d8bac
--- /dev/null
+++ b/tests/ecc-aws-809-elb_internet_facing/placebo-red/elasticloadbalancing.DescribeTags_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "TagDescriptions": [
+            {
+                "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/app/alb-809-Red/90ff5f192e829d1a",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-809-elb_internet_facing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-809-elb_internet_facing/red_policy_test.py b/tests/ecc-aws-809-elb_internet_facing/red_policy_test.py
new file mode 100644
index 000000000..35d7faeb7
--- /dev/null
+++ b/tests/ecc-aws-809-elb_internet_facing/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Scheme'], 'internet-facing')
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..e01f080ff
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/e30a173d-1cf3-457d-908f-8a45131e4165",
+            "DomainName": "examplegreen.com",
+            "SubjectAlternativeNames": [
+                "examplegreen.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplegreen.com"
+                }
+            ],
+            "Serial": "ce:f4:4c:4d:44:37:17:83:8c:5d:00:47:b1:68:e4:51",
+            "Subject": "CN=examplegreen.com",
+            "Issuer": "examplegreen.com",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 18,
+                "microsecond": 968000
+            },
+            "ImportedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 18,
+                "microsecond": 980000
+            },
+            "Status": "ISSUED",
+            "NotBefore": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 18,
+                "microsecond": 0
+            },
+            "NotAfter": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 15,
+                "hour": 0,
+                "minute": 35,
+                "second": 18,
+                "microsecond": 0
+            },
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "IMPORTED",
+            "KeyUsages": [
+                {
+                    "Name": "DIGITAL_SIGNATURE"
+                },
+                {
+                    "Name": "KEY_ENCIPHERMENT"
+                }
+            ],
+            "ExtendedKeyUsages": [
+                {
+                    "Name": "TLS_WEB_SERVER_AUTHENTICATION",
+                    "OID": "1.3.6.1.5.5.7.3.1"
+                }
+            ],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..328de74b4
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/e30a173d-1cf3-457d-908f-8a45131e4165",
+                "DomainName": "examplegreen.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..43ce2e686
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/e30a173d-1cf3-457d-908f-8a45131e4165",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..e04f380c9
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,84 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/0b4a0eee-2eb1-475d-8b6e-bbfdccd18c47",
+            "DomainName": "examplered.com",
+            "SubjectAlternativeNames": [
+                "examplered.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplered.com"
+                }
+            ],
+            "Serial": "d9:b5:e0:05:cb:08:5d:ef:23:ac:a1:a7:02:88:49:f1",
+            "Subject": "CN=examplered.com",
+            "Issuer": "examplered.com",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 9,
+                "microsecond": 973000
+            },
+            "ImportedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 9,
+                "microsecond": 987000
+            },
+            "Status": "ISSUED",
+            "NotBefore": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 14,
+                "hour": 12,
+                "minute": 35,
+                "second": 8,
+                "microsecond": 0
+            },
+            "NotAfter": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 15,
+                "hour": 0,
+                "minute": 35,
+                "second": 8,
+                "microsecond": 0
+            },
+            "KeyAlgorithm": "RSA-1024",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "IMPORTED",
+            "KeyUsages": [
+                {
+                    "Name": "DIGITAL_SIGNATURE"
+                },
+                {
+                    "Name": "KEY_ENCIPHERMENT"
+                }
+            ],
+            "ExtendedKeyUsages": [
+                {
+                    "Name": "TLS_WEB_SERVER_AUTHENTICATION",
+                    "OID": "1.3.6.1.5.5.7.3.1"
+                }
+            ],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..6406a78e1
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/0b4a0eee-2eb1-475d-8b6e-bbfdccd18c47",
+                "DomainName": "examplered.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..acde783b3
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/0b4a0eee-2eb1-475d-8b6e-bbfdccd18c47",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red_policy_test.py b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red_policy_test.py
new file mode 100644
index 000000000..da8d2aeae
--- /dev/null
+++ b/tests/ecc-aws-821-acm_certificate_not_using_a_minimum_of_2048-bit_key_for_rsa_certificate/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['KeyAlgorithm'], 'RSA-1024')
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..7a2ed4d3a
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n835_user_green,arn:aws:iam::111111111111:user/835_user_green,2022-09-19T08:13:26+00:00,false,N/A,N/A,N/A,false,true,2022-09-19T08:13:27+00:00,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 19,
+            "hour": 8,
+            "minute": 16,
+            "second": 6,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetUser_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetUser_1.json
new file mode 100644
index 000000000..5203d5d44
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "835_user_green",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::111111111111:user/835_user_green",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 16,
+                "hour": 11,
+                "minute": 33,
+                "second": 29,
+                "microsecond": 0
+            },
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-835-inactive_iam_access_keys_are_not_deleted"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.ListUsers_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.ListUsers_1.json
new file mode 100644
index 000000000..e73975523
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-green/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "835_user_green",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::111111111111:user/835_user_green",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 16,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 29,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GenerateCredentialReport_1.json
new file mode 100644
index 000000000..9abcdb973
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GenerateCredentialReport_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "State": "STARTED",
+        "Description": "No report exists. Starting a new report generation task",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetCredentialReport_1.json
new file mode 100644
index 000000000..1754a14c5
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetCredentialReport_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n835_user_red,arn:aws:iam::111111111111:user/835_user_red,2022-09-19T08:13:41+00:00,false,N/A,N/A,N/A,false,false,2022-09-19T08:13:41+00:00,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "ReportFormat": "text/csv",
+        "GeneratedTime": {
+            "__class__": "datetime",
+            "year": 2022,
+            "month": 9,
+            "day": 19,
+            "hour": 8,
+            "minute": 16,
+            "second": 6,
+            "microsecond": 0
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetUser_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetUser_1.json
new file mode 100644
index 000000000..815e098d6
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.GetUser_1.json
@@ -0,0 +1,32 @@
+{
+    "status_code": 200,
+    "data": {
+        "User": {
+            "Path": "/",
+            "UserName": "835_user_red",
+            "UserId": "ASASASASASASASASASA",
+            "Arn": "arn:aws:iam::111111111111:user/835_user_red",
+            "CreateDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 9,
+                "day": 16,
+                "hour": 11,
+                "minute": 33,
+                "second": 15,
+                "microsecond": 0
+            },
+            "Tags": [
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                },
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-835-inactive_iam_access_keys_are_not_deleted"
+                }
+            ]
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.ListUsers_1.json b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.ListUsers_1.json
new file mode 100644
index 000000000..b3f6286c4
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/placebo-red/iam.ListUsers_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "Users": [
+            {
+                "Path": "/",
+                "UserName": "835_user_red",
+                "UserId": "ASASASASASASASASASA",
+                "Arn": "arn:aws:iam::111111111111:user/835_user_red",
+                "CreateDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 16,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 15,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red_policy_test.py b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red_policy_test.py
new file mode 100644
index 000000000..fe6c02399
--- /dev/null
+++ b/tests/ecc-aws-835-inactive_iam_access_keys_are_not_deleted/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['c7n:credential-report']['access_keys'][0]['active'])
\ No newline at end of file
diff --git a/tests/ecc-aws-897-security_hub_enabled/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-897-security_hub_enabled/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-897-security_hub_enabled/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-897-security_hub_enabled/placebo-green/securityhub.DescribeHub_1.json b/tests/ecc-aws-897-security_hub_enabled/placebo-green/securityhub.DescribeHub_1.json
new file mode 100644
index 000000000..4a3b05fe1
--- /dev/null
+++ b/tests/ecc-aws-897-security_hub_enabled/placebo-green/securityhub.DescribeHub_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "HubArn": "arn:aws:securityhub:us-east-1:111111111111:hub/default",
+        "SubscribedAt": "2023-01-18T15:27:56.359Z",
+        "AutoEnableControls": true
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-897-security_hub_enabled/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-897-security_hub_enabled/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-897-security_hub_enabled/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-897-security_hub_enabled/placebo-red/securityhub.DescribeHub_1.json b/tests/ecc-aws-897-security_hub_enabled/placebo-red/securityhub.DescribeHub_1.json
new file mode 100644
index 000000000..fd94fc58f
--- /dev/null
+++ b/tests/ecc-aws-897-security_hub_enabled/placebo-red/securityhub.DescribeHub_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 401,
+    "data": {
+        "Error": {
+            "Message": "Account 111111111111 is not subscribed to AWS Security Hub",
+            "Code": "InvalidAccessException"
+        },
+        "ResponseMetadata": {},
+        "Message": "Account 111111111111 is not subscribed to AWS Security Hub",
+        "Code": "InvalidAccessException"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-897-security_hub_enabled/red_policy_test.py b/tests/ecc-aws-897-security_hub_enabled/red_policy_test.py
new file mode 100644
index 000000000..ffeeb5df0
--- /dev/null
+++ b/tests/ecc-aws-897-security_hub_enabled/red_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..83bdcd5c5
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "111111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..ca813b539
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "899-sqs-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..8a5555e44
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "QueueConfigurations": [
+            {
+                "Id": "tf-s3-queue-20221213171422514400000001",
+                "QueueArn": "arn:aws:sqs:us-east-1:111111111111:899_sqs_green",
+                "Events": [
+                    "s3:ObjectCreated:*"
+                ],
+                "Filter": {
+                    "Key": {
+                        "FilterRules": [
+                            {
+                                "Name": "Suffix",
+                                "Value": ".log"
+                            }
+                        ]
+                    }
+                }
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..774eb7351
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "899-sqs-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..e71c83358
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "899-sqs-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..7117e70b4
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-899-s3_event_notifications_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..390f49b61
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "899-sqs-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..b6c80560d
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "899-lambda-s3-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 17,
+                    "minute": 22,
+                    "second": 57,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..83bdcd5c5
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "111111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..ed1629a9b
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "899-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..9bdc09598
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "899-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..d1309955b
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "899-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..58ec11d59
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-899-s3_event_notifications_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..a4d479f21
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "899-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..399f09284
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "899-s3-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 12,
+                    "day": 13,
+                    "hour": 18,
+                    "minute": 12,
+                    "second": 3,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-899-s3_event_notifications_enabled/red_policy_test.py b/tests/ecc-aws-899-s3_event_notifications_enabled/red_policy_test.py
new file mode 100644
index 000000000..c796e2658
--- /dev/null
+++ b/tests/ecc-aws-899-s3_event_notifications_enabled/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        bucket_id = resources[0]['Name']
+        s3_client = local_session.client("s3").get_bucket_notification_configuration(Bucket=bucket_id)['ResponseMetadata']
+        base_test.assertEqual(s3_client,{})
+        
\ No newline at end of file
diff --git a/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-green/ec2.DescribeVpnConnections_1.json b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-green/ec2.DescribeVpnConnections_1.json
new file mode 100644
index 000000000..7b26aa37b
--- /dev/null
+++ b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-green/ec2.DescribeVpnConnections_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpnConnections": [
+            {
+                "CustomerGatewayConfiguration": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn_connection id=\"vpn-026b3a211812eaea1\">\n  <customer_gateway_id>cgw-09d45b6ca814d0482</customer_gateway_id>\n  <vpn_gateway_id>vgw-0b41413d380fb6341</vpn_gateway_id>\n  <vpn_connection_type>ipsec.1</vpn_connection_type>\n  <vpn_connection_attributes>NoBGPVPNConnection</vpn_connection_attributes>\n  <ipsec_tunnel>\n    <customer_gateway>\n      <tunnel_outside_address>\n        <ip_address>37.229.52.219</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.173.122</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </customer_gateway>\n    <vpn_gateway>\n      <tunnel_outside_address>\n        <ip_address>35.153.37.185</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.173.121</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </vpn_gateway>\n    <ike>\n      <authentication_protocol>sha1</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>28800</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>main</mode>\n      <pre_shared_key>gF_bQUxHWxdTKNtrBvYb8L0ZcFY3SB6P</pre_shared_key>\n    </ike>\n    <ipsec>\n      <protocol>esp</protocol>\n      <authentication_protocol>hmac-sha1-96</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>3600</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>tunnel</mode>\n      <clear_df_bit>true</clear_df_bit>\n      <fragmentation_before_encryption>true</fragmentation_before_encryption>\n      <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n      <dead_peer_detection>\n        <interval>10</interval>\n        <retries>3</retries>\n      </dead_peer_detection>\n    </ipsec>\n  </ipsec_tunnel>\n  <ipsec_tunnel>\n    <customer_gateway>\n      <tunnel_outside_address>\n        <ip_address>37.229.52.219</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.160.130</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </customer_gateway>\n    <vpn_gateway>\n      <tunnel_outside_address>\n        <ip_address>44.199.76.65</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.160.129</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </vpn_gateway>\n    <ike>\n      <authentication_protocol>sha1</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>28800</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>main</mode>\n      <pre_shared_key>z583wjrPVQrJpbezOSnpMC4BcKwmasoB</pre_shared_key>\n    </ike>\n    <ipsec>\n      <protocol>esp</protocol>\n      <authentication_protocol>hmac-sha1-96</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>3600</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>tunnel</mode>\n      <clear_df_bit>true</clear_df_bit>\n      <fragmentation_before_encryption>true</fragmentation_before_encryption>\n      <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n      <dead_peer_detection>\n        <interval>10</interval>\n        <retries>3</retries>\n      </dead_peer_detection>\n    </ipsec>\n  </ipsec_tunnel>\n</vpn_connection>",
+                "CustomerGatewayId": "cgw-09d45b6ca814d0482",
+                "Category": "VPN",
+                "State": "available",
+                "Type": "ipsec.1",
+                "VpnConnectionId": "vpn-026b3a211812eaea1",
+                "VpnGatewayId": "vgw-0b41413d380fb6341",
+                "GatewayAssociationState": "associated",
+                "Options": {
+                    "EnableAcceleration": false,
+                    "StaticRoutesOnly": true,
+                    "LocalIpv4NetworkCidr": "0.0.0.0/0",
+                    "RemoteIpv4NetworkCidr": "0.0.0.0/0",
+                    "TunnelInsideIpVersion": "ipv4",
+                    "TunnelOptions": [
+                        {
+                            "OutsideIpAddress": "35.153.37.185",
+                            "TunnelInsideCidr": "169.254.173.120/30",
+                            "PreSharedKey": "gF_bQUxHWxdTKNtrBvYb8L0ZcFY3SB6P"
+                        },
+                        {
+                            "OutsideIpAddress": "44.199.76.65",
+                            "TunnelInsideCidr": "169.254.160.128/30",
+                            "PreSharedKey": "z583wjrPVQrJpbezOSnpMC4BcKwmasoB"
+                        }
+                    ]
+                },
+                "Routes": [
+                    {
+                        "DestinationCidrBlock": "37.229.52.219/32",
+                        "State": "available"
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-902-vpc_vpn_2_tunnels_up"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VgwTelemetry": [
+                    {
+                        "AcceptedRouteCount": 1,
+                        "LastStatusChange": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 11,
+                            "hour": 20,
+                            "minute": 40,
+                            "second": 55,
+                            "microsecond": 0
+                        },
+                        "OutsideIpAddress": "35.153.37.185",
+                        "Status": "UP",
+                        "StatusMessage": ""
+                    },
+                    {
+                        "AcceptedRouteCount": 1,
+                        "LastStatusChange": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 11,
+                            "hour": 21,
+                            "minute": 16,
+                            "second": 46,
+                            "microsecond": 0
+                        },
+                        "OutsideIpAddress": "44.199.76.65",
+                        "Status": "UP",
+                        "StatusMessage": ""
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-red/ec2.DescribeVpnConnections_1.json b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-red/ec2.DescribeVpnConnections_1.json
new file mode 100644
index 000000000..2980dbadc
--- /dev/null
+++ b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/placebo-red/ec2.DescribeVpnConnections_1.json
@@ -0,0 +1,87 @@
+{
+    "status_code": 200,
+    "data": {
+        "VpnConnections": [
+            {
+                "CustomerGatewayConfiguration": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<vpn_connection id=\"vpn-026b3a211812eaea1\">\n  <customer_gateway_id>cgw-09d45b6ca814d0482</customer_gateway_id>\n  <vpn_gateway_id>vgw-0b41413d380fb6341</vpn_gateway_id>\n  <vpn_connection_type>ipsec.1</vpn_connection_type>\n  <vpn_connection_attributes>NoBGPVPNConnection</vpn_connection_attributes>\n  <ipsec_tunnel>\n    <customer_gateway>\n      <tunnel_outside_address>\n        <ip_address>37.229.52.219</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.173.122</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </customer_gateway>\n    <vpn_gateway>\n      <tunnel_outside_address>\n        <ip_address>35.153.37.185</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.173.121</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </vpn_gateway>\n    <ike>\n      <authentication_protocol>sha1</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>28800</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>main</mode>\n      <pre_shared_key>gF_bQUxHWxdTKNtrBvYb8L0ZcFY3SB6P</pre_shared_key>\n    </ike>\n    <ipsec>\n      <protocol>esp</protocol>\n      <authentication_protocol>hmac-sha1-96</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>3600</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>tunnel</mode>\n      <clear_df_bit>true</clear_df_bit>\n      <fragmentation_before_encryption>true</fragmentation_before_encryption>\n      <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n      <dead_peer_detection>\n        <interval>10</interval>\n        <retries>3</retries>\n      </dead_peer_detection>\n    </ipsec>\n  </ipsec_tunnel>\n  <ipsec_tunnel>\n    <customer_gateway>\n      <tunnel_outside_address>\n        <ip_address>37.229.52.219</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.160.130</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </customer_gateway>\n    <vpn_gateway>\n      <tunnel_outside_address>\n        <ip_address>44.199.76.65</ip_address>\n      </tunnel_outside_address>\n      <tunnel_inside_address>\n        <ip_address>169.254.160.129</ip_address>\n        <network_mask>255.255.255.252</network_mask>\n        <network_cidr>30</network_cidr>\n      </tunnel_inside_address>\n    </vpn_gateway>\n    <ike>\n      <authentication_protocol>sha1</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>28800</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>main</mode>\n      <pre_shared_key>z583wjrPVQrJpbezOSnpMC4BcKwmasoB</pre_shared_key>\n    </ike>\n    <ipsec>\n      <protocol>esp</protocol>\n      <authentication_protocol>hmac-sha1-96</authentication_protocol>\n      <encryption_protocol>aes-128-cbc</encryption_protocol>\n      <lifetime>3600</lifetime>\n      <perfect_forward_secrecy>group2</perfect_forward_secrecy>\n      <mode>tunnel</mode>\n      <clear_df_bit>true</clear_df_bit>\n      <fragmentation_before_encryption>true</fragmentation_before_encryption>\n      <tcp_mss_adjustment>1379</tcp_mss_adjustment>\n      <dead_peer_detection>\n        <interval>10</interval>\n        <retries>3</retries>\n      </dead_peer_detection>\n    </ipsec>\n  </ipsec_tunnel>\n</vpn_connection>",
+                "CustomerGatewayId": "cgw-09d45b6ca814d0482",
+                "Category": "VPN",
+                "State": "available",
+                "Type": "ipsec.1",
+                "VpnConnectionId": "vpn-026b3a211812eaea1",
+                "VpnGatewayId": "vgw-0b41413d380fb6341",
+                "GatewayAssociationState": "associated",
+                "Options": {
+                    "EnableAcceleration": false,
+                    "StaticRoutesOnly": true,
+                    "LocalIpv4NetworkCidr": "0.0.0.0/0",
+                    "RemoteIpv4NetworkCidr": "0.0.0.0/0",
+                    "TunnelInsideIpVersion": "ipv4",
+                    "TunnelOptions": [
+                        {
+                            "OutsideIpAddress": "35.153.37.185",
+                            "TunnelInsideCidr": "169.254.173.120/30",
+                            "PreSharedKey": "gF_bQUxHWxdTKNtrBvYb8L0ZcFY3SB6P"
+                        },
+                        {
+                            "OutsideIpAddress": "44.199.76.65",
+                            "TunnelInsideCidr": "169.254.160.128/30",
+                            "PreSharedKey": "z583wjrPVQrJpbezOSnpMC4BcKwmasoB"
+                        }
+                    ]
+                },
+                "Routes": [
+                    {
+                        "DestinationCidrBlock": "37.229.52.219/32",
+                        "State": "available"
+                    }
+                ],
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-902-vpc_vpn_2_tunnels_up"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "VgwTelemetry": [
+                    {
+                        "AcceptedRouteCount": 1,
+                        "LastStatusChange": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 11,
+                            "hour": 20,
+                            "minute": 40,
+                            "second": 55,
+                            "microsecond": 0
+                        },
+                        "OutsideIpAddress": "35.153.37.185",
+                        "Status": "UP",
+                        "StatusMessage": ""
+                    },
+                    {
+                        "AcceptedRouteCount": 1,
+                        "LastStatusChange": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 1,
+                            "day": 11,
+                            "hour": 20,
+                            "minute": 18,
+                            "second": 26,
+                            "microsecond": 0
+                        },
+                        "OutsideIpAddress": "44.199.76.65",
+                        "Status": "DOWN",
+                        "StatusMessage": ""
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/red_policy_test.py b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/red_policy_test.py
new file mode 100644
index 000000000..03348bdc7
--- /dev/null
+++ b/tests/ecc-aws-902-vpc_vpn_2_tunnels_up/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['VgwTelemetry'][0]['Status'], 'UP')
+        base_test.assertEqual(resources[0]['VgwTelemetry'][1]['Status'], 'DOWN')
diff --git a/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..5d1d1157a
--- /dev/null
+++ b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-green/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "904_launch_configuration_green20220926134100060700000001",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:68e8eb7f-6eb9-4917-86bb-0dab0063d190:launchConfigurationName/904_launch_configuration_green20220926134100060700000001",
+                "ImageId": "ami-0464d49b8794eba32",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 26,
+                    "hour": 13,
+                    "minute": 41,
+                    "second": 0,
+                    "microsecond": 423000
+                },
+                "EbsOptimized": false,
+                "MetadataOptions": {
+                    "HttpTokens": "required",
+                    "HttpPutResponseHopLimit": 1,
+                    "HttpEndpoint": "enabled"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
new file mode 100644
index 000000000..6aa0c5f0f
--- /dev/null
+++ b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/placebo-red/autoscaling.DescribeLaunchConfigurations_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "LaunchConfigurations": [
+            {
+                "LaunchConfigurationName": "904_launch_configuration_red20220926134046719700000001",
+                "LaunchConfigurationARN": "arn:aws:autoscaling:us-east-1:111111111111:launchConfiguration:2d99f0f6-4bcd-4d2b-bd42-1800dc11f055:launchConfigurationName/904_launch_configuration_red20220926134046719700000001",
+                "ImageId": "ami-0464d49b8794eba32",
+                "KeyName": "",
+                "SecurityGroups": [],
+                "ClassicLinkVPCSecurityGroups": [],
+                "UserData": "",
+                "InstanceType": "t2.micro",
+                "KernelId": "",
+                "RamdiskId": "",
+                "BlockDeviceMappings": [],
+                "InstanceMonitoring": {
+                    "Enabled": true
+                },
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 9,
+                    "day": 26,
+                    "hour": 13,
+                    "minute": 40,
+                    "second": 46,
+                    "microsecond": 974000
+                },
+                "EbsOptimized": false,
+                "MetadataOptions": {
+                    "HttpTokens": "required",
+                    "HttpPutResponseHopLimit": 5,
+                    "HttpEndpoint": "enabled"
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/red_policy_test.py b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/red_policy_test.py
new file mode 100644
index 000000000..89cc59211
--- /dev/null
+++ b/tests/ecc-aws-904-autoscaling_launch_config_hop_limit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['MetadataOptions']['HttpPutResponseHopLimit'], 5)
\ No newline at end of file
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..58b72eb1e
--- /dev/null
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,65 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/906_ecs_task_definition_green:1",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "readonlyRootFilesystem": true
+                }
+            ],
+            "family": "906_ecs_task_definition_green",
+            "networkMode": "host",
+            "revision": 1,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 17,
+                "hour": 9,
+                "minute": 49,
+                "second": 12,
+                "microsecond": 53000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-906-ecs_containers_readonly_access"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..4a01da85a
--- /dev/null
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/906_ecs_task_definition_green:1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..f3596ade8
--- /dev/null
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,62 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/906_ecs_task_definition_red:1",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "readonlyRootFilesystem": false
+                }
+            ],
+            "family": "906_ecs_task_definition_red",
+            "networkMode": "host",
+            "revision": 1,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 17,
+                "hour": 9,
+                "minute": 48,
+                "second": 39,
+                "microsecond": 839000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-906-ecs_containers_readonly_access"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..0961d2b6b
--- /dev/null
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/906_ecs_task_definition_red:1"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/red_policy_test.py b/tests/ecc-aws-906-ecs_containers_readonly_access/red_policy_test.py
new file mode 100644
index 000000000..bf566fa81
--- /dev/null
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['containerDefinitions'][0]['readonlyRootFilesystem'])
\ No newline at end of file
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..036ce2e03
--- /dev/null
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,66 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/907_ecs_task_definition_green:2",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [
+                        {
+                            "name": "AWS_ACCESS_KEY_ID",
+                            "value": "arn:qwe:test"
+                        }
+                    ],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "907_ecs_task_definition_green",
+            "networkMode": "host",
+            "revision": 2,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 18,
+                "hour": 15,
+                "minute": 20,
+                "second": 10,
+                "microsecond": 933000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-907-ecs_no_environment_secrets"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..5509c4ca1
--- /dev/null
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/907_ecs_task_definition_green:2"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..15a813ac4
--- /dev/null
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,74 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/907_ecs_task_definition_red:10",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [
+                        {
+                            "name": "AWS_ACCESS_KEY_ID",
+                            "value": "arn:qwe:test"
+                        },
+                        {
+                            "name": "ECS_ENGINE_AUTH_DATA",
+                            "value": "test"
+                        },
+                        {
+                            "name": "AWS_SECRET_ACCESS_KEY",
+                            "value": "test"
+                        }
+                    ],
+                    "mountPoints": [],
+                    "volumesFrom": []
+                }
+            ],
+            "family": "907_ecs_task_definition_red",
+            "networkMode": "host",
+            "revision": 10,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EXTERNAL",
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 18,
+                "hour": 15,
+                "minute": 7,
+                "second": 42,
+                "microsecond": 703000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-907-ecs_no_environment_secrets"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..91eedea3e
--- /dev/null
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/907_ecs_task_definition_red:10"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/red_policy_test.py b/tests/ecc-aws-907-ecs_no_environment_secrets/red_policy_test.py
new file mode 100644
index 000000000..a0a605e0e
--- /dev/null
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        for resource in resources[0]['containerDefinitions'][0]['environment']:
+            if resource['name'] == '^(?!arn).*':
+                base_test.assertNotRegex(resource['value'], r'^(?!arn).*')
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.DescribeKey_1.json
new file mode 100644
index 000000000..b7c63acad
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.DescribeKey_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "93aa1248-3171-4e99-91d7-a4051e66c683",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/93aa1248-3171-4e99-91d7-a4051e66c683",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 4,
+                "hour": 9,
+                "minute": 29,
+                "second": 21,
+                "microsecond": 570000
+            },
+            "Enabled": true,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "Enabled",
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListAliases_1.json
new file mode 100644
index 000000000..27f8222ff
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListAliases_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [
+            {
+                "AliasName": "alias/k-911-green",
+                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-911-green",
+                "TargetKeyId": "93aa1248-3171-4e99-91d7-a4051e66c683",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 29,
+                    "second": 29,
+                    "microsecond": 855000
+                },
+                "LastUpdatedDate": {
+                    "__class__": "datetime",
+                    "year": 2022,
+                    "month": 10,
+                    "day": 4,
+                    "hour": 9,
+                    "minute": 29,
+                    "second": 29,
+                    "microsecond": 855000
+                }
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListKeys_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListKeys_1.json
new file mode 100644
index 000000000..01651c059
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/kms.ListKeys_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "93aa1248-3171-4e99-91d7-a4051e66c683",
+                "KeyArn": "arn:aws:kms:us-east-1:111111111111:key/93aa1248-3171-4e99-91d7-a4051e66c683"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..9251c4732
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/93aa1248-3171-4e99-91d7-a4051e66c683",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-911-kms_cmk_not_scheduled_for_deletion"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.DescribeKey_1.json
new file mode 100644
index 000000000..b38081575
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.DescribeKey_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyMetadata": {
+            "AWSAccountId": "111111111111",
+            "KeyId": "53b5cbbb-4357-402a-9b38-4948ceec5549",
+            "Arn": "arn:aws:kms:us-east-1:111111111111:key/53b5cbbb-4357-402a-9b38-4948ceec5549",
+            "CreationDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 4,
+                "hour": 9,
+                "minute": 41,
+                "second": 52,
+                "microsecond": 338000
+            },
+            "Enabled": false,
+            "Description": "Key to encrypt and decrypt secret parameters",
+            "KeyUsage": "ENCRYPT_DECRYPT",
+            "KeyState": "PendingDeletion",
+            "DeletionDate": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 10,
+                "day": 11,
+                "hour": 9,
+                "minute": 59,
+                "second": 42,
+                "microsecond": 612000
+            },
+            "Origin": "AWS_KMS",
+            "KeyManager": "CUSTOMER",
+            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+            "KeySpec": "SYMMETRIC_DEFAULT",
+            "EncryptionAlgorithms": [
+                "SYMMETRIC_DEFAULT"
+            ],
+            "MultiRegion": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..e50fb444a
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListKeys_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListKeys_1.json
new file mode 100644
index 000000000..6297113d1
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/kms.ListKeys_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "Keys": [
+            {
+                "KeyId": "53b5cbbb-4357-402a-9b38-4948ceec5549",
+                "KeyArn": "arn:aws:kms:us-east-1:111111111111:key/53b5cbbb-4357-402a-9b38-4948ceec5549"
+            }
+        ],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..9ed428dbf
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kms:us-east-1:111111111111:key/53b5cbbb-4357-402a-9b38-4948ceec5549",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-911-kms_cmk_not_scheduled_for_deletion"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red_policy_test.py b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red_policy_test.py
new file mode 100644
index 000000000..b0aac779d
--- /dev/null
+++ b/tests/ecc-aws-911-kms_cmk_not_scheduled_for_deletion/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['KeyState'], 'PendingDeletion')
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_1.json b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_1.json
new file mode 100644
index 000000000..33aa1f0a7
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "766791d9-db18-4695-a1ed-9db48301fb70",
+            "Name": "917_webacl_green",
+            "MetricName": "917WebaclMetricGreen",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [
+                {
+                    "Priority": 1,
+                    "RuleId": "9fa215f5-7c21-4eae-9d9f-775396d472f1",
+                    "OverrideAction": {
+                        "Type": "NONE"
+                    },
+                    "Type": "GROUP"
+                }
+            ],
+            "WebACLArn": "arn:aws:waf::111111111111:webacl/766791d9-db18-4695-a1ed-9db48301fb70"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_2.json b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_2.json
new file mode 100644
index 000000000..1a3c0283b
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.GetWebACL_2.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "ae50bf89-0057-4a9d-9860-b7d4c5d5c686",
+            "Name": "917_webacl_green2",
+            "MetricName": "917WebaclMetricGreen2",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [
+                {
+                    "Priority": 1,
+                    "RuleId": "e937f7e8-f514-4e3a-89af-73397cd88b31",
+                    "Action": {
+                        "Type": "ALLOW"
+                    },
+                    "Type": "REGULAR"
+                }
+            ],
+            "WebACLArn": "arn:aws:waf::111111111111:webacl/ae50bf89-0057-4a9d-9860-b7d4c5d5c686"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.ListWebACLs_1.json b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.ListWebACLs_1.json
new file mode 100644
index 000000000..7b6aa01bd
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-green/waf.ListWebACLs_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACLs": [
+            {
+                "WebACLId": "766791d9-db18-4695-a1ed-9db48301fb70",
+                "Name": "917_webacl_green"
+            },
+            {
+                "WebACLId": "ae50bf89-0057-4a9d-9860-b7d4c5d5c686",
+                "Name": "917_webacl_green2"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.GetWebACL_1.json b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.GetWebACL_1.json
new file mode 100644
index 000000000..b78819698
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.GetWebACL_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "811fa220-5703-44f8-b3ba-77e69853a0af",
+            "Name": "917_webacl_red",
+            "MetricName": "917WebaclMetricRed",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [],
+            "WebACLArn": "arn:aws:waf::111111111111:webacl/811fa220-5703-44f8-b3ba-77e69853a0af"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.ListWebACLs_1.json b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.ListWebACLs_1.json
new file mode 100644
index 000000000..bbcc2895a
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/placebo-red/waf.ListWebACLs_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACLs": [
+            {
+                "WebACLId": "811fa220-5703-44f8-b3ba-77e69853a0af",
+                "Name": "917_webacl_red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-917-waf_global_webacl_not_empty/red_policy_test.py b/tests/ecc-aws-917-waf_global_webacl_not_empty/red_policy_test.py
new file mode 100644
index 000000000..09bb114bb
--- /dev/null
+++ b/tests/ecc-aws-917-waf_global_webacl_not_empty/red_policy_test.py
@@ -0,0 +1,8 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        acl_id = resources[0]['WebACLId']
+        waf_client = local_session.client("waf").get_web_acl(WebACLId=acl_id)
+        base_test.assertFalse(waf_client["WebACL"]["Rules"])
+        
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..3990297c8
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/c0c11626-3990-4e29-962a-d2d347fad4cd",
+            "DomainName": "examplegreen.com",
+            "SubjectAlternativeNames": [
+                "examplegreen.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplegreen.com",
+                    "ValidationDomain": "examplegreen.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_d8ba774c444ecbf83c45dd0c1ad8352b.examplegreen.com.",
+                        "Type": "CNAME",
+                        "Value": "_33107ea6f9af7f4c0f1c11ba96e82878.xgxxrgwpcb.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=examplegreen.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 15,
+                "hour": 9,
+                "minute": 3,
+                "second": 28,
+                "microsecond": 195000
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "ENABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..0e639e843
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/c0c11626-3990-4e29-962a-d2d347fad4cd",
+                "DomainName": "examplegreen.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..0244cb736
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/c0c11626-3990-4e29-962a-d2d347fad4cd",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-922-acm_certificate_transparency_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..f66bba505
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,49 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/addab542-0b60-40cb-b089-2c2b50f0162f",
+            "DomainName": "examplered.com",
+            "SubjectAlternativeNames": [
+                "examplered.com"
+            ],
+            "DomainValidationOptions": [
+                {
+                    "DomainName": "examplered.com",
+                    "ValidationDomain": "examplered.com",
+                    "ValidationStatus": "PENDING_VALIDATION",
+                    "ResourceRecord": {
+                        "Name": "_acec75d5bedf50a88b44bbd4c9042425.examplered.com.",
+                        "Type": "CNAME",
+                        "Value": "_bc713a33248b5aa71ed51eddce94179d.xgxxrgwpcb.acm-validations.aws."
+                    },
+                    "ValidationMethod": "DNS"
+                }
+            ],
+            "Subject": "CN=examplered.com",
+            "Issuer": "Amazon",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 15,
+                "hour": 9,
+                "minute": 7,
+                "second": 42,
+                "microsecond": 669000
+            },
+            "Status": "PENDING_VALIDATION",
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "AMAZON_ISSUED",
+            "KeyUsages": [],
+            "ExtendedKeyUsages": [],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..94df06ac7
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/addab542-0b60-40cb-b089-2c2b50f0162f",
+                "DomainName": "examplered.com"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..4fca3d25c
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/addab542-0b60-40cb-b089-2c2b50f0162f",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-922-acm_certificate_transparency_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/red_policy_test.py b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..3037a35a1
--- /dev/null
+++ b/tests/ecc-aws-922-acm_certificate_transparency_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Options']['CertificateTransparencyLoggingPreference'], 'DISABLED')
\ No newline at end of file
diff --git a/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..a512df83e
--- /dev/null
+++ b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,210 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 5,
+            "Items": [
+                {
+                    "Id": "E1LFV1SQM12QNE",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E1LFV1SQM12QNE",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 9,
+                        "day": 27,
+                        "hour": 12,
+                        "minute": 24,
+                        "second": 57,
+                        "microsecond": 770000
+                    },
+                    "DomainName": "d1wiqbu7b4wwuj.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "ec2-3-95-178-158.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "https-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "https-only",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "PathPattern": "/content/*",
+                                "TargetOriginId": "myEC2Origin",
+                                "TrustedSigners": {
+                                    "Enabled": false,
+                                    "Quantity": 0
+                                },
+                                "TrustedKeyGroups": {
+                                    "Enabled": false,
+                                    "Quantity": 0
+                                },
+                                "ViewerProtocolPolicy": "redirect-to-https",
+                                "AllowedMethods": {
+                                    "Quantity": 3,
+                                    "Items": [
+                                        "HEAD",
+                                        "GET",
+                                        "OPTIONS"
+                                    ],
+                                    "CachedMethods": {
+                                        "Quantity": 3,
+                                        "Items": [
+                                            "HEAD",
+                                            "GET",
+                                            "OPTIONS"
+                                        ]
+                                    }
+                                },
+                                "SmoothStreaming": false,
+                                "Compress": true,
+                                "LambdaFunctionAssociations": {
+                                    "Quantity": 0
+                                },
+                                "FunctionAssociations": {
+                                    "Quantity": 0
+                                },
+                                "FieldLevelEncryptionId": "",
+                                "ForwardedValues": {
+                                    "QueryString": false,
+                                    "Cookies": {
+                                        "Forward": "none"
+                                    },
+                                    "Headers": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "Origin"
+                                        ]
+                                    },
+                                    "QueryStringCacheKeys": {
+                                        "Quantity": 0
+                                    }
+                                },
+                                "MinTTL": 0,
+                                "DefaultTTL": 86400,
+                                "MaxTTL": 31536000
+                            }
+                        ]
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "US",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..1c36b4dad
--- /dev/null
+++ b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E1LFV1SQM12QNE",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-938-cloudfront_encryption_in_transit"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..2dddcadf5
--- /dev/null
+++ b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,210 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 5,
+            "Items": [
+                {
+                    "Id": "E1X0H1C4VB45I8",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E1X0H1C4VB45I8",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2022,
+                        "month": 9,
+                        "day": 27,
+                        "hour": 12,
+                        "minute": 35,
+                        "second": 50,
+                        "microsecond": 713000
+                    },
+                    "DomainName": "d17a6dgwvz433d.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myEC2Origin",
+                                "DomainName": "ec2-34-207-234-221.compute-1.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "CustomOriginConfig": {
+                                    "HTTPPort": 80,
+                                    "HTTPSPort": 443,
+                                    "OriginProtocolPolicy": "https-only",
+                                    "OriginSslProtocols": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "TLSv1"
+                                        ]
+                                    },
+                                    "OriginReadTimeout": 30,
+                                    "OriginKeepaliveTimeout": 5
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myEC2Origin",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 3600,
+                        "MaxTTL": 86400
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "PathPattern": "/content/*",
+                                "TargetOriginId": "myEC2Origin",
+                                "TrustedSigners": {
+                                    "Enabled": false,
+                                    "Quantity": 0
+                                },
+                                "TrustedKeyGroups": {
+                                    "Enabled": false,
+                                    "Quantity": 0
+                                },
+                                "ViewerProtocolPolicy": "allow-all",
+                                "AllowedMethods": {
+                                    "Quantity": 3,
+                                    "Items": [
+                                        "HEAD",
+                                        "GET",
+                                        "OPTIONS"
+                                    ],
+                                    "CachedMethods": {
+                                        "Quantity": 3,
+                                        "Items": [
+                                            "HEAD",
+                                            "GET",
+                                            "OPTIONS"
+                                        ]
+                                    }
+                                },
+                                "SmoothStreaming": false,
+                                "Compress": true,
+                                "LambdaFunctionAssociations": {
+                                    "Quantity": 0
+                                },
+                                "FunctionAssociations": {
+                                    "Quantity": 0
+                                },
+                                "FieldLevelEncryptionId": "",
+                                "ForwardedValues": {
+                                    "QueryString": false,
+                                    "Cookies": {
+                                        "Forward": "none"
+                                    },
+                                    "Headers": {
+                                        "Quantity": 1,
+                                        "Items": [
+                                            "Origin"
+                                        ]
+                                    },
+                                    "QueryStringCacheKeys": {
+                                        "Quantity": 0
+                                    }
+                                },
+                                "MinTTL": 0,
+                                "DefaultTTL": 86400,
+                                "MaxTTL": 31536000
+                            }
+                        ]
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "GB",
+                                "US",
+                                "DE",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..9e4743800
--- /dev/null
+++ b/tests/ecc-aws-938-cloudfront_encryption_in_transit/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E1X0H1C4VB45I8",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-938-cloudfront_encryption_in_transit"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-938-cloudfront_encryption_in_transit/red_policy_test.py b/tests/ecc-aws-938-cloudfront_encryption_in_transit/red_policy_test.py
new file mode 100644
index 000000000..f50bfa657
--- /dev/null
+++ b/tests/ecc-aws-938-cloudfront_encryption_in_transit/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['DefaultCacheBehavior']['ViewerProtocolPolicy'], 'allow-all')
\ No newline at end of file
diff --git a/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/ec2.GetEbsEncryptionByDefault_1.json b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/ec2.GetEbsEncryptionByDefault_1.json
new file mode 100644
index 000000000..5e1813654
--- /dev/null
+++ b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/ec2.GetEbsEncryptionByDefault_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "EbsEncryptionByDefault": true,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-green/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/ec2.GetEbsEncryptionByDefault_1.json b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/ec2.GetEbsEncryptionByDefault_1.json
new file mode 100644
index 000000000..e8412d839
--- /dev/null
+++ b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/ec2.GetEbsEncryptionByDefault_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "EbsEncryptionByDefault": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/iam.ListAccountAliases_1.json
new file mode 100644
index 000000000..3b408e3eb
--- /dev/null
+++ b/tests/ecc-aws-939-ebs_default_encryption_enabled/placebo-red/iam.ListAccountAliases_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "AccountAliases": [
+            "test"
+        ],
+        "IsTruncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-939-ebs_default_encryption_enabled/red_policy_test.py b/tests/ecc-aws-939-ebs_default_encryption_enabled/red_policy_test.py
new file mode 100644
index 000000000..1bf9d0dd6
--- /dev/null
+++ b/tests/ecc-aws-939-ebs_default_encryption_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(local_session.client("ec2").get_ebs_encryption_by_default()['EbsEncryptionByDefault'])
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green_policy_test.py b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green_policy_test.py
new file mode 100644
index 000000000..65fb23123
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2023, 1, 16
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.DescribeCertificate_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..03af69606
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.DescribeCertificate_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/f8cdefd4-2290-42f4-a3ed-a05877c181e8",
+            "SubjectAlternativeNames": [],
+            "Serial": "cb:d2:f4:76:da:c9:92:14:b8:ee:f4:f2:04:64:9a:3c",
+            "Subject": "O=ACME Examples\\, Inc,CN=example_green.com",
+            "Issuer": "ACME Examples\\, Inc",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 55,
+                "microsecond": 780000
+            },
+            "ImportedAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 55,
+                "microsecond": 790000
+            },
+            "Status": "ISSUED",
+            "NotBefore": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 54,
+                "microsecond": 0
+            },
+            "NotAfter": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 2,
+                "day": 18,
+                "hour": 16,
+                "minute": 52,
+                "second": 54,
+                "microsecond": 0
+            },
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "IMPORTED",
+            "KeyUsages": [
+                {
+                    "Name": "DIGITAL_SIGNATURE"
+                },
+                {
+                    "Name": "KEY_ENCIPHERMENT"
+                }
+            ],
+            "ExtendedKeyUsages": [
+                {
+                    "Name": "TLS_WEB_SERVER_AUTHENTICATION",
+                    "OID": "1.3.6.1.5.5.7.3.1"
+                }
+            ],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.ListCertificates_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.ListCertificates_1.json
new file mode 100644
index 000000000..d11b1475b
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/acm.ListCertificates_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/f8cdefd4-2290-42f4-a3ed-a05877c181e8"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..d7f6b6daf
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/f8cdefd4-2290-42f4-a3ed-a05877c181e8",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-948-imported_and_acm_certificates_expire_in_one_month"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.DescribeCertificate_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.DescribeCertificate_1.json
new file mode 100644
index 000000000..2987582ed
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.DescribeCertificate_1.json
@@ -0,0 +1,76 @@
+{
+    "status_code": 200,
+    "data": {
+        "Certificate": {
+            "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/9ce9c801-b6bc-4e26-b77a-914a893b241c",
+            "SubjectAlternativeNames": [],
+            "Serial": "4e:ce:5a:3d:2d:f1:76:ca:3a:72:39:0f:3d:5e:b9:cb",
+            "Subject": "O=ACME Examples\\, Inc,CN=example_red.com",
+            "Issuer": "ACME Examples\\, Inc",
+            "CreatedAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 31,
+                "microsecond": 110000
+            },
+            "ImportedAt": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 31,
+                "microsecond": 121000
+            },
+            "Status": "ISSUED",
+            "NotBefore": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 16,
+                "hour": 8,
+                "minute": 52,
+                "second": 29,
+                "microsecond": 0
+            },
+            "NotAfter": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 1,
+                "day": 18,
+                "hour": 8,
+                "minute": 52,
+                "second": 29,
+                "microsecond": 0
+            },
+            "KeyAlgorithm": "RSA-2048",
+            "SignatureAlgorithm": "SHA256WITHRSA",
+            "InUseBy": [],
+            "Type": "IMPORTED",
+            "KeyUsages": [
+                {
+                    "Name": "DIGITAL_SIGNATURE"
+                },
+                {
+                    "Name": "KEY_ENCIPHERMENT"
+                }
+            ],
+            "ExtendedKeyUsages": [
+                {
+                    "Name": "TLS_WEB_SERVER_AUTHENTICATION",
+                    "OID": "1.3.6.1.5.5.7.3.1"
+                }
+            ],
+            "RenewalEligibility": "INELIGIBLE",
+            "Options": {
+                "CertificateTransparencyLoggingPreference": "DISABLED"
+            }
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.ListCertificates_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.ListCertificates_1.json
new file mode 100644
index 000000000..909ac47cb
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/acm.ListCertificates_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 200,
+    "data": {
+        "CertificateSummaryList": [
+            {
+                "CertificateArn": "arn:aws:acm:us-east-1:111111111111:certificate/9ce9c801-b6bc-4e26-b77a-914a893b241c"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f66f0583a
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:acm:us-east-1:111111111111:certificate/9ce9c801-b6bc-4e26-b77a-914a893b241c",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-948-imported_and_acm_certificates_expire_in_one_month"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red_policy_test.py b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red_policy_test.py
new file mode 100644
index 000000000..d47b5b863
--- /dev/null
+++ b/tests/ecc-aws-948-imported_and_acm_certificates_expire_in_one_month/red_policy_test.py
@@ -0,0 +1,13 @@
+from datetime import datetime, timedelta, date
+
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+
+        ExparationDate=datetime.fromisoformat(str(resources[0]['NotAfter']))
+        ExparationDate = datetime.strptime(str(ExparationDate)[:-6], "%Y-%m-%d %H:%M:%S")
+        time_now = datetime.now()
+        time_now=datetime.strptime(str(time_now)[:19], "%Y-%m-%d %H:%M:%S")
+        datatimein30=time_now+timedelta(days=30)
+        base_test.assertTrue(ExparationDate<datatimein30)
diff --git a/tests/ecc-aws-949-key_pair_without_tag_information/placebo-green/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-949-key_pair_without_tag_information/placebo-green/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..80e360876
--- /dev/null
+++ b/tests/ecc-aws-949-key_pair_without_tag_information/placebo-green/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,24 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [
+            {
+                "KeyPairId": "key-0d34e52635ebd6edd",
+                "KeyFingerprint": "86:dd:69:44:b9:9f:96:dd:1b:92:87:dd:ad:0a:17:b6",
+                "KeyName": "keypair949green",
+                "KeyType": "rsa",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-949-key_pair_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-949-key_pair_without_tag_information/placebo-red/ec2.DescribeKeyPairs_1.json b/tests/ecc-aws-949-key_pair_without_tag_information/placebo-red/ec2.DescribeKeyPairs_1.json
new file mode 100644
index 000000000..23ab4bfca
--- /dev/null
+++ b/tests/ecc-aws-949-key_pair_without_tag_information/placebo-red/ec2.DescribeKeyPairs_1.json
@@ -0,0 +1,15 @@
+{
+    "status_code": 200,
+    "data": {
+        "KeyPairs": [
+            {
+                "KeyPairId": "key-06344e00288a88514",
+                "KeyFingerprint": "5a:3b:bd:c7:0a:05:0b:f6:60:9a:4d:db:ca:e0:a5:17",
+                "KeyName": "keypair949red",
+                "KeyType": "rsa",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-949-key_pair_without_tag_information/red_policy_test.py b/tests/ecc-aws-949-key_pair_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..22eb91c22
--- /dev/null
+++ b/tests/ecc-aws-949-key_pair_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-950-autoscaling_launch_template/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-950-autoscaling_launch_template/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..9ef2228ec
--- /dev/null
+++ b/tests/ecc-aws-950-autoscaling_launch_template/placebo-green/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,48 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "terraform-20230105160825212900000003",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:a6666629-78da-4df0-ab18-d208da46fe75:autoScalingGroupName/terraform-20230105160825212900000003",
+                "LaunchTemplate": {
+                    "LaunchTemplateId": "lt-089038a6deb97cd0e",
+                    "LaunchTemplateName": "950_launch_template_green20230105160823661500000001",
+                    "Version": "$Latest"
+                },
+                "MinSize": 0,
+                "MaxSize": 0,
+                "DesiredCapacity": 0,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "ELB",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 16,
+                    "minute": 8,
+                    "second": 27,
+                    "microsecond": 460000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-950-autoscaling_launch_template/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json b/tests/ecc-aws-950-autoscaling_launch_template/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
new file mode 100644
index 000000000..375efb929
--- /dev/null
+++ b/tests/ecc-aws-950-autoscaling_launch_template/placebo-red/autoscaling.DescribeAutoScalingGroups_1.json
@@ -0,0 +1,96 @@
+{
+    "status_code": 200,
+    "data": {
+        "AutoScalingGroups": [
+            {
+                "AutoScalingGroupName": "terraform-20230105161356282000000001",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:7bde6280-694d-4d69-8be4-6b345fad0977:autoScalingGroupName/terraform-20230105161356282000000001",
+                "LaunchConfigurationName": "950_launch_configuration_red20230105161224049700000001",
+                "MinSize": 0,
+                "MaxSize": 0,
+                "DesiredCapacity": 0,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "ELB",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 16,
+                    "minute": 13,
+                    "second": 57,
+                    "microsecond": 348000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            },
+            {
+                "AutoScalingGroupName": "terraform-20230105170734202700000004",
+                "AutoScalingGroupARN": "arn:aws:autoscaling:us-east-1:111111111111:autoScalingGroup:22e55654-19b5-42e5-8d9e-f141cc8c9612:autoScalingGroupName/terraform-20230105170734202700000004",
+                "MixedInstancesPolicy": {
+                    "LaunchTemplate": {
+                        "LaunchTemplateSpecification": {
+                            "LaunchTemplateId": "lt-0fb04448710485607",
+                            "LaunchTemplateName": "950_launch_template_green120230105170732563800000002",
+                            "Version": "$Default"
+                        },
+                        "Overrides": []
+                    },
+                    "InstancesDistribution": {
+                        "OnDemandAllocationStrategy": "prioritized",
+                        "OnDemandBaseCapacity": 0,
+                        "OnDemandPercentageAboveBaseCapacity": 100,
+                        "SpotAllocationStrategy": "lowest-price",
+                        "SpotInstancePools": 2
+                    }
+                },
+                "MinSize": 0,
+                "MaxSize": 0,
+                "DesiredCapacity": 0,
+                "DefaultCooldown": 300,
+                "AvailabilityZones": [
+                    "us-east-1a"
+                ],
+                "LoadBalancerNames": [],
+                "TargetGroupARNs": [],
+                "HealthCheckType": "EC2",
+                "HealthCheckGracePeriod": 300,
+                "Instances": [],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 17,
+                    "minute": 7,
+                    "second": 36,
+                    "microsecond": 681000
+                },
+                "SuspendedProcesses": [],
+                "VPCZoneIdentifier": "",
+                "EnabledMetrics": [],
+                "Tags": [],
+                "TerminationPolicies": [
+                    "Default"
+                ],
+                "NewInstancesProtectedFromScaleIn": false,
+                "ServiceLinkedRoleARN": "arn:aws:iam::111111111111:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-950-autoscaling_launch_template/red_policy_test.py b/tests/ecc-aws-950-autoscaling_launch_template/red_policy_test.py
new file mode 100644
index 000000000..03d1b983d
--- /dev/null
+++ b/tests/ecc-aws-950-autoscaling_launch_template/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn('LaunchConfigurationName', resources[0]) 
+
diff --git a/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..9d32a3e61
--- /dev/null
+++ b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,73 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "951-elb-http-green",
+                "DNSName": "951-elb-http-green-1139905971.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "951-elb-http-green-1139905971.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "SSL",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "TCP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:acm:us-east-1:111111111111:certificate/19871a09-2871-4ab4-989b-802ad479023b"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 8,
+                    "minute": 31,
+                    "second": 59,
+                    "microsecond": 690000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..115a8ae83
--- /dev/null
+++ b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/951-elb-http-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-951-clb_acm_certificate_required"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
new file mode 100644
index 000000000..cc67b453d
--- /dev/null
+++ b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/elasticloadbalancing.DescribeLoadBalancers_1.json
@@ -0,0 +1,73 @@
+{
+    "status_code": 200,
+    "data": {
+        "LoadBalancerDescriptions": [
+            {
+                "LoadBalancerName": "951-elb-http-red",
+                "DNSName": "951-elb-http-red-1249027448.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneName": "951-elb-http-red-1249027448.us-east-1.elb.amazonaws.com",
+                "CanonicalHostedZoneNameID": "Z35SXDOTRQ7X7K",
+                "ListenerDescriptions": [
+                    {
+                        "Listener": {
+                            "Protocol": "SSL",
+                            "LoadBalancerPort": 443,
+                            "InstanceProtocol": "TCP",
+                            "InstancePort": 8000,
+                            "SSLCertificateId": "arn:aws:iam::111111111111:server-certificate/951_server_certificate_red"
+                        },
+                        "PolicyNames": [
+                            "ELBSecurityPolicy-2016-08"
+                        ]
+                    }
+                ],
+                "Policies": {
+                    "AppCookieStickinessPolicies": [],
+                    "LBCookieStickinessPolicies": [],
+                    "OtherPolicies": [
+                        "ELBSecurityPolicy-2016-08"
+                    ]
+                },
+                "BackendServerDescriptions": [],
+                "AvailabilityZones": [
+                    "us-east-1c",
+                    "us-east-1b",
+                    "us-east-1a"
+                ],
+                "Subnets": [
+                    "subnet-8158d8de",
+                    "subnet-b045c2d6",
+                    "subnet-cd7af8ec"
+                ],
+                "VPCId": "vpc-ad9744d0",
+                "Instances": [],
+                "HealthCheck": {
+                    "Target": "TCP:8000",
+                    "Interval": 30,
+                    "Timeout": 5,
+                    "UnhealthyThreshold": 2,
+                    "HealthyThreshold": 10
+                },
+                "SourceSecurityGroup": {
+                    "OwnerAlias": "111111111111",
+                    "GroupName": "default_elb_fc2f8b95-5e14-38b7-80f6-2259e106c533"
+                },
+                "SecurityGroups": [
+                    "sg-0146f21282b80644b"
+                ],
+                "CreatedTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 5,
+                    "hour": 9,
+                    "minute": 39,
+                    "second": 1,
+                    "microsecond": 780000
+                },
+                "Scheme": "internet-facing"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..ed7945e5e
--- /dev/null
+++ b/tests/ecc-aws-951-clb_acm_certificate_required/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:elasticloadbalancing:us-east-1:111111111111:loadbalancer/951-elb-http-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-951-clb_acm_certificate_required"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-951-clb_acm_certificate_required/red_policy_test.py b/tests/ecc-aws-951-clb_acm_certificate_required/red_policy_test.py
new file mode 100644
index 000000000..4ce506247
--- /dev/null
+++ b/tests/ecc-aws-951-clb_acm_certificate_required/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['ListenerDescriptions'][0]['Listener']['Protocol'], 'SSL') 
+        base_test.assertRegexpMatches(resources[0]['ListenerDescriptions'][0]['Listener']['SSLCertificateId'], '^arn:aws:iam::.*$' ) 
diff --git a/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/lambda.ListFunctions_1.json b/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..84b71744e
--- /dev/null
+++ b/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "953_lambda_green",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:953_lambda_green",
+                "Runtime": "python3.8",
+                "Role": "arn:aws:iam::111111111111:role/953_role_green",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-12-19T11:52:58.921+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "d05a42c7-9a54-4e88-bd5f-388a448d84d9",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..74674c6e1
--- /dev/null
+++ b/tests/ecc-aws-953-lambda_function_settings_check/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:953_lambda_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-953-lambda_function_settings_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/lambda.ListFunctions_1.json b/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/lambda.ListFunctions_1.json
new file mode 100644
index 000000000..6a43cd668
--- /dev/null
+++ b/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/lambda.ListFunctions_1.json
@@ -0,0 +1,30 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Functions": [
+            {
+                "FunctionName": "953_lambda_red",
+                "FunctionArn": "arn:aws:lambda:us-east-1:111111111111:function:953_lambda_red",
+                "Runtime": "python2.7",
+                "Role": "arn:aws:iam::111111111111:role/953_role_red",
+                "Handler": "func.py",
+                "CodeSize": 299,
+                "Description": "",
+                "Timeout": 3,
+                "MemorySize": 128,
+                "LastModified": "2022-12-19T11:52:58.921+0000",
+                "CodeSha256": "wVKxCuS3+QGJFX662+Zi8SIwlKE7zm6222zpZo7SFHI=",
+                "Version": "$LATEST",
+                "TracingConfig": {
+                    "Mode": "PassThrough"
+                },
+                "RevisionId": "d05a42c7-9a54-4e88-bd5f-388a448d84d9",
+                "PackageType": "Zip",
+                "Architectures": [
+                    "x86_64"
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..035fdbb78
--- /dev/null
+++ b/tests/ecc-aws-953-lambda_function_settings_check/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:lambda:us-east-1:111111111111:function:953_lambda_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-953-lambda_function_settings_check"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-953-lambda_function_settings_check/red_policy_test.py b/tests/ecc-aws-953-lambda_function_settings_check/red_policy_test.py
new file mode 100644
index 000000000..00571d6eb
--- /dev/null
+++ b/tests/ecc-aws-953-lambda_function_settings_check/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        print(resources[0]['Runtime'])
+        base_test.assertEqual(resources[0]['Runtime'], "python2.7")
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..883a62751
--- /dev/null
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,71 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/955_ecs_task_definition_green:2",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "user": "test",
+                    "privileged": false
+                }
+            ],
+            "family": "955_ecs_task_definition_green",
+            "networkMode": "awsvpc",
+            "revision": 2,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                },
+                {
+                    "name": "ecs.capability.task-eni"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EC2",
+                "FARGATE"
+            ],
+            "requiresCompatibilities": [
+                "FARGATE"
+            ],
+            "cpu": "256",
+            "memory": "512",
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 16,
+                "hour": 12,
+                "minute": 7,
+                "second": 41,
+                "microsecond": 555000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-955-ecs_containers_nonprivileged"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..fa0173e82
--- /dev/null
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/955_ecs_task_definition_green:2"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
new file mode 100644
index 000000000..c1c5256e4
--- /dev/null
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -0,0 +1,71 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinition": {
+            "taskDefinitionArn": "arn:aws:ecs:us-east-1:111111111111:task-definition/955_ecs_task_definition_red:2",
+            "containerDefinitions": [
+                {
+                    "name": "mysql",
+                    "image": "mysql",
+                    "cpu": 1,
+                    "memory": 5,
+                    "portMappings": [],
+                    "essential": true,
+                    "environment": [],
+                    "mountPoints": [],
+                    "volumesFrom": [],
+                    "user": "test",
+                    "privileged": true
+                }
+            ],
+            "family": "955_ecs_task_definition_red",
+            "networkMode": "awsvpc",
+            "revision": 2,
+            "volumes": [],
+            "status": "ACTIVE",
+            "requiresAttributes": [
+                {
+                    "name": "com.amazonaws.ecs.capability.privileged-container"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
+                },
+                {
+                    "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
+                },
+                {
+                    "name": "ecs.capability.task-eni"
+                }
+            ],
+            "placementConstraints": [],
+            "compatibilities": [
+                "EC2"
+            ],
+            "requiresCompatibilities": [
+                "EC2"
+            ],
+            "registeredAt": {
+                "__class__": "datetime",
+                "year": 2022,
+                "month": 12,
+                "day": 16,
+                "hour": 11,
+                "minute": 53,
+                "second": 57,
+                "microsecond": 982000
+            },
+            "registeredBy": "arn:aws:iam::111111111111:user/test"
+        },
+        "tags": [
+            {
+                "key": "CustodianRule",
+                "Value": "ecc-aws-955-ecs_containers_nonprivileged"
+            },
+            {
+                "key": "ComplianceStatus",
+                "value": "Red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.ListTaskDefinitions_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.ListTaskDefinitions_1.json
new file mode 100644
index 000000000..b3e6dafb3
--- /dev/null
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.ListTaskDefinitions_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "taskDefinitionArns": [
+            "arn:aws:ecs:us-east-1:111111111111:task-definition/955_ecs_task_definition_red:2"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/red_policy_test.py b/tests/ecc-aws-955-ecs_containers_nonprivileged/red_policy_test.py
new file mode 100644
index 000000000..ee6a42852
--- /dev/null
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['networkMode'], 'host')
+        base_test.assertEqual(resources[0]['containerDefinitions'][0]['privileged'], True)
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..64be0f057
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E2MZ3QIYUC08W3",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E2MZ3QIYUC08W3",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 1,
+                        "day": 6,
+                        "hour": 15,
+                        "minute": 10,
+                        "second": 13,
+                        "microsecond": 457000
+                    },
+                    "DomainName": "d39y2b6z8xprub.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "originId958",
+                                "DomainName": "bucket-958-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "originId958",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 5,
+                            "Items": [
+                                "GB",
+                                "DE",
+                                "UA",
+                                "US",
+                                "CA"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..9c6c0b980
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-958-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 14,
+                    "minute": 9,
+                    "second": 47,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8fab43ad8
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E2MZ3QIYUC08W3",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-958-cloudfront_s3_origin_non_existent_bucket"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..b5a8207f9
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,143 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 1,
+            "Items": [
+                {
+                    "Id": "E371HG4EXIW30T",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E371HG4EXIW30T",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 1,
+                        "day": 6,
+                        "hour": 16,
+                        "minute": 26,
+                        "second": 2,
+                        "microsecond": 954000
+                    },
+                    "DomainName": "d3eabc6e2p9q9y.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "originId958",
+                                "DomainName": "no-bucket-958-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                }
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "originId958",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 5,
+                            "Items": [
+                                "UA",
+                                "CA",
+                                "GB",
+                                "DE",
+                                "US"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..3b19bc324
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-958-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 6,
+                    "hour": 15,
+                    "minute": 18,
+                    "second": 17,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "111111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..d08b62497
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E371HG4EXIW30T",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-958-cloudfront_s3_origin_non_existent_bucket"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red_policy_test.py b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red_policy_test.py
new file mode 100644
index 000000000..e6ac008b7
--- /dev/null
+++ b/tests/ecc-aws-958-cloudfront_s3_origin_non_existent_bucket/red_policy_test.py
@@ -0,0 +1,10 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("CustomOriginConfig",resources[0]["Origins"]["Items"][0])
+        s3_bucket_name = resources[0]["Origins"]["Items"][0]["DomainName"].split(".")
+        s3_bucket_name=s3_bucket_name[0]
+        s3_client = local_session.client("s3").list_buckets()['Buckets']
+        for bucket in s3_client:
+          base_test.assertNotEqual(s3_bucket_name,bucket['Name'])
\ No newline at end of file
diff --git a/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/cloudfront.ListDistributions_1.json b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..32e646b63
--- /dev/null
+++ b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/cloudfront.ListDistributions_1.json
@@ -0,0 +1,145 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 6,
+            "Items": [
+                {
+                    "Id": "E32QW4GSXIBY13",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/E32QW4GSXIBY13",
+                    "Status": "InProgress",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 4,
+                        "day": 26,
+                        "hour": 9,
+                        "minute": 19,
+                        "second": 32,
+                        "microsecond": 52000
+                    },
+                    "DomainName": "d34fma70iw78wa.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "originId958",
+                                "DomainName": "bucket-958-green.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                },
+                                "OriginAccessControlId": "E31JD71Z863MEU"
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "originId958",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "961_cloudfront_distribution_green",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 5,
+                            "Items": [
+                                "UA",
+                                "CA",
+                                "US",
+                                "GB",
+                                "DE"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false,
+                    "Staging": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..814f5a941
--- /dev/null
+++ b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/E32QW4GSXIBY13",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-961-cloudfront_origin_access_control_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/cloudfront.ListDistributions_1.json b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/cloudfront.ListDistributions_1.json
new file mode 100644
index 000000000..4c2b68fe3
--- /dev/null
+++ b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/cloudfront.ListDistributions_1.json
@@ -0,0 +1,144 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "DistributionList": {
+            "Marker": "",
+            "MaxItems": 100,
+            "IsTruncated": false,
+            "Quantity": 6,
+            "Items": [
+                {
+                    "Id": "EE2CXH8V6W4CF",
+                    "ARN": "arn:aws:cloudfront::111111111111:distribution/EE2CXH8V6W4CF",
+                    "Status": "Deployed",
+                    "LastModifiedTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 4,
+                        "day": 26,
+                        "hour": 7,
+                        "minute": 24,
+                        "second": 19,
+                        "microsecond": 232000
+                    },
+                    "DomainName": "d2fxseimka3os5.cloudfront.net",
+                    "Aliases": {
+                        "Quantity": 0
+                    },
+                    "Origins": {
+                        "Quantity": 1,
+                        "Items": [
+                            {
+                                "Id": "myRedS3",
+                                "DomainName": "bucket-961-red.s3.amazonaws.com",
+                                "OriginPath": "",
+                                "CustomHeaders": {
+                                    "Quantity": 0
+                                },
+                                "S3OriginConfig": {
+                                    "OriginAccessIdentity": ""
+                                },
+                                "ConnectionAttempts": 3,
+                                "ConnectionTimeout": 10,
+                                "OriginShield": {
+                                    "Enabled": false
+                                },
+                                "OriginAccessControlId": ""
+                            }
+                        ]
+                    },
+                    "OriginGroups": {
+                        "Quantity": 0
+                    },
+                    "DefaultCacheBehavior": {
+                        "TargetOriginId": "myRedS3",
+                        "TrustedSigners": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "TrustedKeyGroups": {
+                            "Enabled": false,
+                            "Quantity": 0
+                        },
+                        "ViewerProtocolPolicy": "allow-all",
+                        "AllowedMethods": {
+                            "Quantity": 7,
+                            "Items": [
+                                "HEAD",
+                                "DELETE",
+                                "POST",
+                                "GET",
+                                "OPTIONS",
+                                "PUT",
+                                "PATCH"
+                            ],
+                            "CachedMethods": {
+                                "Quantity": 2,
+                                "Items": [
+                                    "HEAD",
+                                    "GET"
+                                ]
+                            }
+                        },
+                        "SmoothStreaming": false,
+                        "Compress": false,
+                        "LambdaFunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FunctionAssociations": {
+                            "Quantity": 0
+                        },
+                        "FieldLevelEncryptionId": "",
+                        "ForwardedValues": {
+                            "QueryString": false,
+                            "Cookies": {
+                                "Forward": "none"
+                            },
+                            "Headers": {
+                                "Quantity": 0
+                            },
+                            "QueryStringCacheKeys": {
+                                "Quantity": 0
+                            }
+                        },
+                        "MinTTL": 0,
+                        "DefaultTTL": 0,
+                        "MaxTTL": 0
+                    },
+                    "CacheBehaviors": {
+                        "Quantity": 0
+                    },
+                    "CustomErrorResponses": {
+                        "Quantity": 0
+                    },
+                    "Comment": "961_cloudfront_distribution_red",
+                    "PriceClass": "PriceClass_All",
+                    "Enabled": true,
+                    "ViewerCertificate": {
+                        "CloudFrontDefaultCertificate": true,
+                        "SSLSupportMethod": "vip",
+                        "MinimumProtocolVersion": "TLSv1",
+                        "CertificateSource": "cloudfront"
+                    },
+                    "Restrictions": {
+                        "GeoRestriction": {
+                            "RestrictionType": "whitelist",
+                            "Quantity": 4,
+                            "Items": [
+                                "CA",
+                                "DE",
+                                "GB",
+                                "US"
+                            ]
+                        }
+                    },
+                    "WebACLId": "",
+                    "HttpVersion": "HTTP2",
+                    "IsIPV6Enabled": false,
+                    "Staging": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..753a690b1
--- /dev/null
+++ b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudfront::111111111111:distribution/EE2CXH8V6W4CF",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-961-cloudfront_origin_access_control_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/red_policy_test.py b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/red_policy_test.py
new file mode 100644
index 000000000..ef8a644c7
--- /dev/null
+++ b/tests/ecc-aws-961-cloudfront_origin_access_control_enabled/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['Origins']['Items'][0], 'CustomOriginConfig')
+        base_test.assertEqual(resources[0]['Origins']['Items'][0]['OriginAccessControlId'], '')
diff --git a/tests/ecc-aws-962-glue_job_latest_version/placebo-green/glue.GetJobs_1.json b/tests/ecc-aws-962-glue_job_latest_version/placebo-green/glue.GetJobs_1.json
new file mode 100644
index 000000000..a3ab0ca15
--- /dev/null
+++ b/tests/ecc-aws-962-glue_job_latest_version/placebo-green/glue.GetJobs_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "962_glue_job_green",
+                "Role": "arn:aws:iam::111111111111:role/962_role_green",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 23,
+                    "hour": 13,
+                    "minute": 9,
+                    "second": 16,
+                    "microsecond": 392000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 23,
+                    "hour": 13,
+                    "minute": 9,
+                    "second": 16,
+                    "microsecond": 392000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-962-green/script",
+                    "PythonVersion": "3"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "WorkerType": "G.1X",
+                "NumberOfWorkers": 10,
+                "GlueVersion": "4.0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-962-glue_job_latest_version/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-962-glue_job_latest_version/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..f72fbc080
--- /dev/null
+++ b/tests/ecc-aws-962-glue_job_latest_version/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/962_glue_job_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-962-glue_job_latest_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-962-glue_job_latest_version/placebo-red/glue.GetJobs_1.json b/tests/ecc-aws-962-glue_job_latest_version/placebo-red/glue.GetJobs_1.json
new file mode 100644
index 000000000..85e9c127b
--- /dev/null
+++ b/tests/ecc-aws-962-glue_job_latest_version/placebo-red/glue.GetJobs_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "962_glue_job_red",
+                "Role": "arn:aws:iam::111111111111:role/962_role_red",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 23,
+                    "hour": 13,
+                    "minute": 7,
+                    "second": 10,
+                    "microsecond": 321000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 1,
+                    "day": 23,
+                    "hour": 13,
+                    "minute": 7,
+                    "second": 10,
+                    "microsecond": 321000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-962-red/script",
+                    "PythonVersion": "3"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "WorkerType": "G.1X",
+                "NumberOfWorkers": 10,
+                "GlueVersion": "3.0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-962-glue_job_latest_version/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-962-glue_job_latest_version/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..f450f7b96
--- /dev/null
+++ b/tests/ecc-aws-962-glue_job_latest_version/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/962_glue_job_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-962-glue_job_latest_version"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-962-glue_job_latest_version/red_policy_test.py b/tests/ecc-aws-962-glue_job_latest_version/red_policy_test.py
new file mode 100644
index 000000000..41ee19746
--- /dev/null
+++ b/tests/ecc-aws-962-glue_job_latest_version/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['GlueVersion'], '3.0')
\ No newline at end of file

From 2dd9819179afbcbe77d29efb32bbb46932f09d19 Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Sat, 17 Jun 2023 16:27:02 +0300
Subject: [PATCH 05/15] github workflow added

---
 .github/workflows/ci.yaml                     |  84 ++++++++++
 .github/workflows/composite-action/action.yml |  22 +++
 .github/workflows/scripts/gcp_common.py       | 134 ++++++++++++++++
 .../workflows/scripts/green_policy_test.py    |   4 +
 .github/workflows/scripts/policy_as_test.py   | 143 ++++++++++++++++++
 tests/.whitelisted_green                      |   0
 tests/.whitelisted_red                        |   0
 7 files changed, 387 insertions(+)
 create mode 100755 .github/workflows/ci.yaml
 create mode 100755 .github/workflows/composite-action/action.yml
 create mode 100755 .github/workflows/scripts/gcp_common.py
 create mode 100755 .github/workflows/scripts/green_policy_test.py
 create mode 100755 .github/workflows/scripts/policy_as_test.py
 create mode 100644 tests/.whitelisted_green
 create mode 100644 tests/.whitelisted_red

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100755
index 000000000..b085622b2
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,84 @@
+name: test-custodian-policies
+on: [push]
+jobs:
+  test_policy_red_flights:
+    runs-on: ubuntu-22.04
+    container: python:3.8
+    steps: 
+      - uses: actions/checkout@v3
+      - uses: ./.github/workflows/composite-action
+      - name: test_policy_red_flights
+        shell: bash
+        run: |
+          cd cloud-custodian
+          python3.8 -m venv .venv && source .venv/bin/activate
+          pip install poetry
+          make install
+          mkdir out
+          RULE_NAMES=$(find ./aws-custodian-policies/tests/ -maxdepth 1 -type d | tail -n +2 | awk -F '/' '{ print $NF }')
+          RED_WHITELISTED_RULE_NAMES=$(cat ./aws-custodian-policies/tests/.whitelisted_red)
+          touch .red_passed .red_failed .whitelisted_red_failed
+          echo "$RULE_NAMES" |
+          while IFS= read -r policy ; do
+          echo "red test $policy executing..."
+
+          mkdir out/$policy
+          cp aws-custodian-policies/tests/$policy/placebo-red/* out/$policy
+          ls out/$policy
+          red_policy_test_file_name="aws-custodian-policies.tests.$policy.red_policy_test"
+          python3 policy_as_test.py test aws-custodian-policies/policies/$policy.yml $red_policy_test_file_name out \
+          && echo $policy >> .red_passed || if [[ $RED_WHITELISTED_RULE_NAMES =~ $policy ]]; \
+          then echo $policy >> .whitelisted_red_failed; else echo $policy >> .red_failed; fi
+          rm -r out/$policy
+          done
+
+          echo "red tests executed"
+          echo "red_passed:"
+          cat .red_passed
+          echo "whitelisted_red_failed:"
+          cat .whitelisted_red_failed
+          echo "red_failed:"
+          cat .red_failed
+          test -s .red_failed && exit 1
+          exit 0
+
+  test_policy_green_flights:
+    runs-on: ubuntu-22.04
+    container: python:3.8
+    steps: 
+      - uses: actions/checkout@v3
+      - uses: ./.github/workflows/composite-action
+      - name: test_policy_green_flights
+        shell: bash
+        run: |
+          cd cloud-custodian
+          python3.8 -m venv .venv && source .venv/bin/activate
+          pip install poetry
+          make install
+          mkdir out
+          RULE_NAMES=$(find ./aws-custodian-policies/tests/ -maxdepth 1 -type d | tail -n +2 | awk -F '/' '{ print $NF }')
+          GREEN_WHITELISTED_RULE_NAMES=$(cat ./aws-custodian-policies/tests/.whitelisted_green)
+          touch .green_passed .green_failed .whitelisted_green_failed
+
+          echo "$RULE_NAMES" |
+          while IFS= read -r policy ; do
+          echo "green test $policy executing..."
+          mkdir out/$policy
+          cp aws-custodian-policies/tests/$policy/placebo-green/* out/$policy
+          ls out/$policy
+          green_policy_test_file_name=$(test -f aws-custodian-policies/tests/$policy/green_policy_test.py && echo "aws-custodian-policies.tests.$policy.green_policy_test" || echo "green_policy_test")
+          python3 policy_as_test.py test aws-custodian-policies/policies/$policy.yml $green_policy_test_file_name out \
+          && echo $policy >> .green_passed || if [[ $GREEN_WHITELISTED_RULE_NAMES =~ $policy ]]; \
+          then echo $policy >> .whitelisted_green_failed; else echo $policy >> .green_failed; fi
+          rm -r out/$policy
+          done
+          
+          echo "green tests executed"
+          echo "green_passed:"
+          cat .green_passed
+          echo "whitelisted_green_failed:"
+          cat .whitelisted_green_failed
+          echo "green_failed:"
+          cat .green_failed
+          test -s .green_failed && exit 1
+          exit 0
diff --git a/.github/workflows/composite-action/action.yml b/.github/workflows/composite-action/action.yml
new file mode 100755
index 000000000..178a504e9
--- /dev/null
+++ b/.github/workflows/composite-action/action.yml
@@ -0,0 +1,22 @@
+name: "Installing cloud-custodian"
+description: "Installing cloud-custodian"
+runs:
+  using: "composite"
+  steps: 
+  - run: |
+      command -v git >/dev/null || ( apt-get update -y && apt-get install git -y )
+      DEFAULT_CORE_BRANCH=main
+      CORE_BRANCH=$GITHUB_BASE_REF
+      echo "CORE_BRANCH = $CORE_BRANCH"
+      CORE_BRANCH=${CORE_BRANCH:-$GITHUB_REF_NAME}
+      echo "CORE_BRANCH = $CORE_BRANCH"
+      if [[ $CORE_BRANCH != "develop" && $CORE_BRANCH != "main" ]]; then CORE_BRANCH=$DEFAULT_CORE_BRANCH; fi
+      echo "Using $CORE_BRANCH in cloud-custodian"
+      echo "Core branch = $CORE_BRANCH"
+      git clone https://github.com/cloud-custodian/cloud-custodian.git --branch $CORE_BRANCH --depth 1
+      mkdir aws-custodian-policies && cp -r policies tests aws-custodian-policies
+      cp -r aws-custodian-policies cloud-custodian
+      cp .github/workflows/scripts/policy_as_test.py cloud-custodian/.
+      cp .github/workflows/scripts/gcp_common.py cloud-custodian/tools/c7n_gcp/tests/.
+      cp .github/workflows/scripts/green_policy_test.py cloud-custodian/.
+    shell: bash
\ No newline at end of file
diff --git a/.github/workflows/scripts/gcp_common.py b/.github/workflows/scripts/gcp_common.py
new file mode 100755
index 000000000..c6955ada0
--- /dev/null
+++ b/.github/workflows/scripts/gcp_common.py
@@ -0,0 +1,134 @@
+# Copyright The Cloud Custodian Authors.
+# SPDX-License-Identifier: Apache-2.0
+
+import functools
+import json
+import os
+import shutil
+
+from pathlib import Path
+
+from c7n.schema import generate
+from c7n.testing import (
+    CustodianTestCore,
+    TestUtils,
+    reset_session_cache,
+    C7N_FUNCTIONAL,
+)
+
+from c7n_gcp.client import Session, LOCAL_THREAD
+
+from tools.c7n_gcp.tests.recorder import (
+    HttpRecorder,
+    HttpReplay,
+    PROJECT_ID,
+)
+
+
+DATA_DIR = os.path.join(os.path.dirname(__file__), 'data', 'flights')
+EVENT_DIR = os.path.join(os.path.dirname(__file__), 'data', 'events')
+
+
+def event_data(fname):
+    with open(os.path.join(EVENT_DIR, fname)) as fh:
+        return json.load(fh)
+
+
+class GoogleFlightRecorder(CustodianTestCore):
+
+    data_dir = Path(__file__).parent.parent / 'tests' / 'data' / 'flights'
+
+    def cleanUp(self):
+        LOCAL_THREAD.http = None
+        return reset_session_cache()
+
+    def record_flight_data(self, test_case, project_id=None):
+        test_dir = os.path.join(self.data_dir, test_case)
+        discovery_dir = os.path.join(self.data_dir, "discovery")
+        self.recording = True
+
+        if os.path.exists(test_dir):
+            shutil.rmtree(test_dir)
+        os.makedirs(test_dir)
+
+        self.addCleanup(self.cleanUp)
+        bound = {'http': HttpRecorder(test_dir, discovery_dir)}
+        if project_id:
+            bound['project_id'] = project_id
+
+        return functools.partial(Session, **bound)
+
+    def replay_flight_data(self, test_case, project_id=None):
+
+        if C7N_FUNCTIONAL:
+            self.recording = True
+            if not project_id:
+                return Session
+            return functools.partial(Session, project_id=project_id)
+
+        if project_id is None:
+            project_id = PROJECT_ID
+
+        test_dir = os.path.join(self.data_dir, test_case)
+        discovery_dir = os.path.join(self.data_dir, "discovery")
+        self.recording = False
+
+        if not os.path.exists(test_dir):
+            raise RuntimeError("Invalid Test Dir for flight data %s" % test_dir)
+
+        self.addCleanup(self.cleanUp)
+        bound = {
+            'http': HttpReplay(test_dir, discovery_dir),
+            'project_id': project_id,
+        }
+        return functools.partial(Session, **bound)
+
+
+class FlightRecorderTest(TestUtils):
+    placebo_dir = DATA_DIR
+
+    def cleanUp(self):
+        LOCAL_THREAD.http = None
+        return super(FlightRecorderTest, self).cleanUp()
+
+    def record_flight_data(self, test_case, project_id=None):
+        test_dir = os.path.join(self.placebo_dir, test_case)
+        discovery_dir = os.path.join(self.placebo_dir, "discovery")
+        self.recording = True
+
+        if os.path.exists(test_dir):
+            shutil.rmtree(test_dir)
+        os.makedirs(test_dir)
+
+        self.addCleanup(self.cleanUp)
+        bound = {'http': HttpRecorder(test_dir, discovery_dir)}
+        if project_id:
+            bound['project_id'] = project_id
+        return functools.partial(Session, **bound)
+
+    def replay_flight_data(self, test_case, project_id=None):
+        test_dir = os.path.join(self.placebo_dir, test_case)
+        discovery_dir = os.path.join(self.placebo_dir, "discovery")
+        self.recording = False
+
+        if not os.path.exists(test_dir):
+            raise RuntimeError("Invalid Test Dir for flight data %s" % test_dir)
+
+        if project_id is None:
+            project_id = PROJECT_ID
+
+        self.addCleanup(self.cleanUp)
+        bound = {
+            'http': HttpReplay(test_dir, discovery_dir),
+            'project_id': project_id,
+        }
+        return functools.partial(Session, **bound)
+
+
+class BaseTest(FlightRecorderTest):
+
+    custodian_schema = generate()
+
+    @property
+    def account_id(self):
+        return ""
diff --git a/.github/workflows/scripts/green_policy_test.py b/.github/workflows/scripts/green_policy_test.py
new file mode 100755
index 000000000..af81ed53d
--- /dev/null
+++ b/.github/workflows/scripts/green_policy_test.py
@@ -0,0 +1,4 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
diff --git a/.github/workflows/scripts/policy_as_test.py b/.github/workflows/scripts/policy_as_test.py
new file mode 100755
index 000000000..9259e4e44
--- /dev/null
+++ b/.github/workflows/scripts/policy_as_test.py
@@ -0,0 +1,143 @@
+import argparse
+import datetime
+from importlib import import_module
+import logging
+import os
+import re
+
+from dateutil import tz as tzutil
+
+from c7n.config import Config
+from c7n.policy import load as policy_load
+from c7n.provider import clouds
+from c7n.testing import mock_datetime_now
+from c7n.utils import local_session
+from tests.common import BaseTest
+from tools.c7n_gcp.tests.gcp_common import BaseTest as GCPBaseTest
+
+
+log = logging.getLogger(__name__)
+
+
+def run_test_log(session_factory, base_test, policy_test, log_message):
+    if hasattr(policy_test, 'mock_time'):
+        # see test_offhours.py
+        year, month, day = policy_test.mock_time()
+        t = datetime.datetime.now(tzutil.gettz("America/New_York"))
+        t = t.replace(year=year, month=month, day=day)
+
+        with mock_datetime_now(t, datetime):
+            time_mockable_run_test_log(
+                session_factory, base_test, policy_test, log_message)
+    else:
+        time_mockable_run_test_log(
+            session_factory, base_test, policy_test, log_message)
+
+
+def time_mockable_run_test_log(
+        session_factory, base_test, policy_test, log_message):
+    data_policy = base_test.load_policy(
+        policy_data, session_factory=session_factory, config=_prepare_policy_config(
+            policy_data, base_test.policy_loader.policy_config))
+    resources = data_policy.run()
+    if hasattr(policy_test, 'test_resources_with_client'):
+        policy_test.test_resources_with_client(
+            base_test, resources, local_session(session_factory))
+    else:
+        policy_test.test_resources(base_test, resources)
+    log.info(log_message)
+
+
+def _set_up_logging():
+    logging.basicConfig(
+        level=logging.INFO,
+        format="%(asctime)s: %(name)s:%(levelname)s %(message)s")
+    # Suppress unneeded Placebo library debug statements.
+    logging.getLogger('placebo.pill').setLevel(logging.ERROR)
+
+
+def _new_config(policy_file):
+    return Config.empty(
+        **{'region': '',
+           'regions': [],
+           'cache': '~/.cache/cloud-custodian.cache',
+           'profile': None,
+           'account_id': None,
+           'assume_role': None,
+           'external_id': None,
+           'log_group': None,
+           'tracer': None,
+           'metrics_enabled': None,
+           'metrics': None,
+           'output_dir': 'out',
+           'cache_period': 0,
+           'dryrun': False,
+           'authorization_file': None,
+           'subparser': 'run',
+           'config': None,
+           'configs': [policy_file],
+           'policy_filters': [],
+           'resource_types': [],
+           'verbose': None,
+           'quiet': None,
+           'debug': False,
+           'skip_validation': False,
+           'command': 'c7n.commands.run',
+           'vars': None})
+
+
+def _prepare_common_config(policy_file, placebo_dir, policy_test_module_name):
+    loaded_policy = policy_load(_new_config(policy_file), policy_file).policies[0]
+    policy_data = loaded_policy.data
+    if policy_data['resource'].split('.')[0] == 'gcp':
+        base_test = GCPBaseTest()
+    else:
+        base_test = BaseTest()
+    base_test.placebo_dir = placebo_dir
+
+    PolicyTest = import_module(policy_test_module_name).PolicyTest
+    return base_test, policy_data, PolicyTest()
+
+
+def _prepare_policy_config(policy_data, base_test_policy_config):
+    provider_match = re.match('(.*?)\\..*', policy_data['resource'])
+    provider_name = provider_match.group(1) if provider_match else 'aws'
+    # see commands.py
+    provider = clouds[provider_name]()
+    return provider.initialize(base_test_policy_config)
+
+
+def _parse_args():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("action", help="record or replay(test)")
+    parser.add_argument("policy_file", help="path/to/policy.yaml")
+    parser.add_argument("policy_test", help="package.of.policy_test "
+                                            "equivalent of package/of/policy_test.py")
+    parser.add_argument("output_dir", help="path/to/output/directory")
+    args = parser.parse_args()
+    return args.action, args.policy_file, args.policy_test, args.output_dir
+
+
+if __name__ == '__main__':
+    action, policy_file, policy_test_module_name, output_dir = _parse_args()
+    _set_up_logging()
+
+    placebo_dir = os.path.join(
+        os.path.dirname(os.path.abspath(__file__)),
+        output_dir)
+
+    base_test, policy_data, policy_test = _prepare_common_config(
+        policy_file, placebo_dir, policy_test_module_name)
+    policy_name = policy_data['name']
+
+    if action == 'record':
+        session_factory = base_test.record_flight_data(policy_name)
+        run_test_log(session_factory, base_test, policy_test,
+                     'record policy resources successful')
+    elif action in ['replay', 'test']:
+        session_factory = base_test.replay_flight_data(policy_name)
+        run_test_log(session_factory, base_test, policy_test,
+                     'test recorded policy resources successful')
+    else:
+        log.info(f'invalid action: {action}, please run the script '
+                 'with -h to see the possible options')
diff --git a/tests/.whitelisted_green b/tests/.whitelisted_green
new file mode 100644
index 000000000..e69de29bb
diff --git a/tests/.whitelisted_red b/tests/.whitelisted_red
new file mode 100644
index 000000000..e69de29bb

From e9c1a9f09cbde6838b0b9a8dd323abcf4236fe49 Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Sat, 17 Jun 2023 19:18:43 +0300
Subject: [PATCH 06/15] update_ci

---
 .github/workflows/ci.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b085622b2..8b65fc2b7 100755
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,5 +1,9 @@
 name: test-custodian-policies
-on: [push]
+on:
+  push:
+  pull_request_review:
+    types: 
+      - submitted
 jobs:
   test_policy_red_flights:
     runs-on: ubuntu-22.04

From 15e2d9f8049d446136da46fc71fbcd2c5c1cdd86 Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Mon, 19 Jun 2023 20:36:47 +0300
Subject: [PATCH 07/15] fix tests

---
 ...is_video_stream_encrypted_with_kms_cmk.yml | 16 ----
 ..._functions_enhanced_monitoring_enabled.yml |  4 +-
 ...c-aws-951-clb_acm_certificate_required.yml |  4 +-
 .../green/kinesis.tf                          | 18 -----
 .../green/provider.tf                         | 20 -----
 .../green/terraform.tfvars                    |  2 -
 .../green/variables.tf                        |  9 ---
 .../iam/528-policy.json                       | 15 ----
 .../red/kinesis.tf                            |  5 --
 .../red/provider.tf                           | 20 -----
 .../red/terraform.tfvars                      |  2 -
 .../red/variables.tf                          |  9 ---
 .../ec2.DescribeSecurityGroups_1.json         |  4 +-
 .../placebo-green/eks.DescribeCluster_1.json  |  6 +-
 .../placebo-red/eks.DescribeCluster_1.json    |  4 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../placebo-green/eks.DescribeCluster_1.json  |  4 +-
 .../ec2.DescribeSecurityGroups_1.json         | 77 -------------------
 .../placebo-red/eks.DescribeCluster_1.json    |  4 +-
 .../placebo-red/kms.ListAliases_1.json        |  8 ++
 .../placebo-green/mq.DescribeBroker_1.json    |  2 +-
 .../placebo-red/mq.DescribeBroker_1.json      |  2 +-
 .../placebo-green/ecs.DescribeClusters_1.json |  2 +-
 .../placebo-red/ecs.DescribeClusters_1.json   |  2 +-
 .../placebo-red/kms.ListAliases_1.json        |  8 ++
 .../kinesisvideo.ListStreams_1.json           | 27 -------
 .../placebo-green/kms.DescribeKey_1.json      | 33 --------
 .../placebo-green/kms.ListAliases_1.json      | 59 --------------
 .../placebo-green/tagging.GetResources_1.json | 22 ------
 .../kinesisvideo.ListStreams_1.json           | 27 -------
 .../placebo-red/kms.DescribeKey_1.json        | 33 --------
 .../placebo-red/kms.ListAliases_1.json        | 34 --------
 .../placebo-red/tagging.GetResources_1.json   | 22 ------
 .../red_policy_test.py                        |  5 --
 .../ds.DescribeDirectories_1.json             |  2 +-
 .../placebo-red/ds.DescribeDirectories_1.json |  2 +-
 .../placebo-green/ecs.DescribeClusters_1.json |  2 +-
 .../placebo-green/ecs.DescribeClusters_1.json |  2 +-
 .../placebo-red/ecs.DescribeClusters_1.json   |  2 +-
 .../placebo-green/ecs.DescribeServices_1.json |  2 +-
 .../placebo-red/ecs.DescribeServices_1.json   |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 .../ecs.DescribeTaskDefinition_1.json         |  2 +-
 52 files changed, 54 insertions(+), 493 deletions(-)
 delete mode 100644 policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
 delete mode 100644 terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
 create mode 100644 tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/kms.ListAliases_1.json
 create mode 100644 tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
 delete mode 100644 tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py

diff --git a/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml b/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
deleted file mode 100644
index a86621f84..000000000
--- a/policies/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-# Copyright (c) 2023 EPAM Systems, Inc.
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-
-policies:
-  - name: ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk
-    description: |
-      AWS Kinesis Video Streams are not encrypted with KMS customer master keys
-    resource: aws.kinesis-video
-    filters:
-      - type: kms-key
-        key: KeyManager
-        value: AWS
\ No newline at end of file
diff --git a/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml b/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
index 6c3b359f5..3a5cf7539 100644
--- a/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
+++ b/policies/ecc-aws-677-lambda_functions_enhanced_monitoring_enabled.yml
@@ -13,6 +13,6 @@ policies:
     filters:
     - not:
       - type: value
-        key: Layers[].Arn
-        value: 'arn:aws:lambda:.*:[0-9]{12}:layer:LambdaInsightsExtension:[0-9]*'
+        key: contains(keys(@), 'Layers') && join(' ,', Layers[].Arn[])
+        value: '.*arn:aws:lambda:.*:[0-9]{12}:layer:LambdaInsightsExtension:[0-9]*.*'
         op: regex
diff --git a/policies/ecc-aws-951-clb_acm_certificate_required.yml b/policies/ecc-aws-951-clb_acm_certificate_required.yml
index c632ae637..3e3086d87 100644
--- a/policies/ecc-aws-951-clb_acm_certificate_required.yml
+++ b/policies/ecc-aws-951-clb_acm_certificate_required.yml
@@ -23,6 +23,6 @@ policies:
             value: SSL
             op: in
       - type: value
-        key: ListenerDescriptions[].Listener.SSLCertificateId
+        key: length(ListenerDescriptions[].Listener.SSLCertificateId)>`0` && join(' ,', ListenerDescriptions[].Listener.SSLCertificateId)
         op: regex
-        value: '^arn:aws:iam::.*$' 
+        value: '.*(^|, )arn:aws:iam::[^,]*($|, ).*'
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
deleted file mode 100644
index cb31072f9..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/kinesis.tf
+++ /dev/null
@@ -1,18 +0,0 @@
-resource "aws_kinesis_video_stream" "this" {
-  name                    = "528_kinesis_stream_green"
-  data_retention_in_hours = 1
-  media_type              = "video/h264"
-  kms_key_id              = aws_kms_key.this.id
-}
-
-resource "aws_kms_key" "this" {
-  description             = "528_kms_key_green"
-  key_usage               = "ENCRYPT_DECRYPT"
-  deletion_window_in_days = 7
-  is_enabled              = true
-}
-
-resource "aws_kms_alias" "this" {
-  name          = "alias/k-528"
-  target_key_id = aws_kms_key.this.key_id
-}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
deleted file mode 100644
index abcbdf64c..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/provider.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4"
-    }
-  }
-}
-
-provider "aws" {
-  profile = var.profile
-  region  = var.default-region
-
-  default_tags {
-    tags = {
-      CustodianRule    = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
-      ComplianceStatus = "Green"
-    }
-  }
-}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
deleted file mode 100644
index 368bc468f..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/terraform.tfvars
+++ /dev/null
@@ -1,2 +0,0 @@
-profile        = "c7n"
-default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
deleted file mode 100644
index 09e482677..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/green/variables.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-variable "default-region" {
-  type        = string
-  description = "Default region for resources will be created"
-}
-
-variable "profile" {
-  type        = string
-  description = "Profile name configured before running apply"
-}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
deleted file mode 100644
index 07922c10f..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/iam/528-policy.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Effect": "Allow",
-            "Action": [
-                "kinesisvideo:ListStreams",
-                "tag:GetResources",
-                "kms:DescribeKey",
-                "kms:ListAliases"
-            ],
-            "Resource": "*"
-        }
-    ]
-}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
deleted file mode 100644
index 65e1edc46..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/kinesis.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-resource "aws_kinesis_video_stream" "this" {
-  name                    = "528_kinesis_stream_red"
-  data_retention_in_hours = 1
-  media_type              = "video/h264"
-}
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
deleted file mode 100644
index f6db06787..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/provider.tf
+++ /dev/null
@@ -1,20 +0,0 @@
-terraform {
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = "~> 4"
-    }
-  }
-}
-
-provider "aws" {
-  profile = var.profile
-  region  = var.default-region
-
-  default_tags {
-    tags = {
-      CustodianRule    = "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
-      ComplianceStatus = "Red"
-    }
-  }
-}
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
deleted file mode 100644
index 368bc468f..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/terraform.tfvars
+++ /dev/null
@@ -1,2 +0,0 @@
-profile        = "c7n"
-default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf b/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
deleted file mode 100644
index 09e482677..000000000
--- a/terraform/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red/variables.tf
+++ /dev/null
@@ -1,9 +0,0 @@
-variable "default-region" {
-  type        = string
-  description = "Default region for resources will be created"
-}
-
-variable "profile" {
-  type        = string
-  description = "Profile name configured before running apply"
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
index 492c70434..26ff6a067 100644
--- a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/ec2.DescribeSecurityGroups_1.json
@@ -21,7 +21,7 @@
                     }
                 ],
                 "OwnerId": "111111111111",
-                "GroupId": "sg-1234567asdfg",
+                "GroupId": "sg-1234567asdfg2",
                 "IpPermissionsEgress": [
                     {
                         "IpProtocol": "-1",
@@ -66,7 +66,7 @@
                     }
                 ],
                 "OwnerId": "111111111111",
-                "GroupId": "sg-1234567asdfg",
+                "GroupId": "sg-1234567asdfg1",
                 "IpPermissionsEgress": [
                     {
                         "IpProtocol": "-1",
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
index fe506f0df..85134674a 100644
--- a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-green/eks.DescribeCluster_1.json
@@ -24,10 +24,10 @@
                     "subnet-06f477f2a842ea355"
                 ],
                 "securityGroupIds": [
-                    "sg-08b25ebfdfad4e390",
-                    "sg-01ae3484b4f9cd6f2"
+                    "sg-1234567asdfg2",
+                    "sg-1234567asdfg1"
                 ],
-                "clusterSecurityGroupId": "sg-0ae28e513909b75cd",
+                "clusterSecurityGroupId": "sg-1234567asdfg2",
                 "vpcId": "vpc-08d8ec720296562e8",
                 "endpointPublicAccess": true,
                 "endpointPrivateAccess": false,
diff --git a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
index d0202da38..8db82a8ac 100644
--- a/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
+++ b/tests/ecc-aws-248-k8s_cluster_network_firewall_inbound_rule_permissive_to_all_traffic/placebo-red/eks.DescribeCluster_1.json
@@ -24,9 +24,9 @@
                     "subnet-0b4f0c7654cb8daf6"
                 ],
                 "securityGroupIds": [
-                    "sg-0dea57c02c3960acc"
+                    "sg-1234567asdfg"
                 ],
-                "clusterSecurityGroupId": "sg-09274d8bf608494fc",
+                "clusterSecurityGroupId": "sg-1234567asdfg",
                 "vpcId": "vpc-0a4ba19e2f204826f",
                 "endpointPublicAccess": true,
                 "endpointPrivateAccess": false,
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
index fe3c3aeeb..d418888ee 100644
--- a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -46,7 +46,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+                "value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
index 83a2a1984..a99edde5a 100644
--- a/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -43,7 +43,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
+                "value": "ecc-aws-336-ecs_task_definitions_secure_networking_modes_and_user_definitions"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
index 82f4e64b0..e2a0f5a61 100644
--- a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-green/eks.DescribeCluster_1.json
@@ -24,9 +24,9 @@
                     "subnet-0eb433159fb6f1181"
                 ],
                 "securityGroupIds": [
-                    "sg-02ca6b7ed9856bf13"
+                    "sg-1234567asdfg"
                 ],
-                "clusterSecurityGroupId": "sg-03650af0d1a5074b5",
+                "clusterSecurityGroupId": "sg-1234567asdfg",
                 "vpcId": "vpc-06040e942854784d7",
                 "endpointPublicAccess": true,
                 "endpointPrivateAccess": false,
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
index c465a44c5..dea89a043 100644
--- a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/ec2.DescribeSecurityGroups_1.json
@@ -65,83 +65,6 @@
                     }
                 ],
                 "VpcId": "vpc-12345asdfg"
-            },
-            {
-                "Description": "Managed by Terraform",
-                "GroupName": "374_security_group_green",
-                "IpPermissions": [
-                    {
-                        "FromPort": 10250,
-                        "IpProtocol": "tcp",
-                        "IpRanges": [],
-                        "Ipv6Ranges": [],
-                        "PrefixListIds": [],
-                        "ToPort": 10250,
-                        "UserIdGroupPairs": [
-                            {
-                                "GroupId": "sg-1234567asdfg",
-                                "UserId": "111111111111"
-                            }
-                        ]
-                    },
-                    {
-                        "FromPort": 443,
-                        "IpProtocol": "tcp",
-                        "IpRanges": [],
-                        "Ipv6Ranges": [],
-                        "PrefixListIds": [],
-                        "ToPort": 443,
-                        "UserIdGroupPairs": [
-                            {
-                                "GroupId": "sg-1234567asdfg",
-                                "UserId": "111111111111"
-                            }
-                        ]
-                    }
-                ],
-                "OwnerId": "111111111111",
-                "GroupId": "sg-1234567asdfg",
-                "IpPermissionsEgress": [
-                    {
-                        "FromPort": 10250,
-                        "IpProtocol": "tcp",
-                        "IpRanges": [],
-                        "Ipv6Ranges": [],
-                        "PrefixListIds": [],
-                        "ToPort": 10250,
-                        "UserIdGroupPairs": [
-                            {
-                                "GroupId": "sg-1234567asdfg",
-                                "UserId": "111111111111"
-                            }
-                        ]
-                    },
-                    {
-                        "FromPort": 443,
-                        "IpProtocol": "tcp",
-                        "IpRanges": [],
-                        "Ipv6Ranges": [],
-                        "PrefixListIds": [],
-                        "ToPort": 443,
-                        "UserIdGroupPairs": [
-                            {
-                                "GroupId": "sg-1234567asdfg",
-                                "UserId": "111111111111"
-                            }
-                        ]
-                    }
-                ],
-                "Tags": [
-                    {
-                        "Key": "ComplianceStatus",
-                        "Value": "Green"
-                    },
-                    {
-                        "Key": "CustodianRule",
-                        "Value": "ecc-aws-374-eks_clusters_security_group_traffic_restricted"
-                    }
-                ],
-                "VpcId": "vpc-12345asdfg"
             }
         ],
         "ResponseMetadata": {}
diff --git a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
index e7d38c3b2..9103eaad1 100644
--- a/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
+++ b/tests/ecc-aws-374-eks_clusters_security_group_traffic_restricted/placebo-red/eks.DescribeCluster_1.json
@@ -24,9 +24,9 @@
                     "subnet-0d1cb874a81dba178"
                 ],
                 "securityGroupIds": [
-                    "sg-076576b07f66d92af"
+                    "sg-1234567asdfg"
                 ],
-                "clusterSecurityGroupId": "sg-071a7361ef43ecceb",
+                "clusterSecurityGroupId": "sg-1234567asdfg",
                 "vpcId": "vpc-0a42bd855d9ac3572",
                 "endpointPublicAccess": true,
                 "endpointPrivateAccess": false,
diff --git a/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..e50fb444a
--- /dev/null
+++ b/tests/ecc-aws-499-sagemaker_endpoint_configuration_encrypted/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
index 0b1ee3d64..025ef76c1 100644
--- a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-green/mq.DescribeBroker_1.json
@@ -69,7 +69,7 @@
         },
         "PubliclyAccessible": true,
         "SecurityGroups": [
-            "sg-063e315418dd6352f"
+            "sg-1234567asdfg"
         ],
         "StorageType": "efs",
         "SubnetIds": [
diff --git a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
index d5401e4d5..41349dcbd 100644
--- a/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
+++ b/tests/ecc-aws-508-mq_broker_open_to_all_ports_protocols/placebo-red/mq.DescribeBroker_1.json
@@ -69,7 +69,7 @@
         },
         "PubliclyAccessible": true,
         "SecurityGroups": [
-            "sg-00735cb790c715177"
+            "sg-1234567asdfg"
         ],
         "StorageType": "efs",
         "SubnetIds": [
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
index 6facb77e7..ecbb7a64a 100644
--- a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-green/ecs.DescribeClusters_1.json
@@ -27,7 +27,7 @@
                 "tags": [
                     {
                         "key": "CustodiaRule",
-                        "Value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+                        "value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
index 89e2996e4..61573742d 100644
--- a/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
+++ b/tests/ecc-aws-525-ecs_exec_logging_encryption_enabled/placebo-red/ecs.DescribeClusters_1.json
@@ -24,7 +24,7 @@
                 "tags": [
                     {
                         "key": "CustodiaRule",
-                        "Value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
+                        "value": "ecc-aws-525-ecs_exec_logging_encryption_enabled"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
new file mode 100644
index 000000000..e50fb444a
--- /dev/null
+++ b/tests/ecc-aws-527-mwaa_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
@@ -0,0 +1,8 @@
+{
+    "status_code": 200,
+    "data": {
+        "Aliases": [],
+        "Truncated": false,
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
deleted file mode 100644
index 5e0543b37..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kinesisvideo.ListStreams_1.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "ResponseMetadata": {},
-        "StreamInfoList": [
-            {
-                "StreamName": "528_kinesis_stream_green",
-                "StreamARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_green/1655227909037",
-                "MediaType": "video/h264",
-                "KmsKeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
-                "Version": "P2BkKtDfhfCfsZfupUhV",
-                "Status": "ACTIVE",
-                "CreationTime": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 6,
-                    "day": 14,
-                    "hour": 20,
-                    "minute": 31,
-                    "second": 49,
-                    "microsecond": 37000
-                },
-                "DataRetentionInHours": 1
-            }
-        ]
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
deleted file mode 100644
index 829d70da4..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.DescribeKey_1.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "KeyMetadata": {
-            "AWSAccountId": "111111111111",
-            "KeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
-            "Arn": "arn:aws:kms:us-east-1:111111111111:key/d03a7b6f-6c38-415e-b7e6-111111111111",
-            "CreationDate": {
-                "__class__": "datetime",
-                "year": 2022,
-                "month": 6,
-                "day": 14,
-                "hour": 20,
-                "minute": 31,
-                "second": 41,
-                "microsecond": 831000
-            },
-            "Enabled": true,
-            "Description": "528_kms_key_green",
-            "KeyUsage": "ENCRYPT_DECRYPT",
-            "KeyState": "Enabled",
-            "Origin": "AWS_KMS",
-            "KeyManager": "CUSTOMER",
-            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
-            "KeySpec": "SYMMETRIC_DEFAULT",
-            "EncryptionAlgorithms": [
-                "SYMMETRIC_DEFAULT"
-            ],
-            "MultiRegion": false
-        },
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
deleted file mode 100644
index e985b83b7..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/kms.ListAliases_1.json
+++ /dev/null
@@ -1,59 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "Aliases": [
-            {
-                "AliasName": "alias/aws/kinesisvideo",
-                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
-                "TargetKeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
-                "CreationDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 5,
-                    "day": 18,
-                    "hour": 18,
-                    "minute": 45,
-                    "second": 58,
-                    "microsecond": 147000
-                },
-                "LastUpdatedDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 5,
-                    "day": 18,
-                    "hour": 18,
-                    "minute": 45,
-                    "second": 58,
-                    "microsecond": 147000
-                }
-            },
-            {
-                "AliasName": "alias/k-528",
-                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/k-528",
-                "TargetKeyId": "d03a7b6f-6c38-415e-b7e6-111111111111",
-                "CreationDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 6,
-                    "day": 14,
-                    "hour": 20,
-                    "minute": 31,
-                    "second": 48,
-                    "microsecond": 196000
-                },
-                "LastUpdatedDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 6,
-                    "day": 14,
-                    "hour": 20,
-                    "minute": 31,
-                    "second": 48,
-                    "microsecond": 196000
-                }
-            }
-        ],
-        "Truncated": false,
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
deleted file mode 100644
index ff1194a33..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-green/tagging.GetResources_1.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "PaginationToken": "",
-        "ResourceTagMappingList": [
-            {
-                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_green/1655227909037",
-                "Tags": [
-                    {
-                        "Key": "ComplianceStatus",
-                        "Value": "Green"
-                    },
-                    {
-                        "Key": "CustodianRule",
-                        "Value": "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
-                    }
-                ]
-            }
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
deleted file mode 100644
index ec51a2a67..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kinesisvideo.ListStreams_1.json
+++ /dev/null
@@ -1,27 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "ResponseMetadata": {},
-        "StreamInfoList": [
-            {
-                "StreamName": "528_kinesis_stream_red",
-                "StreamARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_red/1655228577707",
-                "MediaType": "video/h264",
-                "KmsKeyId": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
-                "Version": "qgADXXedNxTafPyyW61t",
-                "Status": "ACTIVE",
-                "CreationTime": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 6,
-                    "day": 14,
-                    "hour": 20,
-                    "minute": 42,
-                    "second": 57,
-                    "microsecond": 707000
-                },
-                "DataRetentionInHours": 1
-            }
-        ]
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
deleted file mode 100644
index 88c6072a4..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.DescribeKey_1.json
+++ /dev/null
@@ -1,33 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "KeyMetadata": {
-            "AWSAccountId": "111111111111",
-            "KeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
-            "Arn": "arn:aws:kms:us-east-1:111111111111:key/00f124a3-0b53-496e-a535-f903bf512e61",
-            "CreationDate": {
-                "__class__": "datetime",
-                "year": 2022,
-                "month": 5,
-                "day": 18,
-                "hour": 18,
-                "minute": 45,
-                "second": 58,
-                "microsecond": 19000
-            },
-            "Enabled": true,
-            "Description": "Default key that protects my Kinesis Video Streams data when no other key is defined",
-            "KeyUsage": "ENCRYPT_DECRYPT",
-            "KeyState": "Enabled",
-            "Origin": "AWS_KMS",
-            "KeyManager": "AWS",
-            "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
-            "KeySpec": "SYMMETRIC_DEFAULT",
-            "EncryptionAlgorithms": [
-                "SYMMETRIC_DEFAULT"
-            ],
-            "MultiRegion": false
-        },
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
deleted file mode 100644
index c880f277b..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/kms.ListAliases_1.json
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "Aliases": [
-            {
-                "AliasName": "alias/aws/kinesisvideo",
-                "AliasArn": "arn:aws:kms:us-east-1:111111111111:alias/aws/kinesisvideo",
-                "TargetKeyId": "00f124a3-0b53-496e-a535-f903bf512e61",
-                "CreationDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 5,
-                    "day": 18,
-                    "hour": 18,
-                    "minute": 45,
-                    "second": 58,
-                    "microsecond": 147000
-                },
-                "LastUpdatedDate": {
-                    "__class__": "datetime",
-                    "year": 2022,
-                    "month": 5,
-                    "day": 18,
-                    "hour": 18,
-                    "minute": 45,
-                    "second": 58,
-                    "microsecond": 147000
-                }
-            }
-        ],
-        "Truncated": false,
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
deleted file mode 100644
index 6eb887d91..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/placebo-red/tagging.GetResources_1.json
+++ /dev/null
@@ -1,22 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "PaginationToken": "",
-        "ResourceTagMappingList": [
-            {
-                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:111111111111:stream/528_kinesis_stream_red/1655228577707",
-                "Tags": [
-                    {
-                        "Key": "CustodianRule",
-                        "Value": "ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk"
-                    },
-                    {
-                        "Key": "ComplianceStatus",
-                        "Value": "Red"
-                    }
-                ]
-            }
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py b/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py
deleted file mode 100644
index 301b5b1d8..000000000
--- a/tests/ecc-aws-528-kinesis_video_stream_encrypted_with_kms_cmk/red_policy_test.py
+++ /dev/null
@@ -1,5 +0,0 @@
-class PolicyTest(object):
-
-    def test_resources(self, base_test, resources):
-        base_test.assertEqual(len(resources), 1)
-        base_test.assertEqual(resources[0] ['c7n:matched-kms-key'][0], 'alias/aws/kinesisvideo')
\ No newline at end of file
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
index d5d66b0ff..ffe345527 100644
--- a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-green/ds.DescribeDirectories_1.json
@@ -41,7 +41,7 @@
                         "subnet-082579082d7b38182",
                         "subnet-02682a905307e70cd"
                     ],
-                    "SecurityGroupId": "sg-03da26794df66ab4d",
+                    "SecurityGroupId": "sg-1234567asdfg",
                     "AvailabilityZones": [
                         "us-east-1c",
                         "us-east-1d"
diff --git a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
index 63aee13b5..3deacba94 100644
--- a/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
+++ b/tests/ecc-aws-538-ds_directory_not_open_to_large_scope/placebo-red/ds.DescribeDirectories_1.json
@@ -41,7 +41,7 @@
                         "subnet-0aac43521e2229522",
                         "subnet-07e91dbe8d70af009"
                     ],
-                    "SecurityGroupId": "sg-03cffb21852ae5cb4",
+                    "SecurityGroupId": "sg-1234567asdfg",
                     "AvailabilityZones": [
                         "us-east-1c",
                         "us-east-1d"
diff --git a/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
index f4ab9a3f2..65e76bafe 100644
--- a/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
+++ b/tests/ecc-aws-585-ecs_without_tag_information/placebo-green/ecs.DescribeClusters_1.json
@@ -14,7 +14,7 @@
                 "tags": [
                     {
                         "key": "CustodianRule",
-                        "Value": "ecc-aws-585-ecs_without_tag_information"
+                        "value": "ecc-aws-585-ecs_without_tag_information"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
index de71e4205..d7cf25457 100644
--- a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-green/ecs.DescribeClusters_1.json
@@ -25,7 +25,7 @@
                 "tags": [
                     {
                         "key": "CustodianRule",
-                        "Value": "ecc-aws-690-ecs_exec_logging_enabled"
+                        "value": "ecc-aws-690-ecs_exec_logging_enabled"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
index b42b2a3cc..d87286d17 100644
--- a/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
+++ b/tests/ecc-aws-690-ecs_exec_logging_enabled/placebo-red/ecs.DescribeClusters_1.json
@@ -14,7 +14,7 @@
                 "tags": [
                     {
                         "key": "CustodianRule",
-                        "Value": "ecc-aws-690-ecs_exec_logging_enabled"
+                        "value": "ecc-aws-690-ecs_exec_logging_enabled"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
index 39fb1fd27..7dcd69a90 100644
--- a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-green/ecs.DescribeServices_1.json
@@ -215,7 +215,7 @@
                 "tags": [
                     {
                         "key": "CustodianRule",
-                        "Value": "ecc-aws-744-ecs_fargate_latest_platform_version"
+                        "value": "ecc-aws-744-ecs_fargate_latest_platform_version"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
index 076c780b1..f42e942b4 100644
--- a/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
+++ b/tests/ecc-aws-744-ecs_fargate_latest_platform_version/placebo-red/ecs.DescribeServices_1.json
@@ -145,7 +145,7 @@
                 "tags": [
                     {
                         "key": "CustodianRule",
-                        "Value": "ecc-aws-744-ecs_fargate_latest_platform_version"
+                        "value": "ecc-aws-744-ecs_fargate_latest_platform_version"
                     },
                     {
                         "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
index a729fc693..8a914515b 100644
--- a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -56,7 +56,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+                "value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
index bb54850df..cba0687e0 100644
--- a/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-745-ecs_task_definition_memory_hard_limit/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -59,7 +59,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
+                "value": "ecc-aws-745-ecs_task_definition_memory_hard_limit"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
index eb7c7d28c..ae16d7d99 100644
--- a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -56,7 +56,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
+                "value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
index 6e66c1847..db34d0c51 100644
--- a/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-746-ecs_task_definition_pid_mode_check/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -53,7 +53,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
+                "value": "ecc-aws-746-ecs_task_definition_pid_mode_check"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
index 58b72eb1e..f00d04d63 100644
--- a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -53,7 +53,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-906-ecs_containers_readonly_access"
+                "value": "ecc-aws-906-ecs_containers_readonly_access"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
index f3596ade8..21537e078 100644
--- a/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-906-ecs_containers_readonly_access/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -50,7 +50,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-906-ecs_containers_readonly_access"
+                "value": "ecc-aws-906-ecs_containers_readonly_access"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
index 036ce2e03..7dc3c8ca4 100644
--- a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -54,7 +54,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-907-ecs_no_environment_secrets"
+                "value": "ecc-aws-907-ecs_no_environment_secrets"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
index 15a813ac4..40c8735e1 100644
--- a/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-907-ecs_no_environment_secrets/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -62,7 +62,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-907-ecs_no_environment_secrets"
+                "value": "ecc-aws-907-ecs_no_environment_secrets"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
index 883a62751..992172182 100644
--- a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-green/ecs.DescribeTaskDefinition_1.json
@@ -59,7 +59,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-955-ecs_containers_nonprivileged"
+                "value": "ecc-aws-955-ecs_containers_nonprivileged"
             },
             {
                 "key": "ComplianceStatus",
diff --git a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
index c1c5256e4..f52b2897b 100644
--- a/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
+++ b/tests/ecc-aws-955-ecs_containers_nonprivileged/placebo-red/ecs.DescribeTaskDefinition_1.json
@@ -59,7 +59,7 @@
         "tags": [
             {
                 "key": "CustodianRule",
-                "Value": "ecc-aws-955-ecs_containers_nonprivileged"
+                "value": "ecc-aws-955-ecs_containers_nonprivileged"
             },
             {
                 "key": "ComplianceStatus",

From 2ab71516ec03b84b12221793767334cb89bd236d Mon Sep 17 00:00:00 2001
From: Vitalii Kanivets <vitalii_kanivets@epam.com>
Date: Thu, 22 Jun 2023 09:59:53 +0000
Subject: [PATCH 08/15] Added CONTRIBUTING.md

---
 CONTRIBUTING.md | 62 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
 create mode 100644 CONTRIBUTING.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..d5d805b1b
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,62 @@
+#  ecc-aws-rulepack contribution processes
+
+First off, thanks for taking the time to contribute! 😻
+
+All types of contributions are encouraged and valued. See the [Table of Contents](#Table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution.
+
+## Table of Contents
+
+- [I Want To Contribute](#I-want-to-contribute) 
+  - [Legal Notice](#Legal-Notice) 
+  - [Reporting issue](#Reporting-issue)  
+  - [Creating a Pull Request](#Creating-a-Pull-Request)
+- [Development](#Development)  
+  - [Project Structure](#Project-structure)  
+  - [Start the Project](#Start-the-project)  
+  - [Create new policy](#Create-new-policy)  
+
+
+## I Want To Contribute
+
+### Legal Notice
+> When contributing to this project, you must agree that you have authored 100% of the content, that you have the necessary rights to the content and that the content you contribute may be provided under the project license.
+
+### Reporting issue
+
+A good issue report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail. Please complete the following steps in advance to help us fix any potential bug as fast as possible.
+
+We use [GitHub Issues](https://github.com/epam/ecc-aws-rulepack/issues) to track any issues. If you run into an issue with the project, please open a new [issue](https://github.com/epam/ecc-aws-rulepack/issues/new/choose) and follow the desired [issue template](https://github.com/epam/ecc-aws-rulepack/wik/Issue-Templates). 
+
+
+### Creating a Pull Request
+
+You can contribute to our codebase via creating Pull Request. PRs to our libraries are always welcome and can be a quick way to get your fix or improvement slated for the next release. 
+
+In general, we follow this [Git workflow](https://github.com/epam/ecc-aws-rulepack/wiki/Git-workflow-for-rules-creation) for rules creation
+
+## Development
+
+### Project Structure
+
+```
+├── policies
+├── terraform
+├── tests
+├── iam
+```
+
+More details [here](https://github.com/epam/ecc-aws-rulepack/wiki/Git-workflow-for-rules-creation#Repository-layout-for-static-rules)
+
+### Start the Project
+
+Familiarize yourself with:
+
+Cloud Custodian official documentation - https://cloudcustodian.io/
+[How to use AWS](https://github.com/epam/ecc-aws-rulepack/wiki/How-to-use-AWS)
+
+### Create new policy
+
+* [DoD for Open Rules](https://github.com/epam/ecc-aws-rulepack/wiki/DoD-for-Open-Rules)
+* [Terraform Guide](https://github.com/epam/ecc-aws-rulepack/wiki/Terraform-Guide-AWS)
+* [Python unit tests](https://github.com/epam/ecc-aws-rulepack/wiki/Python-unit-tests)
+

From 11dd809d5e00e57d5cc80538f1bde0707967d227 Mon Sep 17 00:00:00 2001
From: Vitalii Kanivets <69165906+Vit-ts@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:02:52 +0300
Subject: [PATCH 09/15] Updated CONTRIBUTING.md

---
 CONTRIBUTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index d5d805b1b..b58392871 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -51,7 +51,7 @@ More details [here](https://github.com/epam/ecc-aws-rulepack/wiki/Git-workflow-f
 
 Familiarize yourself with:
 
-Cloud Custodian official documentation - https://cloudcustodian.io/
+Cloud Custodian official documentation - https://cloudcustodian.io/  
 [How to use AWS](https://github.com/epam/ecc-aws-rulepack/wiki/How-to-use-AWS)
 
 ### Create new policy

From 726b5522a064e258596b8478409bcdc40ecf156f Mon Sep 17 00:00:00 2001
From: anna-shcherbak <80756766+anna-shcherbak@users.noreply.github.com>
Date: Thu, 22 Jun 2023 13:15:53 +0300
Subject: [PATCH 10/15] Update CONTRIBUTING.md

---
 CONTRIBUTING.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index b58392871..e04fb5650 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -51,8 +51,8 @@ More details [here](https://github.com/epam/ecc-aws-rulepack/wiki/Git-workflow-f
 
 Familiarize yourself with:
 
-Cloud Custodian official documentation - https://cloudcustodian.io/  
-[How to use AWS](https://github.com/epam/ecc-aws-rulepack/wiki/How-to-use-AWS)
+- Cloud Custodian official documentation - https://cloudcustodian.io/  
+- [How to use AWS](https://github.com/epam/ecc-aws-rulepack/wiki/How-to-use-AWS)
 
 ### Create new policy
 

From 5986db1aca3c817a26a55c0ed3be653ad109ba45 Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <anna_shcherbak@epam.com>
Date: Thu, 22 Jun 2023 21:24:59 +0300
Subject: [PATCH 11/15] upload iam/All-permissions.json file

---
 iam/All-permissions.json                      | 217 ++++++++++++++++++
 .../iam/293-policy.json                       |   2 +-
 .../iam/309-policy.json                       |   2 +-
 .../iam/310-policy.json                       |   2 +-
 .../iam/313-policy.json                       |   2 +-
 .../iam/363-policy.json                       |   2 +-
 .../iam/416-policy.json                       |   2 +-
 .../iam/502-policy.json                       |  14 ++
 .../iam/519-policy.json                       |   2 +-
 .../iam/551-policy.json                       |  12 +
 .../iam/555-policy.json                       |   2 +-
 .../iam/578-policy.json                       |   2 +-
 .../iam/632-policy.json                       |   4 +-
 .../iam/780-policy.json                       |   4 +-
 14 files changed, 256 insertions(+), 13 deletions(-)
 create mode 100644 iam/All-permissions.json

diff --git a/iam/All-permissions.json b/iam/All-permissions.json
new file mode 100644
index 000000000..c17ab59a6
--- /dev/null
+++ b/iam/All-permissions.json
@@ -0,0 +1,217 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "access-analyzer:ListAnalyzers",
+                "acm:DescribeCertificate",
+                "acm:ListCertificates",
+                "airflow:GetEnvironment",
+                "airflow:ListEnvironments",
+                "apigateway:GET",
+                "appflow:DescribeFlow",
+                "appflow:ListFlows",
+                "autoscaling:DescribeAutoScalingGroups",
+                "autoscaling:DescribeLaunchConfigurations",
+                "backup:GetBackupPlan",
+                "backup:ListBackupPlans",
+                "backup:ListBackupVaults",
+                "backup:ListTags",
+                "cloudformation:DescribeStacks",
+                "cloudfront:GetDistributionConfig",
+                "cloudfront:ListDistributions",
+                "cloudtrail:DescribeTrails",
+                "cloudtrail:GetEventSelectors",
+                "cloudtrail:GetTrailStatus",
+                "cloudwatch:DescribeAlarms",
+                "codebuild:BatchGetProjects",
+                "codebuild:ListProjects",
+                "codedeploy:GetDeploymentGroup",
+                "codedeploy:ListApplications",
+                "codedeploy:ListDeploymentGroups",
+                "codedeploy:ListTagsForResource",
+                "codepipeline:GetPipeline",
+                "codepipeline:ListPipelines",
+                "config:DescribeConfigurationRecorderStatus",
+                "config:DescribeConfigurationRecorders",
+                "config:DescribeDeliveryChannels",
+                "dax:DescribeClusters",
+                "dax:ListTags",
+                "dlm:GetLifecyclePolicies",
+                "dlm:GetLifecyclePolicy",
+                "dms:DescribeReplicationInstances",
+                "dms:ListTagsForResource",
+                "ds:DescribeDirectories",
+                "ds:ListTagsForResource",
+                "dynamodb:DescribeContinuousBackups",
+                "dynamodb:DescribeTable",
+                "dynamodb:ListTables",
+                "ec2:DescribeAddresses",
+                "ec2:DescribeFlowLogs",
+                "ec2:DescribeImageAttribute",
+                "ec2:DescribeImages",
+                "ec2:DescribeInstanceAttribute",
+                "ec2:DescribeInstances",
+                "ec2:DescribeInternetGateways",
+                "ec2:DescribeKeyPairs",
+                "ec2:DescribeLaunchTemplateVersions",
+                "ec2:DescribeNatGateways",
+                "ec2:DescribeNetworkAcls",
+                "ec2:DescribeNetworkInterfaces",
+                "ec2:DescribeRegions",
+                "ec2:DescribeRouteTables",
+                "ec2:DescribeSecurityGroupReferences",
+                "ec2:DescribeSecurityGroupRules",
+                "ec2:DescribeSecurityGroups",
+                "ec2:DescribeSnapshotAttribute",
+                "ec2:DescribeSnapshots",
+                "ec2:DescribeSubnets",
+                "ec2:DescribeTags",
+                "ec2:DescribeTransitGatewayAttachments",
+                "ec2:DescribeTransitGateways",
+                "ec2:DescribeVolumes",
+                "ec2:DescribeVpcEndpointServiceConfigurations",
+                "ec2:DescribeVpcEndpoints",
+                "ec2:DescribeVpcPeeringConnections",
+                "ec2:DescribeVpcs",
+                "ec2:DescribeVpnConnections",
+                "ec2:DescribeVpnGateways",
+                "ec2:GetEbsEncryptionByDefault",
+                "ecr:DescribeRepositories",
+                "ecr:GetLifecyclePolicy",
+                "ecr:ListTagsForResource",
+                "ecs:DescribeClusters",
+                "ecs:DescribeContainerInstances",
+                "ecs:DescribeServices",
+                "ecs:DescribeTaskDefinition",
+                "ecs:ListClusters",
+                "ecs:ListContainerInstances",
+                "ecs:ListServices",
+                "ecs:ListTaskDefinitions",
+                "eks:DescribeCluster",
+                "eks:ListClusters",
+                "elasticache:DescribeCacheClusters",
+                "elasticache:DescribeReplicationGroups",
+                "elasticbeanstalk:DescribeEnvironments",
+                "elasticbeanstalk:ListTagsForResource",
+                "elasticfilesystem:DescribeFileSystems",
+                "elasticloadbalancing:DescribeListeners",
+                "elasticloadbalancing:DescribeLoadBalancerAttributes",
+                "elasticloadbalancing:DescribeLoadBalancerPolicies",
+                "elasticloadbalancing:DescribeLoadBalancers",
+                "elasticloadbalancing:DescribeTags",
+                "elasticloadbalancing:DescribeTargetGroups",
+                "elasticloadbalancing:DescribeTargetHealth",
+                "elasticmapreduce:DescribeCluster",
+                "elasticmapreduce:ListClusters",
+                "es:DescribeDomains",
+                "es:DescribeElasticsearchDomain",
+                "es:DescribeElasticsearchDomainConfig",
+                "es:DescribeElasticsearchDomains",
+                "es:DescribeInboundConnections",
+                "es:ESHttpGet",
+                "es:ListDomainNames",
+                "es:ListTags",
+                "events:ListEventBuses",
+                "firehose:DescribeDeliveryStream",
+                "firehose:ListDeliveryStreams",
+                "fsx:DescribeBackups",
+                "fsx:DescribeFileSystems",
+                "glacier:GetVaultAccessPolicy",
+                "glacier:ListTagsForVault",
+                "glacier:ListVaults",
+                "glue:GetDataCatalogEncryptionSettings",
+                "glue:GetJobs",
+                "glue:GetSecurityConfigurations",
+                "guardduty:ListDetectors",
+                "iam:GenerateCredentialReport",
+                "iam:GetAccountPasswordPolicy",
+                "iam:GetCredentialReport",
+                "iam:GetGroup",
+                "iam:GetPolicy",
+                "iam:GetRole",
+                "iam:GetUser",
+                "iam:ListAccessKeys",
+                "iam:ListAccountAliases",
+                "iam:ListAttachedUserPolicies",
+                "iam:ListGroups",
+                "iam:ListMFADevices",
+                "iam:ListRoles",
+                "iam:ListServerCertificates",
+                "iam:ListUserPolicies",
+                "iam:ListUsers",
+                "kafka:ListClusters",
+                "kinesis:DescribeStream",
+                "kinesis:ListStreams",
+                "kms:DescribeKey",
+                "kms:GetKeyRotationStatus",
+                "kms:ListAliases",
+                "kms:ListKeys",
+                "kms:listAliases",
+                "lambda:GetFunction",
+                "lambda:GetFunctionConcurrency",
+                "lambda:ListFunctions",
+                "lightsail:GetInstances",
+                "logs:DescribeLogGroups",
+                "logs:DescribeMetricFilters",
+                "mq:DescribeBroker",
+                "mq:ListBrokers",
+                "qldb:DescribeLedger",
+                "qldb:ListLedgers",
+                "rds:DescribeDBClusters",
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters",
+                "rds:DescribeDBSnapshotAttributes",
+                "rds:DescribeDBSnapshots",
+                "redshift:DescribeClusterParameters",
+                "redshift:DescribeClusters",
+                "redshift:DescribeLoggingStatus",
+                "route53:ListHostedZones",
+                "route53:ListQueryLoggingConfigs",
+                "route53:ListResourceRecordSets",
+                "route53:ListTagsForResources",
+                "route53domains:ListDomains",
+                "route53domains:ListTagsForDomain",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketNotification",
+                "s3:GetBucketPolicy",
+                "s3:GetBucketTagging",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketWebsite",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:ListAllMyBuckets",
+                "sagemaker:DescribeEndpointConfig",
+                "sagemaker:DescribeModel",
+                "sagemaker:DescribeNotebookInstance",
+                "sagemaker:ListEndpointConfigs",
+                "sagemaker:ListModels",
+                "sagemaker:ListNotebookInstances",
+                "sagemaker:ListTags",
+                "securityhub:DescribeHub",
+                "sns:GetTopicAttributes",
+                "sns:ListTagsForResource",
+                "sns:ListTopics",
+                "sqs:GetQueueAttributes",
+                "sqs:ListQueues",
+                "ssm:DescribeInstanceInformation",
+                "ssm:ListResourceComplianceSummaries",
+                "tag:GetResources",
+                "tagging:GetResources",
+                "waf-regional:ListResourcesForWebACL",
+                "waf-regional:ListWebACLs",
+                "waf:GetWebACL",
+                "waf:ListWebACLs",
+                "workspaces:DescribeWorkspaceDirectories",
+                "workspaces:DescribeWorkspaceImages",
+                "workspaces:DescribeWorkspaces",
+                "workspaces:DescribeWorkspacesConnectionStatus",
+                "xray:GetEncryptionConfig"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
index 2a65337fe..2a57dc84c 100644
--- a/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
+++ b/terraform/ecc-aws-293-security_group_ingress_is_restricted_traffic_to_port_20/iam/293-policy.json
@@ -5,7 +5,7 @@
             "Effect": "Allow",
             "Action": [
                 "ec2:DescribeSecurityGroups",
-                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
                 "ec2:DescribeRegions",
                 "ec2:DescribeSecurityGroupRules"
             ],
diff --git a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
index 2a65337fe..2a57dc84c 100644
--- a/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
+++ b/terraform/ecc-aws-309-security_group_ingress_is_restricted_traffic_to_port_135/iam/309-policy.json
@@ -5,7 +5,7 @@
             "Effect": "Allow",
             "Action": [
                 "ec2:DescribeSecurityGroups",
-                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
                 "ec2:DescribeRegions",
                 "ec2:DescribeSecurityGroupRules"
             ],
diff --git a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
index 2a65337fe..2a57dc84c 100644
--- a/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
+++ b/terraform/ecc-aws-310-security_group_ingress_is_restricted_traffic_to_port_143/iam/310-policy.json
@@ -5,7 +5,7 @@
             "Effect": "Allow",
             "Action": [
                 "ec2:DescribeSecurityGroups",
-                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
                 "ec2:DescribeRegions",
                 "ec2:DescribeSecurityGroupRules"
             ],
diff --git a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
index 2a65337fe..2a57dc84c 100644
--- a/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
+++ b/terraform/ecc-aws-313-security_group_ingress_is_restricted_traffic_to_port_4333/iam/313-policy.json
@@ -5,7 +5,7 @@
             "Effect": "Allow",
             "Action": [
                 "ec2:DescribeSecurityGroups",
-                "ec2:DescribeRegions"
+                "ec2:DescribeRegions",
                 "ec2:DescribeRegions",
                 "ec2:DescribeSecurityGroupRules"
             ],
diff --git a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
index 0240d8128..95a4daaf3 100644
--- a/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
+++ b/terraform/ecc-aws-363-redshift_cluster_automatic_upgrade_to_major_version_enabled/iam/363-policy.json
@@ -4,7 +4,7 @@
         {
             "Effect": "Allow",
             "Action": [
-                "redshift:DescribeClusters",
+                "redshift:DescribeClusters"
             ],
             "Resource": "*"
         }
diff --git a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
index 5cd48688c..0a03e55fb 100644
--- a/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
+++ b/terraform/ecc-aws-416-elasticache_encrypted_at_rest_using_cmk/iam/416-policy.json
@@ -3,7 +3,7 @@
     "Statement": [
         {
             "Effect": "Allow",
-            "Action": "elasticache:DescribeReplicationGroups"
+            "Action": "elasticache:DescribeReplicationGroups",
             "Resource": "*"
         }
     ]
diff --git a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json
index e69de29bb..ec2a1e750 100644
--- a/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json
+++ b/terraform/ecc-aws-502-mq_broker_auto_minor_version_upgrade_enabled/iam/502-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "mq:DescribeBroker",
+                "mq:ListBrokers"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json b/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
index 0240d8128..95a4daaf3 100644
--- a/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
+++ b/terraform/ecc-aws-519-redshift_not_using_default_port/iam/519-policy.json
@@ -4,7 +4,7 @@
         {
             "Effect": "Allow",
             "Action": [
-                "redshift:DescribeClusters",
+                "redshift:DescribeClusters"
             ],
             "Resource": "*"
         }
diff --git a/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json b/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json
index e69de29bb..f707deebd 100644
--- a/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json
+++ b/terraform/ecc-aws-551-ebs_without_tag_information/iam/551-policy.json
@@ -0,0 +1,12 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ec2:DescribeVolumes"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json b/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
index 79ba9df95..9848457d2 100644
--- a/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
+++ b/terraform/ecc-aws-555-eni_without_tag_information/iam/555-policy.json
@@ -5,7 +5,7 @@
             "Sid": "VisualEditor0",
             "Effect": "Allow",
             "Action": [
-                "Tag:GetResources",
+                "tag:GetResources",
                 "ec2:DescribeNetworkInterfaces"
             ],
             "Resource": "*"
diff --git a/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json b/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
index 8b6e074a3..d87b3afa9 100644
--- a/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
+++ b/terraform/ecc-aws-578-cloudtrail_without_tag_information/iam/578-policy.json
@@ -5,7 +5,7 @@
             "Sid": "VisualEditor0",
             "Effect": "Allow",
             "Action": [
-                "Tag:GetResources",
+                "tag:GetResources",
                 "cloudtrail:DescribeTrails"
             ],
             "Resource": "*"
diff --git a/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json b/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
index 9a057e9c9..43ad1bfe9 100644
--- a/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
+++ b/terraform/ecc-aws-632-sns_without_tag_information/iam/632-policy.json
@@ -6,9 +6,9 @@
             "Effect": "Allow",
             "Action": [
                 "tag:GetResources",
-                "SNS:ListTagsForResource",
+                "sns:ListTagsForResource",
                 "sns:ListTopics",
-                "SNS:GetTopicAttributes"
+                "sns:GetTopicAttributes"
             ],
             "Resource": "*"
         }
diff --git a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
index 8a6b298be..c45a6024e 100644
--- a/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
+++ b/terraform/ecc-aws-780-sns_topic_message_delivery_notification_enabled/iam/780-policy.json
@@ -5,8 +5,8 @@
             "Effect": "Allow",
             "Action": [
                 "sns:ListTopics",
-                "SNS:GetTopicAttributes",
-                "SNS:ListTagsForResource"
+                "sns:GetTopicAttributes",
+                "sns:ListTagsForResource"
             ],
             "Resource": "*"
         }

From f1aae2546b47a48eb7518de157affe7f54adc89b Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Fri, 23 Jun 2023 11:15:57 +0300
Subject: [PATCH 12/15] update workflow file

---
 .github/workflows/scripts/policy_as_test.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/scripts/policy_as_test.py b/.github/workflows/scripts/policy_as_test.py
index 9259e4e44..85fddadb2 100755
--- a/.github/workflows/scripts/policy_as_test.py
+++ b/.github/workflows/scripts/policy_as_test.py
@@ -1,3 +1,9 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
 import argparse
 import datetime
 from importlib import import_module

From f17b5704f61cc0107b3ff86a8327f15a8f7fcc94 Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Wed, 5 Jul 2023 13:56:18 +0300
Subject: [PATCH 13/15] new_rules_from_sprint

---
 iam/All-permissions.json                      |  3 +
 ...ser_for_administrative_and_daily_tasks.yml | 25 +++---
 ...-aws-914-waf_regional_webacl_not_empty.yml | 16 ++++
 ...c-aws-964-glue_job_autoscaling_enabled.yml | 20 +++++
 ...cc-aws-968-cloudtrail_delivery_failing.yml | 16 ++++
 ...function_state_machine_logging_enabled.yml | 16 ++++
 .../green/provider.tf                         | 20 +++++
 .../green/terraform.tfvars                    |  2 +
 .../green/variables.tf                        |  9 +++
 .../green/waf.tf                              | 81 +++++++++++++++++++
 .../iam/914-policy.json                       | 15 ++++
 .../red/provider.tf                           | 20 +++++
 .../red/terraform.tfvars                      |  2 +
 .../red/variables.tf                          |  9 +++
 .../red/waf.tf                                |  8 ++
 .../green/glue.tf                             | 11 +++
 .../green/iam.tf                              | 40 +++++++++
 .../green/provider.tf                         | 20 +++++
 .../green/s3.tf                               | 21 +++++
 .../green/script.py                           | 44 ++++++++++
 .../green/terraform.tfvars                    |  2 +
 .../green/variables.tf                        |  9 +++
 .../iam/964-policy.json                       | 14 ++++
 .../red/glue.tf                               |  9 +++
 .../red/iam.tf                                | 40 +++++++++
 .../red/provider.tf                           | 20 +++++
 .../red/s3.tf                                 | 21 +++++
 .../red/script.py                             | 44 ++++++++++
 .../red/terraform.tfvars                      |  2 +
 .../red/variables.tf                          |  9 +++
 .../green/cloudtrail.tf                       | 16 ++++
 .../green/iam.tf                              | 31 +++++++
 .../green/provider.tf                         | 20 +++++
 .../green/s3.tf                               | 10 +++
 .../green/terraform.tfvars                    |  2 +
 .../green/variables.tf                        |  9 +++
 .../iam/968-policy.json                       | 14 ++++
 .../red/cloudtrail.tf                         | 12 +++
 .../red/iam.tf                                | 58 +++++++++++++
 .../red/provider.tf                           | 20 +++++
 .../red/s3.tf                                 | 20 +++++
 .../red/terraform.tfvars                      |  2 +
 .../red/variables.tf                          |  9 +++
 .../green/cloudwatch.tf                       |  3 +
 .../green/iam.tf                              | 73 +++++++++++++++++
 .../green/lambda.tf                           | 14 ++++
 .../green/provider.tf                         | 20 +++++
 .../green/stepfunction.tf                     | 24 ++++++
 .../green/terraform.tfvars                    |  2 +
 .../green/variables.tf                        |  9 +++
 .../green/welcome.py                          | 25 ++++++
 .../iam/969-policy.json                       | 14 ++++
 .../red/cloudwatch.tf                         |  3 +
 .../red/iam.tf                                | 73 +++++++++++++++++
 .../red/lambda.tf                             | 14 ++++
 .../red/provider.tf                           | 20 +++++
 .../red/stepfunction.tf                       | 18 +++++
 .../red/terraform.tfvars                      |  2 +
 .../red/variables.tf                          |  9 +++
 .../red/welcome.py                            | 25 ++++++
 .../green_policy_test.py                      |  7 ++
 .../iam.GetCredentialReport_1.json            | 14 ++--
 .../iam.ListAccountAliases_1.json             |  4 +-
 .../iam.GenerateCredentialReport_1.json       |  8 --
 .../iam.GetCredentialReport_1.json            | 12 +--
 .../placebo-red/iam.ListAccountAliases_1.json |  4 +-
 .../red_policy_test.py                        | 12 ++-
 .../placebo-green/tagging.GetResources_1.json | 35 ++++++++
 .../waf-regional.GetWebACL_1.json             | 25 ++++++
 .../waf-regional.GetWebACL_2.json             | 25 ++++++
 .../waf-regional.ListWebACLs_1.json           | 17 ++++
 .../placebo-red/tagging.GetResources_1.json   | 22 +++++
 .../placebo-red/waf-regional.GetWebACL_1.json | 16 ++++
 .../waf-regional.ListWebACLs_1.json           | 13 +++
 .../red_policy_test.py                        |  5 ++
 .../placebo-green/glue.GetJobs_1.json         | 50 ++++++++++++
 .../placebo-green/tagging.GetResources_1.json | 22 +++++
 .../placebo-red/glue.GetJobs_1.json           | 47 +++++++++++
 .../placebo-red/tagging.GetResources_1.json   | 22 +++++
 .../red_policy_test.py                        |  5 ++
 .../cloudtrail.DescribeTrails_1.json          | 21 +++++
 .../cloudtrail.GetTrailStatus_1.json          | 23 ++++++
 .../placebo-green/tagging.GetResources_1.json | 22 +++++
 .../cloudtrail.DescribeTrails_1.json          | 21 +++++
 .../cloudtrail.GetTrailStatus_1.json          | 34 ++++++++
 .../placebo-red/tagging.GetResources_1.json   | 22 +++++
 .../red_policy_test.py                        |  5 ++
 .../states.DescribeStateMachine_1.json        | 36 +++++++++
 .../states.ListStateMachines_1.json           | 23 ++++++
 .../placebo-green/tagging.GetResources_1.json | 22 +++++
 .../states.DescribeStateMachine_1.json        | 36 +++++++++
 .../states.ListStateMachines_1.json           | 23 ++++++
 .../placebo-red/tagging.GetResources_1.json   | 22 +++++
 .../red_policy_test.py                        |  5 ++
 94 files changed, 1774 insertions(+), 45 deletions(-)
 create mode 100644 policies/ecc-aws-914-waf_regional_webacl_not_empty.yml
 create mode 100644 policies/ecc-aws-964-glue_job_autoscaling_enabled.yml
 create mode 100644 policies/ecc-aws-968-cloudtrail_delivery_failing.yml
 create mode 100644 policies/ecc-aws-969-step_function_state_machine_logging_enabled.yml
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/provider.tf
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/variables.tf
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/waf.tf
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/iam/914-policy.json
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/provider.tf
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/variables.tf
 create mode 100644 terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/waf.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/glue.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/script.py
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/iam/964-policy.json
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/glue.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/script.py
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/iam.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/provider.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/s3.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/green/variables.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/iam/968-policy.json
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/cloudtrail.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/iam.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/provider.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/s3.tf
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-968-cloudtrail_delivery_failing/red/variables.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/cloudwatch.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/lambda.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/stepfunction.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/welcome.py
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/iam/969-policy.json
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/cloudwatch.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/lambda.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/stepfunction.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/welcome.py
 create mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/green_policy_test.py
 delete mode 100644 tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_2.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.GetWebACL_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-914-waf_regional_webacl_not_empty/red_policy_test.py
 create mode 100644 tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/glue.GetJobs_1.json
 create mode 100644 tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-964-glue_job_autoscaling_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.GetTrailStatus_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.DescribeTrails_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.GetTrailStatus_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-968-cloudtrail_delivery_failing/red_policy_test.py
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.DescribeStateMachine_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.ListStateMachines_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.DescribeStateMachine_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.ListStateMachines_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-969-step_function_state_machine_logging_enabled/red_policy_test.py

diff --git a/iam/All-permissions.json b/iam/All-permissions.json
index c17ab59a6..fcf35dd1e 100644
--- a/iam/All-permissions.json
+++ b/iam/All-permissions.json
@@ -199,10 +199,13 @@
                 "sqs:ListQueues",
                 "ssm:DescribeInstanceInformation",
                 "ssm:ListResourceComplianceSummaries",
+                "states:DescribeStateMachine",
+                "states:ListStateMachine",
                 "tag:GetResources",
                 "tagging:GetResources",
                 "waf-regional:ListResourcesForWebACL",
                 "waf-regional:ListWebACLs",
+                "waf-regional:GetWebACL",
                 "waf:GetWebACL",
                 "waf:ListWebACLs",
                 "workspaces:DescribeWorkspaceDirectories",
diff --git a/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml b/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
index 0d26d1769..3489f83ad 100644
--- a/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
+++ b/policies/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks.yml
@@ -12,18 +12,13 @@ policies:
       Root user is used for administrative and daily tasks
     filters:
       - or:
-          - and:
-              - type: credential
-                key: access_keys.active
-                value: true
-              - type: credential
-                key: access_keys.last_used_date
-                value: present
-
-          - and:
-              - type: credential
-                key: password_enabled
-                value: true
-              - type: credential
-                key: password_last_used
-                value: present
\ No newline at end of file
+        - type: credential
+          key: password_last_used
+          op: less-than
+          value_type: age
+          value: 90
+        - type: credential
+          key: access_keys.last_used_date
+          op: less-than
+          value_type: age
+          value: 90
\ No newline at end of file
diff --git a/policies/ecc-aws-914-waf_regional_webacl_not_empty.yml b/policies/ecc-aws-914-waf_regional_webacl_not_empty.yml
new file mode 100644
index 000000000..ccd6b59e9
--- /dev/null
+++ b/policies/ecc-aws-914-waf_regional_webacl_not_empty.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-914-waf_regional_webacl_not_empty
+    description: |
+      A WAF Classic Regional web ACL does not have at least one rule or rule group
+    resource: aws.waf-regional
+    filters:
+      - type: value
+        key: Rules
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-964-glue_job_autoscaling_enabled.yml b/policies/ecc-aws-964-glue_job_autoscaling_enabled.yml
new file mode 100644
index 000000000..20d3c88ee
--- /dev/null
+++ b/policies/ecc-aws-964-glue_job_autoscaling_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-964-glue_job_autoscaling_enabled
+    description: |
+      Amazon Glue Job with disabled autoscaling
+    resource: aws.glue-job
+    filters:
+      - or:
+        - type: value
+          key: DefaultArguments."--enable-auto-scaling"
+          value: absent
+        - type: value
+          key: DefaultArguments."--enable-auto-scaling"
+          value: "false" 
\ No newline at end of file
diff --git a/policies/ecc-aws-968-cloudtrail_delivery_failing.yml b/policies/ecc-aws-968-cloudtrail_delivery_failing.yml
new file mode 100644
index 000000000..fbb926889
--- /dev/null
+++ b/policies/ecc-aws-968-cloudtrail_delivery_failing.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-968-cloudtrail_delivery_failing
+    description: |
+      CloudTrail logs delivery failing
+    resource: aws.cloudtrail
+    filters:
+      - type: status
+        key: LatestDeliveryError
+        value: present
\ No newline at end of file
diff --git a/policies/ecc-aws-969-step_function_state_machine_logging_enabled.yml b/policies/ecc-aws-969-step_function_state_machine_logging_enabled.yml
new file mode 100644
index 000000000..68ad71af7
--- /dev/null
+++ b/policies/ecc-aws-969-step_function_state_machine_logging_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-969-step_function_state_machine_logging_enabled
+    description: |
+      AWS Step Function State Machine logging is disabled
+    resource: aws.step-machine
+    filters:
+      - type: value
+        key: loggingConfiguration.level
+        value: 'OFF'
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/provider.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/provider.tf
new file mode 100644
index 000000000..aa5b5122c
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-914-waf_regional_webacl_not_empty"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/terraform.tfvars b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/variables.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/waf.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/waf.tf
new file mode 100644
index 000000000..2b8abc1d3
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/green/waf.tf
@@ -0,0 +1,81 @@
+resource "aws_wafregional_ipset" "this" {
+  name = "914_ipset_green"
+
+  ip_set_descriptor {
+    type  = "IPV4"
+    value = "1.1.1.0/24"
+  }
+}
+
+resource "aws_wafregional_rule" "this" {
+  name        = "914_waf_rule_green"
+  metric_name = "914WafRuleMetricGreen"
+
+  predicate {
+    data_id = aws_wafregional_ipset.this.id
+    negated = false
+    type    = "IPMatch"
+  }
+  depends_on = [aws_wafregional_ipset.this]
+}
+
+resource "aws_wafregional_rule_group" "this" {
+  name        = "914_waf_rule_group_green"
+  metric_name = "914WafRuleGroupMetricGreen"
+
+  activated_rule {
+    action {
+      type = "ALLOW"
+    }
+
+    priority = 1
+    rule_id  = aws_wafregional_rule.this.id
+  }
+}
+
+resource "aws_wafregional_web_acl" "this" {
+  name        = "914_webacl_green"
+  metric_name = "914WebaclMetricGreen"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rule {
+    override_action {
+      type = "NONE"
+    }
+    priority = 1
+    rule_id  = aws_wafregional_rule_group.this.id
+    type     = "GROUP"
+  }
+
+  depends_on = [
+    aws_wafregional_ipset.this,
+    aws_wafregional_rule_group.this,
+  ]
+}
+
+resource "aws_wafregional_web_acl" "this2" {
+  name        = "914_webacl_green2"
+  metric_name = "914WebaclMetricGreen2"
+
+  default_action {
+    type = "ALLOW"
+  }
+
+  rule {
+    action {
+      type = "ALLOW"
+    }
+
+    priority = 1
+    rule_id  = aws_wafregional_rule.this.id
+    type     = "REGULAR"
+  }
+
+  depends_on = [
+    aws_wafregional_ipset.this,
+    aws_wafregional_rule.this,
+  ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/iam/914-policy.json b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/iam/914-policy.json
new file mode 100644
index 000000000..a99c2eb47
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/iam/914-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "waf-regional:ListWebACLs",
+                "waf-regional:GetWebACL",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/provider.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/provider.tf
new file mode 100644
index 000000000..0a4204f32
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-914-waf_regional_webacl_not_empty"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/terraform.tfvars b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/variables.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/waf.tf b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/waf.tf
new file mode 100644
index 000000000..bad270330
--- /dev/null
+++ b/terraform/ecc-aws-914-waf_regional_webacl_not_empty/red/waf.tf
@@ -0,0 +1,8 @@
+resource "aws_wafregional_web_acl" "this" {
+  name        = "914_webacl_red"
+  metric_name = "914WebaclMetricRed"
+
+  default_action {
+    type = "ALLOW"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/glue.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/glue.tf
new file mode 100644
index 000000000..05ea4dc34
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/glue.tf
@@ -0,0 +1,11 @@
+resource "aws_glue_job" "this" {
+  name         = "964_glue_job_green"
+  role_arn     = aws_iam_role.this.arn
+  glue_version = "4.0"
+  default_arguments = {
+        "--enable-auto-scaling" = "true"
+  }
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/iam.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/iam.tf
new file mode 100644
index 000000000..64041b567
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/iam.tf
@@ -0,0 +1,40 @@
+resource "aws_iam_role" "this" {
+  name = "964_role_green"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "964_policy_green"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/provider.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/provider.tf
new file mode 100644
index 000000000..945e65690
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-964-glue_job_autoscaling_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/s3.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/s3.tf
new file mode 100644
index 000000000..151d79f62
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-964-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/script.py b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/script.py
new file mode 100644
index 000000000..36c8be0d3
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-964-green/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-964-green",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/terraform.tfvars b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/variables.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/iam/964-policy.json b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/iam/964-policy.json
new file mode 100644
index 000000000..da598bb19
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/iam/964-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "VisualEditor0",
+        "Effect": "Allow",
+        "Action": [
+          "glue:GetJobs",
+          "tag:GetResources"
+        ],
+        "Resource": "*"
+      }
+    ]
+  }
\ No newline at end of file
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/glue.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/glue.tf
new file mode 100644
index 000000000..f7f946e4a
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/glue.tf
@@ -0,0 +1,9 @@
+resource "aws_glue_job" "this" {
+  name         = "964_glue_job_red"
+  role_arn     = aws_iam_role.this.arn
+  glue_version = "4.0"
+
+  command {
+    script_location = "s3://${aws_s3_bucket.this.bucket}/script"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/iam.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/iam.tf
new file mode 100644
index 000000000..42e8c3413
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/iam.tf
@@ -0,0 +1,40 @@
+resource "aws_iam_role" "this" {
+  name = "964_role_red"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "glue.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "this" {
+  name = "964_policy_red"
+  role = "${aws_iam_role.this.id}"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+EOF
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/provider.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/provider.tf
new file mode 100644
index 000000000..59d1b1269
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-964-glue_job_autoscaling_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/s3.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/s3.tf
new file mode 100644
index 000000000..15fc6c911
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/s3.tf
@@ -0,0 +1,21 @@
+resource "aws_s3_object" "this" {
+  bucket = aws_s3_bucket.this.id
+  key    = "script"
+  acl    = "private"
+  source = "script.py"
+  etag = filemd5("script.py")
+}
+
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-964-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/script.py b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/script.py
new file mode 100644
index 000000000..3455fc9e7
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/script.py
@@ -0,0 +1,44 @@
+import sys
+from awsglue.transforms import *
+from awsglue.utils import getResolvedOptions
+from pyspark.context import SparkContext
+from awsglue.context import GlueContext
+from awsglue.job import Job
+
+args = getResolvedOptions(sys.argv, ["JOB_NAME"])
+sc = SparkContext()
+glueContext = GlueContext(sc)
+spark = glueContext.spark_session
+job = Job(glueContext)
+job.init(args["JOB_NAME"], args)
+
+# Script generated for node S3 bucket
+S3bucket_node1 = glueContext.create_dynamic_frame.from_options(
+    format_options={"multiline": False},
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "paths": ["s3://bucket-964-red/script"],
+        "recurse": True,
+    },
+    transformation_ctx="S3bucket_node1",
+)
+
+# Script generated for node ApplyMapping
+ApplyMapping_node2 = ApplyMapping.apply(
+    frame=S3bucket_node1, mappings=[], transformation_ctx="ApplyMapping_node2"
+)
+
+# Script generated for node S3 bucket
+S3bucket_node3 = glueContext.write_dynamic_frame.from_options(
+    frame=ApplyMapping_node2,
+    connection_type="s3",
+    format="json",
+    connection_options={
+        "path": "s3://bucket-964-red",
+        "partitionKeys": [],
+    },
+    transformation_ctx="S3bucket_node3",
+)
+
+job.commit()
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/terraform.tfvars b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/variables.tf b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-964-glue_job_autoscaling_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/cloudtrail.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/cloudtrail.tf
new file mode 100644
index 000000000..e4dbdd918
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/cloudtrail.tf
@@ -0,0 +1,16 @@
+resource "aws_cloudtrail" "this" {
+  name                          = "trail-968-green"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  s3_key_prefix                 = "prefix_968_green"
+  include_global_service_events = false
+
+  event_selector {
+    read_write_type           = "All"
+    include_management_events = true
+
+    data_resource {
+      type = "AWS::S3::Object"
+      values = ["${aws_s3_bucket.this.arn}/"]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/iam.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/iam.tf
new file mode 100644
index 000000000..a487b2443
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/iam.tf
@@ -0,0 +1,31 @@
+data "aws_caller_identity" "current" {
+
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "AWSCloudTrailAclCheck"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = [aws_s3_bucket.this.arn]
+  }
+
+  statement {
+    sid    = "AWSCloudTrailWrite"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["${aws_s3_bucket.this.arn}/prefix_968_green/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/provider.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/provider.tf
new file mode 100644
index 000000000..dc507a650
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-968-cloudtrail_delivery_failing"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/s3.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/s3.tf
new file mode 100644
index 000000000..b2f407079
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/s3.tf
@@ -0,0 +1,10 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-968-green"
+  force_destroy = true
+}
+
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/terraform.tfvars b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/variables.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/iam/968-policy.json b/terraform/ecc-aws-968-cloudtrail_delivery_failing/iam/968-policy.json
new file mode 100644
index 000000000..3a1ca4c44
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/iam/968-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Effect": "Allow",
+        "Action": [
+          "cloudtrail:GetTrailStatus",
+          "cloudtrail:DescribeTrails",
+          "tag:GetResources"
+        ],
+        "Resource": "*"
+      }
+    ]
+  }
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/cloudtrail.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/cloudtrail.tf
new file mode 100644
index 000000000..316cb1705
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/cloudtrail.tf
@@ -0,0 +1,12 @@
+
+resource "aws_cloudtrail" "this" {
+  name                          = "trail-968-red"
+  s3_bucket_name                = aws_s3_bucket.this.id
+  s3_key_prefix                 = "prefix_968_red"
+  include_global_service_events = false
+
+  event_selector {
+    read_write_type           = "All"
+    include_management_events = true
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/iam.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/iam.tf
new file mode 100644
index 000000000..2df8293b7
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/iam.tf
@@ -0,0 +1,58 @@
+data "aws_caller_identity" "current" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    sid    = "AWSCloudTrailAclCheck"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = [aws_s3_bucket.this.arn]
+  }
+
+  statement {
+    sid    = "AWSCloudTrailWrite"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["${aws_s3_bucket.this.arn}/prefix_968_red/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
+  }
+}
+
+data "aws_iam_policy_document" "deny" {
+
+  statement {
+    sid    = "AWSCloudTrailAclCheck"
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:GetBucketAcl"]
+    resources = [aws_s3_bucket.this.arn]
+  }
+
+  statement {
+    sid    = "AWSCloudTrailWrite"
+    effect = "Deny"
+
+    principals {
+      type        = "Service"
+      identifiers = ["cloudtrail.amazonaws.com"]
+    }
+
+    actions   = ["s3:PutObject"]
+    resources = ["${aws_s3_bucket.this.arn}/prefix_968_red/AWSLogs/${data.aws_caller_identity.current.account_id}/*"]
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/provider.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/provider.tf
new file mode 100644
index 000000000..a54f2174b
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-968-cloudtrail_delivery_failing"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/s3.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/s3.tf
new file mode 100644
index 000000000..501117212
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/s3.tf
@@ -0,0 +1,20 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "bucket-968-red"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_s3_bucket_policy" "deny" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.deny.json
+
+  depends_on = [
+    aws_s3_bucket_policy.this,
+    aws_s3_bucket.this,
+    aws_cloudtrail.this
+  ]
+}
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/terraform.tfvars b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/variables.tf b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-968-cloudtrail_delivery_failing/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/cloudwatch.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/cloudwatch.tf
new file mode 100644
index 000000000..78f4de8fd
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/cloudwatch.tf
@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "loggroup-969-red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/iam.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/iam.tf
new file mode 100644
index 000000000..df03a5c16
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/iam.tf
@@ -0,0 +1,73 @@
+data "aws_iam_policy_document" "lambda_assume_role" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    principals {
+      identifiers = ["lambda.amazonaws.com"]
+      type        = "Service"
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "iam-969-lambda-green"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+}
+
+data "aws_iam_policy_document" "sfn" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    principals {
+      identifiers = ["states.amazonaws.com"]
+      type        = "Service"
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "sfn" {
+  name               = "iam-969-sfn-green"
+  assume_role_policy = data.aws_iam_policy_document.sfn.json
+}
+
+data "aws_iam_policy_document" "sfn_policy" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "lambda:InvokeFunction",
+    ]
+    resources = [
+      aws_lambda_function.this.arn,
+    ]
+  }
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:AssociateKmsKey",
+      "logs:CreateLogDelivery",
+      "logs:GetLogDelivery",
+      "logs:UpdateLogDelivery",
+      "logs:DeleteLogDelivery",
+      "logs:ListLogDeliveries",
+      "logs:PutResourcePolicy",
+      "logs:DescribeResourcePolicies",
+      "logs:DescribeLogGroups",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "sfn_role_policy" {
+  name   = "iam-969-sfn-policy-green"
+  role   = aws_iam_role.sfn.id
+  policy = data.aws_iam_policy_document.sfn_policy.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/lambda.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/lambda.tf
new file mode 100644
index 000000000..c9c302428
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/lambda.tf
@@ -0,0 +1,14 @@
+data "archive_file" "this" {
+  type        = "zip"
+  source_file = "welcome.py"
+  output_path = "welcome.zip"
+}
+
+resource "aws_lambda_function" "this" {
+  function_name    = "lambda-969-green"
+  filename         = data.archive_file.this.output_path
+  source_code_hash = data.archive_file.this.output_base64sha256
+  role             = aws_iam_role.lambda_role.arn
+  handler          = "welcome.lambda_handler"
+  runtime          = "python3.9"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/provider.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..371cdeb93
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-969-step_function_state_machine_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/stepfunction.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/stepfunction.tf
new file mode 100644
index 000000000..2557fa678
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/stepfunction.tf
@@ -0,0 +1,24 @@
+resource "aws_sfn_state_machine" "this" {
+  name     = "state-machine-969-green"
+  role_arn = aws_iam_role.sfn.arn
+
+  definition = <<EOF
+{
+  "Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
+  "StartAt": "HelloWorld",
+  "States": {
+    "HelloWorld": {
+      "Type": "Task",
+      "Resource": "${aws_lambda_function.this.arn}",
+      "End": true
+    }
+  }
+}
+EOF
+
+  logging_configuration {
+    log_destination        = "${aws_cloudwatch_log_group.this.arn}:*"
+    include_execution_data = true
+    level                  = "ERROR"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/variables.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/welcome.py b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/welcome.py
new file mode 100644
index 000000000..7a4d546dc
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/green/welcome.py
@@ -0,0 +1,25 @@
+import json
+import random
+import string
+import random
+import string
+import re
+
+
+def lambda_handler(event, context):
+
+    max = 8
+    password = ''.join(random.choices(
+        string.ascii_lowercase+string.ascii_uppercase, k=max))
+    mandatory = ''.join(''.join(random.choices(choice)) for choice in [
+                        string.ascii_lowercase, string.ascii_uppercase, "_@", string.digits])
+    passwordlist = list(password+mandatory)
+    random.shuffle(passwordlist)
+    while re.match("^[0-9]|@|_", ''.join(list(passwordlist))) != None:
+        random.shuffle(passwordlist)
+        passwordlist = list(password+mandatory)
+
+    return {
+        'statusCode': 200,
+        'body': json.dumps(''.join(list(passwordlist)))
+    }
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/iam/969-policy.json b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/iam/969-policy.json
new file mode 100644
index 000000000..d39b8489d
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/iam/969-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "VisualEditor0",
+        "Effect": "Allow",
+        "Action": [
+          "states:DescribeStateMachine",
+          "states:ListStateMachine"
+        ],
+        "Resource": "*"
+      }
+    ]
+  }
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/cloudwatch.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/cloudwatch.tf
new file mode 100644
index 000000000..78f4de8fd
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/cloudwatch.tf
@@ -0,0 +1,3 @@
+resource "aws_cloudwatch_log_group" "this" {
+  name = "loggroup-969-red"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/iam.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/iam.tf
new file mode 100644
index 000000000..ffc3a714a
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/iam.tf
@@ -0,0 +1,73 @@
+data "aws_iam_policy_document" "lambda_assume_role" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    principals {
+      identifiers = ["lambda.amazonaws.com"]
+      type        = "Service"
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "lambda_role" {
+  name               = "iam-969-lambda-red"
+  assume_role_policy = data.aws_iam_policy_document.lambda_assume_role.json
+}
+
+data "aws_iam_policy_document" "sfn" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    principals {
+      identifiers = ["states.amazonaws.com"]
+      type        = "Service"
+    }
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "sfn" {
+  name               = "iam-969-sfn-red"
+  assume_role_policy = data.aws_iam_policy_document.sfn.json
+}
+
+data "aws_iam_policy_document" "sfn_policy" {
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "lambda:InvokeFunction",
+    ]
+    resources = [
+      aws_lambda_function.this.arn,
+    ]
+  }
+  statement {
+    sid    = ""
+    effect = "Allow"
+    actions = [
+      "logs:CreateLogGroup",
+      "logs:CreateLogStream",
+      "logs:PutLogEvents",
+      "logs:AssociateKmsKey",
+      "logs:CreateLogDelivery",
+      "logs:GetLogDelivery",
+      "logs:UpdateLogDelivery",
+      "logs:DeleteLogDelivery",
+      "logs:ListLogDeliveries",
+      "logs:PutResourcePolicy",
+      "logs:DescribeResourcePolicies",
+      "logs:DescribeLogGroups",
+    ]
+    resources = [
+      "*",
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "sfn_role_policy" {
+  name   = "iam-969-sfn-policy-red"
+  role   = aws_iam_role.sfn.id
+  policy = data.aws_iam_policy_document.sfn_policy.json
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/lambda.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/lambda.tf
new file mode 100644
index 000000000..a8dc6bd85
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/lambda.tf
@@ -0,0 +1,14 @@
+data "archive_file" "this" {
+  type        = "zip"
+  source_file = "welcome.py"
+  output_path = "welcome.zip"
+}
+
+resource "aws_lambda_function" "this" {
+  function_name    = "lambda-969-red"
+  filename         = data.archive_file.this.output_path
+  source_code_hash = data.archive_file.this.output_base64sha256
+  role             = aws_iam_role.lambda_role.arn
+  handler          = "welcome.lambda_handler"
+  runtime          = "python3.9"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/provider.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..7a1dbc9cf
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-969-step_function_state_machine_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/stepfunction.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/stepfunction.tf
new file mode 100644
index 000000000..3c66f9e04
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/stepfunction.tf
@@ -0,0 +1,18 @@
+resource "aws_sfn_state_machine" "this" {
+  name     = "state-machine-969-red"
+  role_arn = aws_iam_role.sfn.arn
+
+  definition = <<EOF
+{
+  "Comment": "A Hello World example of the Amazon States Language using an AWS Lambda Function",
+  "StartAt": "HelloWorld",
+  "States": {
+    "HelloWorld": {
+      "Type": "Task",
+      "Resource": "${aws_lambda_function.this.arn}",
+      "End": true
+    }
+  }
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/variables.tf b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/welcome.py b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/welcome.py
new file mode 100644
index 000000000..7a4d546dc
--- /dev/null
+++ b/terraform/ecc-aws-969-step_function_state_machine_logging_enabled/red/welcome.py
@@ -0,0 +1,25 @@
+import json
+import random
+import string
+import random
+import string
+import re
+
+
+def lambda_handler(event, context):
+
+    max = 8
+    password = ''.join(random.choices(
+        string.ascii_lowercase+string.ascii_uppercase, k=max))
+    mandatory = ''.join(''.join(random.choices(choice)) for choice in [
+                        string.ascii_lowercase, string.ascii_uppercase, "_@", string.digits])
+    passwordlist = list(password+mandatory)
+    random.shuffle(passwordlist)
+    while re.match("^[0-9]|@|_", ''.join(list(passwordlist))) != None:
+        random.shuffle(passwordlist)
+        passwordlist = list(password+mandatory)
+
+    return {
+        'statusCode': 200,
+        'body': json.dumps(''.join(list(passwordlist)))
+    }
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/green_policy_test.py b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/green_policy_test.py
new file mode 100644
index 000000000..77830b70a
--- /dev/null
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/green_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 0)
+
+    def mock_time(self):
+        return 2023, 6, 22
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
index 35b40d087..251027553 100644
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.GetCredentialReport_1.json
@@ -1,16 +1,16 @@
 {
     "status_code": 200,
     "data": {
-        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,not_supported,no_information,not_supported,not_supported,false,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::111111111111:root,2023-04-23T15:30:12+00:00,not_supported,2023-02-19T14:32:56+00:00,not_supported,not_supported,true,false,N/A,N/A,N/A,N/A,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
         "ReportFormat": "text/csv",
         "GeneratedTime": {
             "__class__": "datetime",
-            "year": 2021,
-            "month": 5,
-            "day": 6,
-            "hour": 11,
-            "minute": 28,
-            "second": 55,
+            "year": 2023,
+            "month": 6,
+            "day": 22,
+            "hour": 7,
+            "minute": 3,
+            "second": 33,
             "microsecond": 0
         },
         "ResponseMetadata": {}
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
index 3b408e3eb..384ece3f3 100644
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-green/iam.ListAccountAliases_1.json
@@ -1,9 +1,7 @@
 {
     "status_code": 200,
     "data": {
-        "AccountAliases": [
-            "test"
-        ],
+        "AccountAliases": [],
         "IsTruncated": false,
         "ResponseMetadata": {}
     }
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
deleted file mode 100644
index 9abcdb973..000000000
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GenerateCredentialReport_1.json
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "State": "STARTED",
-        "Description": "No report exists. Starting a new report generation task",
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
index f271656f9..d7a104f5b 100644
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.GetCredentialReport_1.json
@@ -1,16 +1,16 @@
 {
     "status_code": 200,
     "data": {
-        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::121212121212:root,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,true,true,true,true,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00,true,2020-12-01T10:46:12+00:00",
+        "Content": "user,arn,user_creation_time,password_enabled,password_last_used,password_last_changed,password_next_rotation,mfa_active,access_key_1_active,access_key_1_last_rotated,access_key_1_last_used_date,access_key_1_last_used_region,access_key_1_last_used_service,access_key_2_active,access_key_2_last_rotated,access_key_2_last_used_date,access_key_2_last_used_region,access_key_2_last_used_service,cert_1_active,cert_1_last_rotated,cert_2_active,cert_2_last_rotated\n<root_account>,arn:aws:iam::111111111111:root,2023-04-23T15:30:12+00:00,not_supported,2023-06-22T07:09:05+00:00,not_supported,not_supported,true,true,2023-06-22T07:09:28+00:00,2023-06-22T08:21:00+00:00,us-east-1,s3,false,N/A,N/A,N/A,N/A,false,N/A,false,N/A",
         "ReportFormat": "text/csv",
         "GeneratedTime": {
             "__class__": "datetime",
-            "year": 2021,
-            "month": 5,
-            "day": 6,
+            "year": 2023,
+            "month": 6,
+            "day": 22,
             "hour": 11,
-            "minute": 28,
-            "second": 55,
+            "minute": 18,
+            "second": 28,
             "microsecond": 0
         },
         "ResponseMetadata": {}
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
index 3b408e3eb..384ece3f3 100644
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/placebo-red/iam.ListAccountAliases_1.json
@@ -1,9 +1,7 @@
 {
     "status_code": 200,
     "data": {
-        "AccountAliases": [
-            "test"
-        ],
+        "AccountAliases": [],
         "IsTruncated": false,
         "ResponseMetadata": {}
     }
diff --git a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
index bdd605b12..54d643350 100644
--- a/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
+++ b/tests/ecc-aws-272-eliminate_use_root_user_for_administrative_and_daily_tasks/red_policy_test.py
@@ -1,8 +1,14 @@
+import datetime
+
 class PolicyTest(object):
 
+    def mock_time(self):
+        return 2023, 6, 21
+
     def test_resources(self, base_test, resources):
         base_test.assertEqual(len(resources), 1)
-        base_test.assertTrue(resources[0]['c7n:credential-report']['access_keys'][0]['last_used_date'])
-        base_test.assertTrue(resources[0]['c7n:credential-report']['password_last_used'])
 
-        
+        passwordLastUsed=datetime.datetime.fromisoformat(str(resources[0]['c7n:credential-report']['password_last_used']))
+        time_now = datetime.datetime.fromisoformat(datetime.datetime.utcnow().replace(microsecond=0).replace(tzinfo=datetime.timezone.utc).isoformat())
+        delta = time_now - passwordLastUsed
+        base_test.assertTrue(delta.days<90)
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..8ba2a1efa
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:waf-regional:us-east-1:111111111111:webacl/e1401f68-27a8-4fef-beef-f7f523032c17",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-914-waf_regional_webacl_not_empty"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            },
+            {
+                "ResourceARN": "arn:aws:waf-regional:us-east-1:111111111111:webacl/ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-914-waf_regional_webacl_not_empty"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_1.json
new file mode 100644
index 000000000..be19b6631
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "e1401f68-27a8-4fef-beef-f7f523032c17",
+            "Name": "914_webacl_green2",
+            "MetricName": "914WebaclMetricGreen2",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [
+                {
+                    "Priority": 1,
+                    "RuleId": "17f3ffa7-06b4-4765-8b48-e5a7559e7aae",
+                    "Action": {
+                        "Type": "ALLOW"
+                    },
+                    "Type": "REGULAR"
+                }
+            ],
+            "WebACLArn": "arn:aws:waf-regional:us-east-1:111111111111:webacl/e1401f68-27a8-4fef-beef-f7f523032c17"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_2.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_2.json
new file mode 100644
index 000000000..5486ec47d
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.GetWebACL_2.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1",
+            "Name": "914_webacl_green",
+            "MetricName": "914WebaclMetricGreen",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [
+                {
+                    "Priority": 1,
+                    "RuleId": "eefeff93-e6dc-4469-983c-26c961285ded",
+                    "OverrideAction": {
+                        "Type": "NONE"
+                    },
+                    "Type": "GROUP"
+                }
+            ],
+            "WebACLArn": "arn:aws:waf-regional:us-east-1:111111111111:webacl/ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.ListWebACLs_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.ListWebACLs_1.json
new file mode 100644
index 000000000..bdbeda6d5
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-green/waf-regional.ListWebACLs_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "NextMarker": "ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1",
+        "WebACLs": [
+            {
+                "WebACLId": "e1401f68-27a8-4fef-beef-f7f523032c17",
+                "Name": "914_webacl_green2"
+            },
+            {
+                "WebACLId": "ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1",
+                "Name": "914_webacl_green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..e111639cb
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:waf-regional:us-east-1:111111111111:webacl/c43ed095-1a78-4a0e-9333-c3bdc5054736",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-914-waf_regional_webacl_not_empty"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.GetWebACL_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.GetWebACL_1.json
new file mode 100644
index 000000000..a52332694
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.GetWebACL_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACL": {
+            "WebACLId": "c43ed095-1a78-4a0e-9333-c3bdc5054736",
+            "Name": "914_webacl_red",
+            "MetricName": "914WebaclMetricRed",
+            "DefaultAction": {
+                "Type": "ALLOW"
+            },
+            "Rules": [],
+            "WebACLArn": "arn:aws:waf-regional:us-east-1:111111111111:webacl/c43ed095-1a78-4a0e-9333-c3bdc5054736"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.ListWebACLs_1.json b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.ListWebACLs_1.json
new file mode 100644
index 000000000..ffa1c1a8c
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/placebo-red/waf-regional.ListWebACLs_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "NextMarker": "ede2d4c7-aacc-4b36-bfa1-7b0f673cfff1",
+        "WebACLs": [
+            {
+                "WebACLId": "c43ed095-1a78-4a0e-9333-c3bdc5054736",
+                "Name": "914_webacl_red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-914-waf_regional_webacl_not_empty/red_policy_test.py b/tests/ecc-aws-914-waf_regional_webacl_not_empty/red_policy_test.py
new file mode 100644
index 000000000..1d0ef2501
--- /dev/null
+++ b/tests/ecc-aws-914-waf_regional_webacl_not_empty/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Rules'])
\ No newline at end of file
diff --git a/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/glue.GetJobs_1.json b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/glue.GetJobs_1.json
new file mode 100644
index 000000000..1c0d01ebe
--- /dev/null
+++ b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/glue.GetJobs_1.json
@@ -0,0 +1,50 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "964_glue_job_green",
+                "Role": "arn:aws:iam::111111111111:role/964_role_green",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 11,
+                    "minute": 44,
+                    "second": 38,
+                    "microsecond": 429000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 12,
+                    "minute": 11,
+                    "second": 58,
+                    "microsecond": 50000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-964-green/script",
+                    "PythonVersion": "2"
+                },
+                "DefaultArguments": {
+                    "--enable-auto-scaling": "true"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "WorkerType": "G.1X",
+                "NumberOfWorkers": 10,
+                "GlueVersion": "4.0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..0e254deb4
--- /dev/null
+++ b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/964_glue_job_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-964-glue_job_autoscaling_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/glue.GetJobs_1.json b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/glue.GetJobs_1.json
new file mode 100644
index 000000000..416074160
--- /dev/null
+++ b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/glue.GetJobs_1.json
@@ -0,0 +1,47 @@
+{
+    "status_code": 200,
+    "data": {
+        "Jobs": [
+            {
+                "Name": "964_glue_job_red",
+                "Role": "arn:aws:iam::111111111111:role/964_role_red",
+                "CreatedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 12,
+                    "minute": 28,
+                    "second": 17,
+                    "microsecond": 387000
+                },
+                "LastModifiedOn": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 12,
+                    "minute": 28,
+                    "second": 17,
+                    "microsecond": 387000
+                },
+                "ExecutionProperty": {
+                    "MaxConcurrentRuns": 1
+                },
+                "Command": {
+                    "Name": "glueetl",
+                    "ScriptLocation": "s3://bucket-964-red/script",
+                    "PythonVersion": "3"
+                },
+                "MaxRetries": 0,
+                "AllocatedCapacity": 10,
+                "Timeout": 2880,
+                "MaxCapacity": 10.0,
+                "WorkerType": "G.1X",
+                "NumberOfWorkers": 10,
+                "GlueVersion": "4.0"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..6a13c1068
--- /dev/null
+++ b/tests/ecc-aws-964-glue_job_autoscaling_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:glue:us-east-1:111111111111:job/964_glue_job_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-964-glue_job_autoscaling_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-964-glue_job_autoscaling_enabled/red_policy_test.py b/tests/ecc-aws-964-glue_job_autoscaling_enabled/red_policy_test.py
new file mode 100644
index 000000000..8927488a3
--- /dev/null
+++ b/tests/ecc-aws-964-glue_job_autoscaling_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('DefaultArguments."--enable-auto-scaling"', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..ee637368e
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "trail-968-green",
+                "S3BucketName": "bucket-968-green",
+                "S3KeyPrefix": "prefix_968_green",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/trail-968-green",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": true,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.GetTrailStatus_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.GetTrailStatus_1.json
new file mode 100644
index 000000000..14e299857
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/cloudtrail.GetTrailStatus_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "IsLogging": true,
+        "StartLoggingTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 6,
+            "day": 23,
+            "hour": 16,
+            "minute": 41,
+            "second": 26,
+            "microsecond": 825000
+        },
+        "LatestDeliveryAttemptTime": "",
+        "LatestNotificationAttemptTime": "",
+        "LatestNotificationAttemptSucceeded": "",
+        "LatestDeliveryAttemptSucceeded": "",
+        "TimeLoggingStarted": "2023-06-23T13:41:26Z",
+        "TimeLoggingStopped": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..cfe2f880f
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/trail-968-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-968-cloudtrail_delivery_failing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.DescribeTrails_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.DescribeTrails_1.json
new file mode 100644
index 000000000..a1cb1068f
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.DescribeTrails_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "trailList": [
+            {
+                "Name": "trail-968-red",
+                "S3BucketName": "bucket-968-red",
+                "S3KeyPrefix": "prefix_968_red",
+                "IncludeGlobalServiceEvents": false,
+                "IsMultiRegionTrail": false,
+                "HomeRegion": "us-east-1",
+                "TrailARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/trail-968-red",
+                "LogFileValidationEnabled": false,
+                "HasCustomEventSelectors": false,
+                "HasInsightSelectors": false,
+                "IsOrganizationTrail": false
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.GetTrailStatus_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.GetTrailStatus_1.json
new file mode 100644
index 000000000..101471189
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/cloudtrail.GetTrailStatus_1.json
@@ -0,0 +1,34 @@
+{
+    "status_code": 200,
+    "data": {
+        "IsLogging": true,
+        "LatestDeliveryError": "AccessDenied",
+        "LatestDeliveryTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 6,
+            "day": 23,
+            "hour": 16,
+            "minute": 22,
+            "second": 40,
+            "microsecond": 767000
+        },
+        "StartLoggingTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 6,
+            "day": 23,
+            "hour": 16,
+            "minute": 7,
+            "second": 36,
+            "microsecond": 168000
+        },
+        "LatestDeliveryAttemptTime": "2023-06-23T13:25:18Z",
+        "LatestNotificationAttemptTime": "",
+        "LatestNotificationAttemptSucceeded": "",
+        "LatestDeliveryAttemptSucceeded": "2023-06-23T13:22:40Z",
+        "TimeLoggingStarted": "2023-06-23T13:07:36Z",
+        "TimeLoggingStopped": "",
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..992fc5d87
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:cloudtrail:us-east-1:111111111111:trail/trail-968-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-968-cloudtrail_delivery_failing"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-968-cloudtrail_delivery_failing/red_policy_test.py b/tests/ecc-aws-968-cloudtrail_delivery_failing/red_policy_test.py
new file mode 100644
index 000000000..6f86817cc
--- /dev/null
+++ b/tests/ecc-aws-968-cloudtrail_delivery_failing/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn("LatestDeliveryError", resources[0]['c7n:TrailStatus'])
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.DescribeStateMachine_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.DescribeStateMachine_1.json
new file mode 100644
index 000000000..b76a7e9ab
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.DescribeStateMachine_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "stateMachineArn": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-green",
+        "name": "state-machine-969-green",
+        "status": "ACTIVE",
+        "definition": "{\n  \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n  \"StartAt\": \"HelloWorld\",\n  \"States\": {\n    \"HelloWorld\": {\n      \"Type\": \"Task\",\n      \"Resource\": \"arn:aws:lambda:us-east-1:111111111111:function:lambda-969-green\",\n      \"End\": true\n    }\n  }\n}\n",
+        "roleArn": "arn:aws:iam::111111111111:role/iam-969-sfn-green",
+        "type": "STANDARD",
+        "creationDate": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 6,
+            "day": 23,
+            "hour": 14,
+            "minute": 7,
+            "second": 0,
+            "microsecond": 794000
+        },
+        "loggingConfiguration": {
+            "level": "ERROR",
+            "includeExecutionData": true,
+            "destinations": [
+                {
+                    "cloudWatchLogsLogGroup": {
+                        "logGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:loggroup-969-red:*"
+                    }
+                }
+            ]
+        },
+        "tracingConfiguration": {
+            "enabled": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.ListStateMachines_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.ListStateMachines_1.json
new file mode 100644
index 000000000..e3fa192e9
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/states.ListStateMachines_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "stateMachines": [
+            {
+                "stateMachineArn": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-green",
+                "name": "state-machine-969-green",
+                "type": "STANDARD",
+                "creationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 14,
+                    "minute": 7,
+                    "second": 0,
+                    "microsecond": 794000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..b4d49af33
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-969-step_function_state_machine_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.DescribeStateMachine_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.DescribeStateMachine_1.json
new file mode 100644
index 000000000..7d8798cf8
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.DescribeStateMachine_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "stateMachineArn": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-red",
+        "name": "state-machine-969-red",
+        "status": "ACTIVE",
+        "definition": "{\n  \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n  \"StartAt\": \"HelloWorld\",\n  \"States\": {\n    \"HelloWorld\": {\n      \"Type\": \"Task\",\n      \"Resource\": \"arn:aws:lambda:us-east-1:111111111111:function:lambda-969-red\",\n      \"End\": true\n    }\n  }\n}\n",
+        "roleArn": "arn:aws:iam::111111111111:role/iam-969-sfn-red",
+        "type": "STANDARD",
+        "creationDate": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 6,
+            "day": 23,
+            "hour": 14,
+            "minute": 13,
+            "second": 36,
+            "microsecond": 367000
+        },
+        "loggingConfiguration": {
+            "level": "OFF",
+            "includeExecutionData": true,
+            "destinations": [
+                {
+                    "cloudWatchLogsLogGroup": {
+                        "logGroupArn": "arn:aws:logs:us-east-1:111111111111:log-group:loggroup-969-green:*"
+                    }
+                }
+            ]
+        },
+        "tracingConfiguration": {
+            "enabled": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.ListStateMachines_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.ListStateMachines_1.json
new file mode 100644
index 000000000..0e659d20a
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/states.ListStateMachines_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "stateMachines": [
+            {
+                "stateMachineArn": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-red",
+                "name": "state-machine-969-red",
+                "type": "STANDARD",
+                "creationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 23,
+                    "hour": 14,
+                    "minute": 13,
+                    "second": 36,
+                    "microsecond": 367000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..05cd0602d
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:states:us-east-1:111111111111:stateMachine:state-machine-969-red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-969-step_function_state_machine_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-969-step_function_state_machine_logging_enabled/red_policy_test.py b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..b42123046
--- /dev/null
+++ b/tests/ecc-aws-969-step_function_state_machine_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['loggingConfiguration']['level'], 'OFF')
\ No newline at end of file

From 5aa747915f1c3a37d86aee1cd989f90d36b021a3 Mon Sep 17 00:00:00 2001
From: Vladyslav Yevsiukov <Vladyslav_Yevsiukov@epam.com>
Date: Wed, 5 Jul 2023 12:38:48 +0000
Subject: [PATCH 14/15] added new rules

---
 iam/All-permissions.json                      |  10 ++
 ...80-bucket_policy_allows_https_requests.yml |  36 ++++
 .../ecc-aws-141-s3_encrypted_using_kms.yml    |  16 ++
 policies/ecc-aws-162-s3_bucket_lifecycle.yml  |  16 ++
 .../ecc-aws-163-s3_buckets_without_tags.yml   |  17 ++
 ...ucket_cross_region_replication_enabled.yml |  16 ++
 ...3_bucket_versioning_mfa_delete_enabled.yml |  20 +++
 ...ts_configured_with_block_public_access.yml |  14 ++
 .../ecc-aws-290-logging_for_s3_enabled.yml    |  15 ++
 ...cc-aws-352-rds_mariadb_logging_enabled.yml |  56 ++++++
 ...ecc-aws-421-documentdb_logging_enabled.yml |  35 ++++
 ...s_aurora_mysql_cluster_logging_enabled.yml |  48 +++++
 ...ora_postgresql_cluster_logging_enabled.yml |  33 ++++
 ...s_video_stream_without_tag_information.yml |  16 ++
 .../ecc-aws-646-appsync_logging_enabled.yml   |  16 ++
 ...ws-649-appsync_cache_encrypted_at_rest.yml |  16 ++
 ...650-appsync_cache_encrypted_in_transit.yml |  16 ++
 .../ecc-aws-651-appsync_protected_by_waf.yml  |  15 ++
 policies/ecc-aws-670-emr_imdsv1_disabled.yml  |  22 +++
 .../ecc-aws-689-bucket_not_dns_compliant.yml  |  18 ++
 .../ecc-aws-900-s3_bucket_acl_prohibited.yml  |  16 ++
 ...-901-s3_version_lifecycle_policy_check.yml |  19 ++
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  32 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/080-policy.json                       |  23 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |   4 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/encryption.tf                       |  24 +++
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  33 ++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/141-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  48 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/162-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../ecc-aws-162-s3_bucket_lifecycle/red/s3.tf |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/163-policy.json                       |  24 +++
 .../red/provider.tf                           |  13 ++
 .../red/s3.tf                                 |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  89 +++++++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/216-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |   5 +
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../iam/246-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  31 ++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  20 +++
 .../red1/s3.tf                                |   9 +
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  13 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/280-policy.json                       |  26 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  13 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  43 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/290-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  18 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/rds.tf                              |  61 +++++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/352-policy.json                       |  14 ++
 .../red/provider.tf                           |  20 +++
 .../red/rds.tf                                |  57 ++++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red1/provider.tf                          |  20 +++
 .../red1/rds.tf                               |  48 +++++
 .../red1/terraform.tfvars                     |   2 +
 .../red1/variables.tf                         |   9 +
 .../green/docdb.tf                            |  38 ++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/421-policy.json                       |  13 ++
 .../red/docdb.tf                              |  28 +++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  52 ++++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/423-policy.json                       |  13 ++
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  43 +++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  19 ++
 .../green/rds.tf                              |  48 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/424-policy.json                       |  13 ++
 .../red/provider.tf                           |  19 ++
 .../red/rds.tf                                |  43 +++++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/kinesis.tf                          |   5 +
 .../green/provider.tf                         |  20 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/614-policy.json                       |  13 ++
 .../red/kinesis.tf                            |   5 +
 .../red/provider.tf                           |  13 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/appsync.tf                          |  34 ++++
 .../green/provider.tf                         |  20 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/646-policy.json                       |  14 ++
 .../red/appsync.tf                            |  29 +++
 .../red/provider.tf                           |  20 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/appsync.tf                          |  12 ++
 .../green/provider.tf                         |  20 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green1/appsync.tf                         |   4 +
 .../green1/provider.tf                        |  20 +++
 .../green1/terraform.tfvars                   |   2 +
 .../green1/variables.tf                       |   9 +
 .../iam/649-policy.json                       |  15 ++
 .../red/appsync.tf                            |  11 ++
 .../red/provider.tf                           |  20 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/appsync.tf                          |  12 ++
 .../green/provider.tf                         |  20 +++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/650-policy.json                       |  15 ++
 .../red/appsync.tf                            |  11 ++
 .../red/provider.tf                           |  20 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/appsync.tf                          |  24 +++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/651-policy.json                       |  14 ++
 .../red/appsync.tf                            |   4 +
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/emr.tf                              |  44 +++++
 .../green/iam.tf                              |  52 ++++++
 .../green/provider.tf                         |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../green/vpc.tf                              |  49 +++++
 .../iam/670-policy.json                       |  14 ++
 .../red/emr.tf                                |  44 +++++
 .../red/iam.tf                                |  52 ++++++
 .../red/provider.tf                           |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../red/vpc.tf                                |  49 +++++
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  17 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/689-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  17 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  19 ++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/900-policy.json                       |  25 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  28 +++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../green/provider.tf                         |  20 +++
 .../green/s3.tf                               |  42 +++++
 .../green/terraform.tfvars                    |   2 +
 .../green/variables.tf                        |   9 +
 .../iam/901-policy.json                       |  24 +++
 .../red/provider.tf                           |  20 +++
 .../red/s3.tf                                 |  19 ++
 .../red/terraform.tfvars                      |   2 +
 .../red/variables.tf                          |   9 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |   7 +
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  17 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  18 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  11 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  20 +++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   9 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../s3.GetPublicAccessBlock_1.json            |  12 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../s3.GetPublicAccessBlock_1.json            |  12 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   9 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |  10 ++
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../rds.DescribeDBInstances_1.json            | 169 ++++++++++++++++++
 .../rds.DescribeDBParameters_1.json           |  41 +++++
 .../rds.DescribeOptionGroups_1.json           |  40 +++++
 .../rds.DescribeDBInstances_1.json            | 168 +++++++++++++++++
 .../rds.DescribeDBParameters_1.json           |  41 +++++
 .../rds.DescribeOptionGroups_1.json           |  40 +++++
 .../red_policy_test.py                        |  29 +++
 .../rds.DescribeDBClusterParameters_1.json    |  36 ++++
 .../rds.DescribeDBClusters_1.json             | 104 +++++++++++
 .../rds.DescribeDBClusterParameters_1.json    |  38 ++++
 .../placebo-red/rds.DescribeDBClusters_1.json | 103 +++++++++++
 .../red_policy_test.py                        |  23 +++
 .../rds.DescribeDBClusterParameters_1.json    |  52 ++++++
 .../rds.DescribeDBClusters_1.json             | 107 +++++++++++
 .../rds.DescribeDBClusterParameters_1.json    |  51 ++++++
 .../placebo-red/rds.DescribeDBClusters_1.json | 105 +++++++++++
 .../red_policy_test.py                        |  27 +++
 .../rds.DescribeDBClusterParameters_1.json    |  36 ++++
 .../rds.DescribeDBClusters_1.json             | 104 +++++++++++
 .../rds.DescribeDBClusterParameters_1.json    |  35 ++++
 .../placebo-red/rds.DescribeDBClusters_1.json | 104 +++++++++++
 .../red_policy_test.py                        |  27 +++
 .../kinesisvideo.ListStreams_1.json           |  27 +++
 .../placebo-green/tagging.GetResources_1.json |  22 +++
 .../kinesisvideo.ListStreams_1.json           |  27 +++
 .../placebo-red/tagging.GetResources_1.json   |  13 ++
 .../red_policy_test.py                        |   5 +
 .../appsync.ListGraphqlApis_1.json            |  33 ++++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/appsync.GetApiCache_1.json  |  14 ++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../placebo-red/appsync.GetApiCache_1.json    |  14 ++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../red_policy_test.py                        |   6 +
 .../placebo-green/appsync.GetApiCache_1.json  |  14 ++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../placebo-red/appsync.GetApiCache_1.json    |  14 ++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../red_policy_test.py                        |   6 +
 .../appsync.ListGraphqlApis_1.json            |  29 +++
 .../placebo-green/wafv2.ListWebACLs_1.json    |  16 ++
 .../appsync.ListGraphqlApis_1.json            |  28 +++
 .../placebo-red/wafv2.ListWebACLs_1.json      |   7 +
 .../red_policy_test.py                        |   5 +
 .../elasticmapreduce.DescribeCluster_1.json   |  89 +++++++++
 ...educe.DescribeSecurityConfiguration_1.json |  18 ++
 .../elasticmapreduce.ListClusters_1.json      |  42 +++++
 ...apreduce.ListSecurityConfigurations_1.json |  21 +++
 .../elasticmapreduce.DescribeCluster_1.json   |  89 +++++++++
 ...educe.DescribeSecurityConfiguration_1.json |  18 ++
 .../elasticmapreduce.ListClusters_1.json      |  42 +++++
 ...apreduce.ListSecurityConfigurations_1.json |  21 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   5 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../s3.GetBucketOwnershipControls_1.json      |  13 ++
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   6 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  25 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../s3.GetBucketOwnershipControls_1.json      |  13 ++
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   6 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |   7 +
 .../placebo-green/s3.GetBucketAcl_1.json      |  20 +++
 .../s3.GetBucketEncryption_1.json             |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  28 +++
 .../placebo-green/s3.GetBucketLocation_1.json |   6 +
 .../placebo-green/s3.GetBucketLogging_1.json  |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-green/s3.GetBucketPolicy_1.json   |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-green/s3.GetBucketTagging_1.json  |  16 ++
 .../s3.GetBucketVersioning_1.json             |   7 +
 .../placebo-green/s3.GetBucketWebsite_1.json  |  11 ++
 .../placebo-green/s3.ListBuckets_1.json       |  25 +++
 .../placebo-red/s3.GetBucketAcl_1.json        |  20 +++
 .../placebo-red/s3.GetBucketEncryption_1.json |  16 ++
 .../s3.GetBucketLifecycleConfiguration_1.json |  11 ++
 .../placebo-red/s3.GetBucketLocation_1.json   |   6 +
 .../placebo-red/s3.GetBucketLogging_1.json    |   6 +
 ....GetBucketNotificationConfiguration_1.json |   6 +
 .../placebo-red/s3.GetBucketPolicy_1.json     |  11 ++
 .../s3.GetBucketReplication_1.json            |  11 ++
 .../placebo-red/s3.GetBucketTagging_1.json    |  16 ++
 .../placebo-red/s3.GetBucketVersioning_1.json |   7 +
 .../placebo-red/s3.GetBucketWebsite_1.json    |  11 ++
 .../placebo-red/s3.ListBuckets_1.json         |  25 +++
 .../red_policy_test.py                        |  13 ++
 555 files changed, 9228 insertions(+)
 create mode 100644 policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
 create mode 100644 policies/ecc-aws-141-s3_encrypted_using_kms.yml
 create mode 100644 policies/ecc-aws-162-s3_bucket_lifecycle.yml
 create mode 100644 policies/ecc-aws-163-s3_buckets_without_tags.yml
 create mode 100644 policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
 create mode 100644 policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
 create mode 100644 policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
 create mode 100644 policies/ecc-aws-290-logging_for_s3_enabled.yml
 create mode 100644 policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
 create mode 100644 policies/ecc-aws-421-documentdb_logging_enabled.yml
 create mode 100644 policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
 create mode 100644 policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
 create mode 100644 policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
 create mode 100644 policies/ecc-aws-646-appsync_logging_enabled.yml
 create mode 100644 policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
 create mode 100644 policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
 create mode 100644 policies/ecc-aws-651-appsync_protected_by_waf.yml
 create mode 100644 policies/ecc-aws-670-emr_imdsv1_disabled.yml
 create mode 100644 policies/ecc-aws-689-bucket_not_dns_compliant.yml
 create mode 100644 policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
 create mode 100644 policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/provider.tf
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/s3.tf
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/variables.tf
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/iam/080-policy.json
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/provider.tf
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/s3.tf
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/variables.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/green/encryption.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/green/provider.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/green/s3.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/green/variables.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/iam/141-policy.json
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/red/provider.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/red/s3.tf
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-141-s3_encrypted_using_kms/red/variables.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/green/provider.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/green/s3.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/green/variables.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/iam/162-policy.json
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/red/provider.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/red/s3.tf
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-162-s3_bucket_lifecycle/red/variables.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/green/provider.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/green/s3.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/green/variables.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/iam/163-policy.json
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/red/provider.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/red/s3.tf
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-163-s3_buckets_without_tags/red/variables.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/iam/216-policy.json
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/iam/246-policy.json
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/provider.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/s3.tf
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/variables.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/provider.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/s3.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/variables.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/iam/280-policy.json
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/provider.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/s3.tf
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/variables.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/green/s3.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/iam/290-policy.json
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/red/s3.tf
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-290-logging_for_s3_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/iam/352-policy.json
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/provider.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/rds.tf
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/variables.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/green/docdb.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/iam/421-policy.json
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/red/docdb.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-421-documentdb_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/iam/423-policy.json
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/rds.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/iam/424-policy.json
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/rds.tf
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/kinesis.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/provider.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/variables.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/iam/614-policy.json
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/kinesis.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/provider.tf
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/variables.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/green/appsync.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/iam/646-policy.json
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/red/appsync.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-646-appsync_logging_enabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/appsync.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/provider.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/variables.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/appsync.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/provider.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/terraform.tfvars
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/variables.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/iam/649-policy.json
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/appsync.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/provider.tf
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/variables.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/appsync.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/provider.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/variables.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/iam/650-policy.json
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/appsync.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/provider.tf
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/variables.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/green/appsync.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/green/provider.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/green/variables.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/iam/651-policy.json
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/red/appsync.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/red/provider.tf
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-651-appsync_protected_by_waf/red/variables.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/emr.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/iam.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/provider.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/variables.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/green/vpc.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/iam/670-policy.json
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/emr.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/iam.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/provider.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/variables.tf
 create mode 100644 terraform/ecc-aws-670-emr_imdsv1_disabled/red/vpc.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/green/provider.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/green/s3.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/green/variables.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/iam/689-policy.json
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/red/provider.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/red/s3.tf
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-689-bucket_not_dns_compliant/red/variables.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/provider.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/s3.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/variables.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/iam/900-policy.json
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/provider.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/s3.tf
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/variables.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/provider.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/s3.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/terraform.tfvars
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/variables.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/iam/901-policy.json
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/provider.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/s3.tf
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/terraform.tfvars
 create mode 100644 terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/variables.tf
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-080-bucket_policy_allows_https_requests/red_policy_test.py
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-141-s3_encrypted_using_kms/red_policy_test.py
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-162-s3_bucket_lifecycle/red_policy_test.py
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-163-s3_buckets_without_tags/red_policy_test.py
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetPublicAccessBlock_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetPublicAccessBlock_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/red_policy_test.py
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-290-logging_for_s3_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeOptionGroups_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeOptionGroups_1.json
 create mode 100644 tests/ecc-aws-352-rds_mariadb_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-421-documentdb_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
 create mode 100644 tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
 create mode 100644 tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/kinesisvideo.ListStreams_1.json
 create mode 100644 tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/kinesisvideo.ListStreams_1.json
 create mode 100644 tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-614-kinesis_video_stream_without_tag_information/red_policy_test.py
 create mode 100644 tests/ecc-aws-646-appsync_logging_enabled/placebo-green/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-646-appsync_logging_enabled/placebo-red/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-646-appsync_logging_enabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.GetApiCache_1.json
 create mode 100644 tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.GetApiCache_1.json
 create mode 100644 tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-649-appsync_cache_encrypted_at_rest/red_policy_test.py
 create mode 100644 tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.GetApiCache_1.json
 create mode 100644 tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.GetApiCache_1.json
 create mode 100644 tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-650-appsync_cache_encrypted_in_transit/red_policy_test.py
 create mode 100644 tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/wafv2.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/appsync.ListGraphqlApis_1.json
 create mode 100644 tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/wafv2.ListWebACLs_1.json
 create mode 100644 tests/ecc-aws-651-appsync_protected_by_waf/red_policy_test.py
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeSecurityConfiguration_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeSecurityConfiguration_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListClusters_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListSecurityConfigurations_1.json
 create mode 100644 tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-689-bucket_not_dns_compliant/red_policy_test.py
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketOwnershipControls_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketOwnershipControls_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-900-s3_bucket_acl_prohibited/red_policy_test.py
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketAcl_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketEncryption_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLocation_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLogging_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketNotificationConfiguration_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketPolicy_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketReplication_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketTagging_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketVersioning_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketWebsite_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.ListBuckets_1.json
 create mode 100644 tests/ecc-aws-901-s3_version_lifecycle_policy_check/red_policy_test.py

diff --git a/iam/All-permissions.json b/iam/All-permissions.json
index fcf35dd1e..a9622fae7 100644
--- a/iam/All-permissions.json
+++ b/iam/All-permissions.json
@@ -12,6 +12,9 @@
                 "apigateway:GET",
                 "appflow:DescribeFlow",
                 "appflow:ListFlows",
+                "appsync:ListGraphqlApis",
+                "appsync:GetGraphqlApi",
+                "appsync:GetApiCache",
                 "autoscaling:DescribeAutoScalingGroups",
                 "autoscaling:DescribeLaunchConfigurations",
                 "backup:GetBackupPlan",
@@ -105,6 +108,7 @@
                 "elasticloadbalancing:DescribeTargetHealth",
                 "elasticmapreduce:DescribeCluster",
                 "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeSecurityConfiguration",
                 "es:DescribeDomains",
                 "es:DescribeElasticsearchDomain",
                 "es:DescribeElasticsearchDomainConfig",
@@ -144,6 +148,7 @@
                 "kafka:ListClusters",
                 "kinesis:DescribeStream",
                 "kinesis:ListStreams",
+                "kinesisvideo:ListStreams",
                 "kms:DescribeKey",
                 "kms:GetKeyRotationStatus",
                 "kms:ListAliases",
@@ -162,8 +167,10 @@
                 "rds:DescribeDBClusters",
                 "rds:DescribeDBInstances",
                 "rds:DescribeDBParameters",
+                "rds:DescribeOptionGroups",
                 "rds:DescribeDBSnapshotAttributes",
                 "rds:DescribeDBSnapshots",
+                "rds:DescribeDBClusterParameters",
                 "redshift:DescribeClusterParameters",
                 "redshift:DescribeClusters",
                 "redshift:DescribeLoggingStatus",
@@ -184,6 +191,9 @@
                 "s3:GetLifecycleConfiguration",
                 "s3:GetReplicationConfiguration",
                 "s3:ListAllMyBuckets",
+                "s3:GetBucketLifecycle",
+                "s3:GetEncryptionConfiguration",
+                "s3:GetBucketPublicAccessBlock",
                 "sagemaker:DescribeEndpointConfig",
                 "sagemaker:DescribeModel",
                 "sagemaker:DescribeNotebookInstance",
diff --git a/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml b/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
new file mode 100644
index 000000000..28e13c6f3
--- /dev/null
+++ b/policies/ecc-aws-080-bucket_policy_allows_https_requests.yml
@@ -0,0 +1,36 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-080-bucket_policy_allows_https_requests
+    resource: aws.s3
+    description: |
+      S3 Bucket Policy allows HTTP requests
+    filters:
+      - not:
+          - or:
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: 's3:*'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: '*'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
+              - type: has-statement
+                statements:
+                  - Effect: Deny
+                    Action: 's3:GetObject'
+                    Condition:
+                      Bool:
+                        "aws:SecureTransport": "false"
\ No newline at end of file
diff --git a/policies/ecc-aws-141-s3_encrypted_using_kms.yml b/policies/ecc-aws-141-s3_encrypted_using_kms.yml
new file mode 100644
index 000000000..7ec8ea104
--- /dev/null
+++ b/policies/ecc-aws-141-s3_encrypted_using_kms.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-141-s3_encrypted_using_kms
+    description: |
+      S3 is not using a KMS key for encryption
+    resource: s3
+    filters:
+      - type: bucket-encryption
+        state: false
+        crypto: aws:kms
diff --git a/policies/ecc-aws-162-s3_bucket_lifecycle.yml b/policies/ecc-aws-162-s3_bucket_lifecycle.yml
new file mode 100644
index 000000000..427168edc
--- /dev/null
+++ b/policies/ecc-aws-162-s3_bucket_lifecycle.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-162-s3_bucket_lifecycle
+    description: |
+      S3 Bucket life cycle is not configured
+    resource: s3
+    filters:
+      - type: value
+        key: Lifecycle
+        value: null
diff --git a/policies/ecc-aws-163-s3_buckets_without_tags.yml b/policies/ecc-aws-163-s3_buckets_without_tags.yml
new file mode 100644
index 000000000..60311c395
--- /dev/null
+++ b/policies/ecc-aws-163-s3_buckets_without_tags.yml
@@ -0,0 +1,17 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-163-s3_buckets_without_tags
+    description: |
+      S3 Buckets without tags 
+    resource: s3
+    filters:
+      - not:
+          - type: value
+            key: Tags[0]
+            value: present
diff --git a/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml b/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
new file mode 100644
index 000000000..3c16522df
--- /dev/null
+++ b/policies/ecc-aws-216-s3_bucket_cross_region_replication_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-216-s3_bucket_cross_region_replication_enabled
+    description: |
+      S3 bucket cross-region replication is disabled
+    resource: s3
+    filters:
+      - type: value
+        key: Replication
+        value: null
diff --git a/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml b/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
new file mode 100644
index 000000000..dd80cb546
--- /dev/null
+++ b/policies/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled.yml
@@ -0,0 +1,20 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled
+    description: |
+      S3 bucket versioning MFA delete is disabled
+    resource: s3
+    filters:
+      - or:
+          - type: value
+            key: Versioning.MFADelete
+            value: Disabled
+          - type: value
+            key: Versioning.MFADelete
+            value: absent
\ No newline at end of file
diff --git a/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml b/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
new file mode 100644
index 000000000..314ae93b7
--- /dev/null
+++ b/policies/ecc-aws-280-s3_buckets_configured_with_block_public_access.yml
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-280-s3_buckets_configured_with_block_public_access
+    resource: aws.s3
+    description: |
+      S3 Buckets are not configured with 'Block public access' bucket settings
+    filters:
+      - type: check-public-block
\ No newline at end of file
diff --git a/policies/ecc-aws-290-logging_for_s3_enabled.yml b/policies/ecc-aws-290-logging_for_s3_enabled.yml
new file mode 100644
index 000000000..67506e238
--- /dev/null
+++ b/policies/ecc-aws-290-logging_for_s3_enabled.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-290-logging_for_s3_enabled
+    description: |
+      Logging for S3 bucket is disabled
+    resource: s3
+    filters:
+      - type: bucket-logging
+        op: disabled
\ No newline at end of file
diff --git a/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml b/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
new file mode 100644
index 000000000..31e4b323e
--- /dev/null
+++ b/policies/ecc-aws-352-rds_mariadb_logging_enabled.yml
@@ -0,0 +1,56 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-352-rds_mariadb_logging_enabled
+    resource: aws.rds
+    description: |
+      MariaDB database logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: mariadb
+          - or:
+              - not:
+                  - type: db-option-groups
+                    key: length(Options[].OptionSettings[?Name == 'SERVER_AUDIT_EVENTS' && Value == `CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL`].Value[])
+                    op: eq
+                    value: 1
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-parameter
+                    key: general_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: slow_query_log
+                    op: eq
+                    value: 1
+                  - type: db-parameter
+                    key: log_output
+                    op: eq
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-421-documentdb_logging_enabled.yml b/policies/ecc-aws-421-documentdb_logging_enabled.yml
new file mode 100644
index 000000000..e82911e32
--- /dev/null
+++ b/policies/ecc-aws-421-documentdb_logging_enabled.yml
@@ -0,0 +1,35 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-421-documentdb_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      DocumentDB logging is not enabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: 'docdb'
+          - not:
+              - and:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: profiler
+                  - type: db-cluster-parameter
+                    key: audit_logs
+                    value: enabled
+                  - type: db-cluster-parameter
+                    key: profiler
+                    value: enabled
\ No newline at end of file
diff --git a/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml b/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
new file mode 100644
index 000000000..f9b2f793f
--- /dev/null
+++ b/policies/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled.yml
@@ -0,0 +1,48 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      Aurora-MySQL cluster logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-mysql
+          - not:
+              - and:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: audit
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: error
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: general
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: slowquery
+                  - type: db-cluster-parameter
+                    key: general_log
+                    value: 1
+                  - type: db-cluster-parameter
+                    key: slow_query_log
+                    value: 1
+                  - type: db-cluster-parameter
+                    key: log_output
+                    value: FILE
\ No newline at end of file
diff --git a/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml b/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
new file mode 100644
index 000000000..d407d456b
--- /dev/null
+++ b/policies/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled
+    resource: aws.rds-cluster
+    description: |
+      Aurora-PostgreSQL cluster logging is disabled
+    filters:
+      - and:
+          - type: value
+            key: Engine
+            value: aurora-postgresql
+          - or:
+              - type: db-cluster-parameter
+                key: log_min_duration_statement
+                value: absent
+              - type: db-cluster-parameter
+                key: log_min_duration_statement
+                value: -1
+              - not:
+                  - type: value
+                    key: EnabledCloudwatchLogsExports
+                    op: in
+                    value_type: swap
+                    value: postgresql
+                  - type: db-cluster-parameter
+                    key: log_statement
+                    value: all
\ No newline at end of file
diff --git a/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml b/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
new file mode 100644
index 000000000..5e295d75e
--- /dev/null
+++ b/policies/ecc-aws-614-kinesis_video_stream_without_tag_information.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-614-kinesis_video_stream_without_tag_information
+    description: |
+      Amazon Kinesis video stream without tag information
+    resource: kinesis-video
+    filters:
+      - type: value
+        key: Tags
+        value: empty
\ No newline at end of file
diff --git a/policies/ecc-aws-646-appsync_logging_enabled.yml b/policies/ecc-aws-646-appsync_logging_enabled.yml
new file mode 100644
index 000000000..ad3900c31
--- /dev/null
+++ b/policies/ecc-aws-646-appsync_logging_enabled.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-646-appsync_logging_enabled
+    description: |
+      Appsync logging disabled
+    resource: aws.graphql-api
+    filters:
+      - type: value
+        key: logConfig
+        value: absent
diff --git a/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml b/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
new file mode 100644
index 000000000..0706da186
--- /dev/null
+++ b/policies/ecc-aws-649-appsync_cache_encrypted_at_rest.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-649-appsync_cache_encrypted_at_rest
+    description: |
+      Appsync cache is not encrypted at rest
+    resource: aws.graphql-api
+    filters:
+     - type: api-cache
+       key: 'atRestEncryptionEnabled'
+       value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml b/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
new file mode 100644
index 000000000..799881243
--- /dev/null
+++ b/policies/ecc-aws-650-appsync_cache_encrypted_in_transit.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-650-appsync_cache_encrypted_in_transit
+    description: |
+      Appsync cache is not encrypted in transit
+    resource: aws.graphql-api
+    filters:
+     - type: api-cache
+       key: 'transitEncryptionEnabled'
+       value: false
\ No newline at end of file
diff --git a/policies/ecc-aws-651-appsync_protected_by_waf.yml b/policies/ecc-aws-651-appsync_protected_by_waf.yml
new file mode 100644
index 000000000..d79b0187d
--- /dev/null
+++ b/policies/ecc-aws-651-appsync_protected_by_waf.yml
@@ -0,0 +1,15 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-651-appsync_protected_by_waf
+    description: |
+      Appsync is not protected by WAF
+    resource: graphql-api
+    filters:
+      - type: wafv2-enabled
+        state: false
\ No newline at end of file
diff --git a/policies/ecc-aws-670-emr_imdsv1_disabled.yml b/policies/ecc-aws-670-emr_imdsv1_disabled.yml
new file mode 100644
index 000000000..e6aedff35
--- /dev/null
+++ b/policies/ecc-aws-670-emr_imdsv1_disabled.yml
@@ -0,0 +1,22 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-670-emr_imdsv1_disabled
+    description: |
+      EMR clusters imdsv1 enabled
+    resource: aws.emr
+    filters:
+      - type: value
+        key: Status.State
+        op: in
+        value: [RUNNING, WAITING]
+      - not:
+          - type: security-configuration
+            key: InstanceMetadataServiceConfiguration.MinimumInstanceMetadataServiceVersion
+            op: eq
+            value: 2
diff --git a/policies/ecc-aws-689-bucket_not_dns_compliant.yml b/policies/ecc-aws-689-bucket_not_dns_compliant.yml
new file mode 100644
index 000000000..ecbbf6f37
--- /dev/null
+++ b/policies/ecc-aws-689-bucket_not_dns_compliant.yml
@@ -0,0 +1,18 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-689-bucket_not_dns_compliant
+    description: |
+      S3 bucket is not DNS compliant
+    resource: s3
+    filters:
+      - not:
+          - type: value
+            key: Name
+            op: regex
+            value: '^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$'
diff --git a/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml b/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
new file mode 100644
index 000000000..defc60f9c
--- /dev/null
+++ b/policies/ecc-aws-900-s3_bucket_acl_prohibited.yml
@@ -0,0 +1,16 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-900-s3_bucket_acl_prohibited
+    description: |
+      S3 access control lists (ACLs) are used to manage user access to buckets
+    resource: aws.s3
+    filters:
+    - not:
+      - type: ownership
+        value: BucketOwnerEnforced
diff --git a/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml b/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
new file mode 100644
index 000000000..eeec8ad84
--- /dev/null
+++ b/policies/ecc-aws-901-s3_version_lifecycle_policy_check.yml
@@ -0,0 +1,19 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-901-s3_version_lifecycle_policy_check
+    description: |
+      S3 buckets with versioning enabled do not have lifecycle policies configured
+    resource: aws.s3
+    filters:
+      - type: value
+        key: Versioning.Status
+        value: Enabled
+      - type: value
+        key: Lifecycle
+        value: null
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/provider.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/provider.tf
new file mode 100644
index 000000000..f28924692
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-080-bucket_policy_allows_https_requests"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/s3.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/s3.tf
new file mode 100644
index 000000000..841eba4a4
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/s3.tf
@@ -0,0 +1,32 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "080-bucket-green"
+  force_destroy = true
+
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Deny"
+
+    principals {
+      type        = "*"
+      identifiers = ["*"]
+    }
+
+    actions   = ["s3:*"]
+    resources = ["arn:aws:s3:::080-bucket-green/*"]
+    condition {
+      test     = "Bool"
+      variable = "aws:SecureTransport"
+
+      values = [
+        "false"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/terraform.tfvars b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/variables.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/iam/080-policy.json b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/iam/080-policy.json
new file mode 100644
index 000000000..8a94428b5
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/iam/080-policy.json
@@ -0,0 +1,23 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/provider.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/provider.tf
new file mode 100644
index 000000000..7fdc48149
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-080-bucket_policy_allows_https_requests"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/s3.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/s3.tf
new file mode 100644
index 000000000..60320e8eb
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/s3.tf
@@ -0,0 +1,4 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "080-bucket-red"
+  force_destroy = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/terraform.tfvars b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/variables.tf b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-080-bucket_policy_allows_https_requests/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/green/encryption.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/encryption.tf
new file mode 100644
index 000000000..0014738bc
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/encryption.tf
@@ -0,0 +1,24 @@
+resource "aws_kms_key" "this" {
+  description             = "Key to encrypt and decrypt secret parameters"
+  key_usage               = "ENCRYPT_DECRYPT"
+  policy                  = data.aws_iam_policy_document.this.json
+  deletion_window_in_days = 7
+  is_enabled              = true
+  enable_key_rotation     = true
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/k-141"
+  target_key_id = "${aws_kms_key.this.key_id}"
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+
+  rule {
+    apply_server_side_encryption_by_default {
+       kms_master_key_id = "${aws_kms_key.this.arn}"
+       sse_algorithm     = "aws:kms"
+      }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/green/provider.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/provider.tf
new file mode 100644
index 000000000..8e373c5a5
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-141-s3_encrypted_using_kms"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/green/s3.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/s3.tf
new file mode 100644
index 000000000..48f67314a
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/s3.tf
@@ -0,0 +1,33 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "141-bucket-green"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+data "aws_caller_identity" "this" {}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"]
+    }
+
+    actions   = ["kms:*"]
+    resources = ["*"] 
+  }
+}
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/green/terraform.tfvars b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/green/variables.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/iam/141-policy.json b/terraform/ecc-aws-141-s3_encrypted_using_kms/iam/141-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/iam/141-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/red/provider.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/provider.tf
new file mode 100644
index 000000000..a0bea1be6
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-141-s3_encrypted_using_kms"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/red/s3.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/s3.tf
new file mode 100644
index 000000000..48b483f91
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/s3.tf
@@ -0,0 +1,17 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "141-bucket-red"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/red/terraform.tfvars b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-141-s3_encrypted_using_kms/red/variables.tf b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-141-s3_encrypted_using_kms/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/green/provider.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/provider.tf
new file mode 100644
index 000000000..a897628cc
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-162-s3_bucket_lifecycle"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/green/s3.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/s3.tf
new file mode 100644
index 000000000..31ae037de
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/s3.tf
@@ -0,0 +1,48 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "162-bucket-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "this" {
+  bucket = aws_s3_bucket.this.bucket
+  
+  rule {
+    id = "log"
+
+    expiration {
+      days = 90
+    }
+
+    filter {
+      and {
+        prefix = "log/"
+		
+		tags = {
+          CustodianRule    = "ecc-aws-162-s3_bucket_lifecycle"
+          ComplianceStatus = "Green"
+        }
+      }
+    }
+
+    status = "Enabled"
+
+    transition {
+      days          = 60
+      storage_class = "GLACIER"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/green/terraform.tfvars b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/green/variables.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/iam/162-policy.json b/terraform/ecc-aws-162-s3_bucket_lifecycle/iam/162-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/iam/162-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/red/provider.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/provider.tf
new file mode 100644
index 000000000..20cfdb5ee
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-162-s3_bucket_lifecycle"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/red/s3.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/s3.tf
new file mode 100644
index 000000000..edb5135ca
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/s3.tf
@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "this" {
+  bucket        = "162-bucket-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/red/terraform.tfvars b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-162-s3_bucket_lifecycle/red/variables.tf b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-162-s3_bucket_lifecycle/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/green/provider.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/green/provider.tf
new file mode 100644
index 000000000..66b7fc433
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule = "ecc-aws-163-s3_buckets_without_tags"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/green/s3.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/green/s3.tf
new file mode 100644
index 000000000..466fe39eb
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/green/s3.tf
@@ -0,0 +1,17 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "163-bucket-green"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/green/terraform.tfvars b/terraform/ecc-aws-163-s3_buckets_without_tags/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/green/variables.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/iam/163-policy.json b/terraform/ecc-aws-163-s3_buckets_without_tags/iam/163-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/iam/163-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/red/provider.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/red/provider.tf
new file mode 100644
index 000000000..b48e90293
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/red/s3.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/red/s3.tf
new file mode 100644
index 000000000..171ef2534
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/red/s3.tf
@@ -0,0 +1,17 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "163-bucket-red"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/red/terraform.tfvars b/terraform/ecc-aws-163-s3_buckets_without_tags/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-163-s3_buckets_without_tags/red/variables.tf b/terraform/ecc-aws-163-s3_buckets_without_tags/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-163-s3_buckets_without_tags/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/provider.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/provider.tf
new file mode 100644
index 000000000..1b586c6a4
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-216-s3_bucket_cross_region_replication_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/s3.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/s3.tf
new file mode 100644
index 000000000..ec5f6939f
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/s3.tf
@@ -0,0 +1,89 @@
+resource "aws_s3_bucket" "bucket1" {
+  bucket        = "bucket1-216-green"
+  force_destroy = true
+}
+
+resource "aws_s3_bucket_versioning" "bucket1" {
+  bucket = aws_s3_bucket.bucket1.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_replication_configuration" "bucket1" {
+  depends_on = [aws_s3_bucket_versioning.bucket1]
+
+  role   = aws_iam_role.this.arn
+  bucket = aws_s3_bucket.bucket1.id
+
+  rule {
+    status = "Enabled"
+
+    destination {
+      bucket        = aws_s3_bucket.bucket2.arn
+      storage_class = "STANDARD"
+    }
+  }
+}
+
+resource "aws_s3_bucket" "bucket2" {
+  bucket        = "bucket2-216-green"
+  force_destroy = true
+} 
+
+resource "aws_s3_bucket_versioning" "bucket2" {
+  bucket = aws_s3_bucket.bucket2.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_iam_role" "this" {
+  name = "216_role_green"
+
+  assume_role_policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "s3.amazonaws.com"
+      },
+      "Effect": "Allow"
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_policy" "this" {
+  name = "216_policy_green"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:GetReplicationConfiguration",
+        "s3:ListBucket",
+        "s3:ReplicateObject",
+        "s3:ReplicateDelete",
+        "s3:GetObjectVersion",
+        "s3:GetObjectVersionAcl"        
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "*"
+      ]
+    }
+  ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.this.arn
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/terraform.tfvars b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/variables.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/iam/216-policy.json b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/iam/216-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/iam/216-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/provider.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/provider.tf
new file mode 100644
index 000000000..10be8c453
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-216-s3_bucket_cross_region_replication_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/s3.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/s3.tf
new file mode 100644
index 000000000..43e9f5201
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/s3.tf
@@ -0,0 +1,5 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-216-red"
+  force_destroy = true
+}
+
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/terraform.tfvars b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/variables.tf b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/iam/246-policy.json b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/iam/246-policy.json
new file mode 100644
index 000000000..6e7e5f886
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/iam/246-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/provider.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/provider.tf
new file mode 100644
index 000000000..77dcfbd8c
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/s3.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/s3.tf
new file mode 100644
index 000000000..60974c681
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/s3.tf
@@ -0,0 +1,31 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-246-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Suspended"
+    mfa_delete = "Disabled"
+  }
+}
+
+resource "aws_s3_bucket_policy" "this" {
+  bucket = aws_s3_bucket.this.id
+  policy = data.aws_iam_policy_document.this.json
+}
+
+data "aws_iam_policy_document" "this" {
+
+	statement {
+      effect = "Allow"
+	  
+      principals {
+	    type        = "AWS"
+        identifiers = ["*"]
+        }
+      actions = ["*"]
+      resources = ["arn:aws:s3:::bucket-246-red/*"]
+	}
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/terraform.tfvars b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/variables.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/provider.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/provider.tf
new file mode 100644
index 000000000..5dd0db4f4
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/s3.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/s3.tf
new file mode 100644
index 000000000..70bddfb8b
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/s3.tf
@@ -0,0 +1,9 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-246-red1"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/terraform.tfvars b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/variables.tf b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/provider.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/provider.tf
new file mode 100644
index 000000000..1020afc7d
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-280-s3_buckets_configured_with_block_public_access"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/s3.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/s3.tf
new file mode 100644
index 000000000..b5df594cb
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/s3.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-280-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/terraform.tfvars b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/variables.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/iam/280-policy.json b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/iam/280-policy.json
new file mode 100644
index 000000000..3956f7127
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/iam/280-policy.json
@@ -0,0 +1,26 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetBucketPublicAccessBlock",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+                
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/provider.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/provider.tf
new file mode 100644
index 000000000..7daa8b90e
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-280-s3_buckets_configured_with_block_public_access"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/s3.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/s3.tf
new file mode 100644
index 000000000..9e790620a
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/s3.tf
@@ -0,0 +1,13 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-280-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = false
+  ignore_public_acls      = false
+  restrict_public_buckets = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/terraform.tfvars b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/variables.tf b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-280-s3_buckets_configured_with_block_public_access/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/green/provider.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/green/provider.tf
new file mode 100644
index 000000000..d885a6046
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-290-logging_for_s3_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/green/s3.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/green/s3.tf
new file mode 100644
index 000000000..b78707b6d
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/green/s3.tf
@@ -0,0 +1,43 @@
+resource "aws_s3_bucket" "log_bucket" {
+  bucket = "log-bucket-290-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_ownership_controls" "log_bucket" {
+  bucket = aws_s3_bucket.log_bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "log_bucket" {
+  depends_on = [aws_s3_bucket_ownership_controls.log_bucket]
+
+  bucket = aws_s3_bucket.bucket.id
+  acl    = "log-delivery-write"
+}
+
+resource "aws_s3_bucket" "bucket" {
+  bucket = "bucket-290-green"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_logging" "bucket" {
+  bucket        = aws_s3_bucket.bucket.id
+  target_bucket = aws_s3_bucket.log_bucket.id
+  target_prefix = "log/"
+}
+
+resource "aws_s3_bucket_ownership_controls" "bucket" {
+  bucket = aws_s3_bucket.bucket.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "bucket" {
+  depends_on = [aws_s3_bucket_ownership_controls.bucket]
+
+  bucket = aws_s3_bucket.bucket.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/green/terraform.tfvars b/terraform/ecc-aws-290-logging_for_s3_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/green/variables.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/iam/290-policy.json b/terraform/ecc-aws-290-logging_for_s3_enabled/iam/290-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/iam/290-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/red/provider.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/red/provider.tf
new file mode 100644
index 000000000..25616c52d
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-290-logging_for_s3_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/red/s3.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/red/s3.tf
new file mode 100644
index 000000000..3f4dcf926
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/red/s3.tf
@@ -0,0 +1,18 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "bucket-290-red"
+  force_destroy = "true"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/red/terraform.tfvars b/terraform/ecc-aws-290-logging_for_s3_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-290-logging_for_s3_enabled/red/variables.tf b/terraform/ecc-aws-290-logging_for_s3_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-290-logging_for_s3_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/provider.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..2b017b673
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-352-rds_mariadb_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/rds.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..ba538aa03
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/rds.tf
@@ -0,0 +1,61 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-352-green"
+  engine                          = "mariadb"
+  engine_version                  = "10.6.10"
+  instance_class                  = "db.t2.micro"
+  allocated_storage               = 20
+  storage_type                    = "gp2"
+  db_name                         = "green352"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+  option_group_name               = aws_db_option_group.this.id
+
+  tags = {
+    Name = "352_db_instance_green"
+  }
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-352-green"
+  family = "mariadb10.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+}
+
+resource "aws_db_option_group" "this" {
+  name                     = "option-group-352-green"
+  engine_name              = "mariadb"
+  major_engine_version     = "10.6"
+
+  option {
+    option_name = "MARIADB_AUDIT_PLUGIN"
+
+    option_settings {
+      name  = "SERVER_AUDIT_EVENTS"
+      value = "CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/variables.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/iam/352-policy.json b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/iam/352-policy.json
new file mode 100644
index 000000000..947cc3264
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/iam/352-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBInstances",
+                "rds:DescribeDBParameters",
+                "rds:DescribeOptionGroups"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/provider.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..e461c9f29
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-352-rds_mariadb_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/rds.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..a0bf9b307
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/rds.tf
@@ -0,0 +1,57 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-352-red"
+  engine                          = "mariadb"
+  engine_version                  = "10.6.10"
+  instance_class                  = "db.t2.micro"
+  allocated_storage               = 20
+  storage_type                    = "gp2"
+  db_name                         = "red352"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit", "general", "slowquery"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+  option_group_name               = aws_db_option_group.this.id
+
+  tags = {
+    Name = "352_db_instance_red"
+  }
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-352-red"
+  family = "mariadb10.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+}
+
+resource "aws_db_option_group" "this" {
+  name                     = "option-group-352-red"
+  engine_name              = "mariadb"
+  major_engine_version     = "10.6"
+
+  option {
+    option_name = "MARIADB_AUDIT_PLUGIN"
+
+    option_settings {
+      name  = "SERVER_AUDIT_EVENTS"
+      value = "CONNECT,QUERY,TABLE,QUERY_DML,QUERY_DCL"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/variables.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/provider.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/provider.tf
new file mode 100644
index 000000000..fd925e29c
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-352-rds_mariadb_logging_enabled"
+      ComplianceStatus = "Red1"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/rds.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/rds.tf
new file mode 100644
index 000000000..eb9d0b6dd
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/rds.tf
@@ -0,0 +1,48 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  numeric          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_db_instance" "this" {
+  identifier                      = "database-352-red1"
+  engine                          = "mariadb"
+  engine_version                  = "10.6.10"
+  instance_class                  = "db.t2.micro"
+  allocated_storage               = 20
+  storage_type                    = "gp2"
+  db_name                         = "red1352"
+  username                        = "root"
+  password                        = random_password.this.result
+  multi_az                        = false
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit", "general", "slowquery"]
+  parameter_group_name            = aws_db_parameter_group.this.id
+  option_group_name               = aws_db_option_group.this.id
+
+  tags = {
+    Name = "352_db_instance_red1"
+  }
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-352-red1"
+  family = "mariadb10.6"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+}
+
+resource "aws_db_option_group" "this" {
+  name                     = "option-group-352-red1"
+  engine_name              = "mariadb"
+  major_engine_version     = "10.6"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/terraform.tfvars b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/variables.tf b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-352-rds_mariadb_logging_enabled/red1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/green/docdb.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/green/docdb.tf
new file mode 100644
index 000000000..b6ae540f0
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/green/docdb.tf
@@ -0,0 +1,38 @@
+resource "aws_docdb_cluster" "this" {
+  cluster_identifier              = "cluster-421-green"
+  engine                          = "docdb"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit", "profiler"]
+  db_cluster_parameter_group_name = aws_docdb_cluster_parameter_group.this.id
+}
+
+resource "aws_docdb_cluster_instance" "this" {
+  count              = 1
+  identifier         = "docdb-421-green-${count.index}"
+  cluster_identifier = aws_docdb_cluster.this.id
+  instance_class     = "db.t3.medium"
+}
+
+resource "aws_docdb_cluster_parameter_group" "this" {
+  name   = "parameter-group-421-green"
+  family = "docdb5.0"
+
+  parameter {
+    name  = "audit_logs"
+    value = "enabled"
+  }
+
+  parameter {
+    name  = "profiler"
+    value = "enabled"
+  }
+}
+
+
+resource "random_password" "this" {
+  length  = 12
+  special = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/green/provider.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..ef916e3b4
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-421-documentdb_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-421-documentdb_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/green/variables.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/iam/421-policy.json b/terraform/ecc-aws-421-documentdb_logging_enabled/iam/421-policy.json
new file mode 100644
index 000000000..d02ce0a96
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/iam/421-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "rds:DescribeDBClusters",
+                "rds:DescribeDBClusterParameters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/red/docdb.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/red/docdb.tf
new file mode 100644
index 000000000..3827e1d6f
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/red/docdb.tf
@@ -0,0 +1,28 @@
+resource "aws_docdb_cluster" "this" {
+  cluster_identifier              = "cluster-421-red"
+  engine                          = "docdb"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  skip_final_snapshot             = true
+  enabled_cloudwatch_logs_exports = ["audit"]
+  db_cluster_parameter_group_name = aws_docdb_cluster_parameter_group.this.id
+}
+
+resource "aws_docdb_cluster_instance" "this" {
+  count              = 1
+  identifier         = "docdb-421-red-${count.index}"
+  cluster_identifier = aws_docdb_cluster.this.id
+  instance_class     = "db.t3.medium"
+}
+
+resource "aws_docdb_cluster_parameter_group" "this" {
+  name   = "parameter-group-421-red"
+  family = "docdb5.0"
+}
+
+
+resource "random_password" "this" {
+  length  = 12
+  special = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/red/provider.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..ce7659730
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-421-documentdb_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-421-documentdb_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-421-documentdb_logging_enabled/red/variables.tf b/terraform/ecc-aws-421-documentdb_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-421-documentdb_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/provider.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..d92db3206
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/rds.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..d6b3cd101
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/rds.tf
@@ -0,0 +1,52 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-423-green"
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7.mysql_aurora.2.11.2"
+  database_name                   = "green423"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "error", "general", "slowquery"]
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-423-green"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+  parameter {
+    name  = "slow_query_log"
+    value = "1"
+  }
+
+  parameter {
+    name  = "log_output"
+    value = "FILE"
+  }
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-423-green"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-423-green"
+  family = "aurora-mysql5.7"
+}
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/variables.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/iam/423-policy.json b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/iam/423-policy.json
new file mode 100644
index 000000000..6c122226a
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/iam/423-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBClusterParameters",
+                "rds:DescribeDBClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/provider.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..0c85a8fde
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/rds.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..4c292a495
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/rds.tf
@@ -0,0 +1,43 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-423-red"
+  engine                          = "aurora-mysql"
+  engine_version                  = "5.7.mysql_aurora.2.11.2"
+  database_name                   = "red423"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["audit", "general"]
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-423-red"
+  family = "aurora-mysql5.7"
+
+  parameter {
+    name  = "general_log"
+    value = "1"
+  }
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-423-red"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t2.small"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-423-red"
+  family = "aurora-mysql5.7"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/variables.tf b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/provider.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..66bf6e4c3
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/rds.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/rds.tf
new file mode 100644
index 000000000..39efe406c
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/rds.tf
@@ -0,0 +1,48 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-424-green"
+  engine                          = "aurora-postgresql"
+  engine_version                  = "13.10"
+  database_name                   = "green424"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-424-green"
+  family = "aurora-postgresql13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+
+  parameter {
+    name  = "log_min_duration_statement"
+    value = "1"
+  }
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-424-green"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t3.medium"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-424-green"
+  family = "aurora-postgresql13"
+}
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/variables.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/iam/424-policy.json b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/iam/424-policy.json
new file mode 100644
index 000000000..6c122226a
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/iam/424-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "rds:DescribeDBClusterParameters",
+                "rds:DescribeDBClusters"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/provider.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..5f0ac89d0
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/rds.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/rds.tf
new file mode 100644
index 000000000..941cbe8d8
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/rds.tf
@@ -0,0 +1,43 @@
+resource "random_password" "this" {
+  length           = 12
+  special          = true
+  override_special = "!#$%*()-_=+[]{}:?"
+}
+
+resource "aws_rds_cluster" "this" {
+  cluster_identifier              = "aurora-cluster-424-red"
+  engine                          = "aurora-postgresql"
+  engine_version                  = "13.10"
+  database_name                   = "red424"
+  master_username                 = "root"
+  master_password                 = random_password.this.result
+  apply_immediately               = true
+  skip_final_snapshot             = true
+  db_cluster_parameter_group_name = aws_rds_cluster_parameter_group.this.id
+  enabled_cloudwatch_logs_exports = ["postgresql"]
+}
+
+resource "aws_rds_cluster_parameter_group" "this" {
+  name   = "cluster-parameter-group-424-red"
+  family = "aurora-postgresql13"
+
+  parameter {
+    name  = "log_statement"
+    value = "all"
+  }
+}
+
+resource "aws_rds_cluster_instance" "this" {
+  identifier              = "database-424-red"
+  cluster_identifier      = aws_rds_cluster.this.id
+  engine                  = aws_rds_cluster.this.engine
+  engine_version          = aws_rds_cluster.this.engine_version
+  instance_class          = "db.t3.medium"
+  apply_immediately       = true
+  db_parameter_group_name = aws_db_parameter_group.this.id
+}
+
+resource "aws_db_parameter_group" "this" {
+  name   = "parameter-group-424-red"
+  family = "aurora-postgresql13"
+}
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/variables.tf b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/kinesis.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/kinesis.tf
new file mode 100644
index 000000000..eca4885bc
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/kinesis.tf
@@ -0,0 +1,5 @@
+resource "aws_kinesis_video_stream" "this" {
+  name                    = "614_kinesis_stream_green"
+  data_retention_in_hours = 1
+  media_type              = "video/h264"
+}
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/provider.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/provider.tf
new file mode 100644
index 000000000..d235a556a
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-614-kinesis_video_stream_without_tag_information"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/terraform.tfvars b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/variables.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/iam/614-policy.json b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/iam/614-policy.json
new file mode 100644
index 000000000..1be68a8d6
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/iam/614-policy.json
@@ -0,0 +1,13 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "kinesisvideo:ListStreams",
+                "tag:GetResources"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/kinesis.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/kinesis.tf
new file mode 100644
index 000000000..8aa083819
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/kinesis.tf
@@ -0,0 +1,5 @@
+resource "aws_kinesis_video_stream" "this" {
+  name                    = "614_kinesis_stream_red"
+  data_retention_in_hours = 1
+  media_type              = "video/h264"
+}
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/provider.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/provider.tf
new file mode 100644
index 000000000..6d5818cea
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/provider.tf
@@ -0,0 +1,13 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+}
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/terraform.tfvars b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/variables.tf b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-614-kinesis_video_stream_without_tag_information/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/green/appsync.tf b/terraform/ecc-aws-646-appsync_logging_enabled/green/appsync.tf
new file mode 100644
index 000000000..4a922dc3c
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/green/appsync.tf
@@ -0,0 +1,34 @@
+resource "aws_iam_role" "this" {
+  name = "646_role_green"
+
+  assume_role_policy = <<POLICY
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+        "Effect": "Allow",
+        "Principal": {
+            "Service": "appsync.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+        }
+    ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_appsync_graphql_api" "this" {
+  name                = "646_appsync-graphql-api_green"
+  authentication_type = "API_KEY"
+
+  log_config {
+    cloudwatch_logs_role_arn = aws_iam_role.this.arn
+    field_log_level          = "ERROR"
+    exclude_verbose_content  = false
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/green/provider.tf b/terraform/ecc-aws-646-appsync_logging_enabled/green/provider.tf
new file mode 100644
index 000000000..cbc144c0e
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodiaRule     = "ecc-aws-646-appsync_logging_enabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/green/terraform.tfvars b/terraform/ecc-aws-646-appsync_logging_enabled/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/green/variables.tf b/terraform/ecc-aws-646-appsync_logging_enabled/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/iam/646-policy.json b/terraform/ecc-aws-646-appsync_logging_enabled/iam/646-policy.json
new file mode 100644
index 000000000..e1eba6ebc
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/iam/646-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "appsync:ListGraphqlApis",
+                "appsync:GetGraphqlApi"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/red/appsync.tf b/terraform/ecc-aws-646-appsync_logging_enabled/red/appsync.tf
new file mode 100644
index 000000000..29d93c505
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/red/appsync.tf
@@ -0,0 +1,29 @@
+resource "aws_iam_role" "this" {
+  name = "646_role_red"
+
+  assume_role_policy = <<POLICY
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+        "Effect": "Allow",
+        "Principal": {
+            "Service": "appsync.amazonaws.com"
+        },
+        "Action": "sts:AssumeRole"
+        }
+    ]
+}
+POLICY
+}
+
+resource "aws_iam_role_policy_attachment" "this" {
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs"
+  role       = aws_iam_role.this.name
+}
+
+resource "aws_appsync_graphql_api" "this" {
+  name                = "646_appsync-graphql-api_red"
+  authentication_type = "API_KEY"
+
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/red/provider.tf b/terraform/ecc-aws-646-appsync_logging_enabled/red/provider.tf
new file mode 100644
index 000000000..be72ed3f0
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodiaRule     = "ecc-aws-646-appsync_logging_enabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/red/terraform.tfvars b/terraform/ecc-aws-646-appsync_logging_enabled/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-646-appsync_logging_enabled/red/variables.tf b/terraform/ecc-aws-646-appsync_logging_enabled/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-646-appsync_logging_enabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/appsync.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/appsync.tf
new file mode 100644
index 000000000..f29f363e7
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/appsync.tf
@@ -0,0 +1,12 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "649_appsync-graphql-api_green"
+  authentication_type = "API_KEY"
+}
+
+resource "aws_appsync_api_cache" "this" {
+  api_id                     = aws_appsync_graphql_api.this.id
+  api_caching_behavior       = "FULL_REQUEST_CACHING"
+  type                       = "SMALL"
+  ttl                        = 900
+  at_rest_encryption_enabled = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/provider.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/provider.tf
new file mode 100644
index 000000000..a23ae8f24
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodiaRule     = "ecc-aws-649-appsync_cache_encrypted_at_rest"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/terraform.tfvars b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/variables.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/appsync.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/appsync.tf
new file mode 100644
index 000000000..3f51a071f
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/appsync.tf
@@ -0,0 +1,4 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "649_appsync-graphql-api_green1"
+  authentication_type = "API_KEY"
+}
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/provider.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/provider.tf
new file mode 100644
index 000000000..38b0e68f4
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodiaRule     = "ecc-aws-649-appsync_cache_encrypted_at_rest"
+      ComplianceStatus = "Green1"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/terraform.tfvars b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/variables.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/green1/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/iam/649-policy.json b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/iam/649-policy.json
new file mode 100644
index 000000000..05b4bff13
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/iam/649-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "appsync:ListGraphqlApis",
+                "appsync:GetGraphqlApi",
+                "appsync:GetApiCache"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/appsync.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/appsync.tf
new file mode 100644
index 000000000..90d8c60a7
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/appsync.tf
@@ -0,0 +1,11 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "649_appsync-graphql-api_red"
+  authentication_type = "API_KEY"
+}
+
+resource "aws_appsync_api_cache" "this" {
+  api_id               = aws_appsync_graphql_api.this.id
+  api_caching_behavior = "FULL_REQUEST_CACHING"
+  type                 = "SMALL"
+  ttl                  = 900
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/provider.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/provider.tf
new file mode 100644
index 000000000..ebddea35e
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodiaRule     = "ecc-aws-649-appsync_cache_encrypted_at_rest"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/terraform.tfvars b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/variables.tf b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-649-appsync_cache_encrypted_at_rest/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/appsync.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/appsync.tf
new file mode 100644
index 000000000..7fd04fe9c
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/appsync.tf
@@ -0,0 +1,12 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "650_appsync-graphql-api_green"
+  authentication_type = "API_KEY"
+}
+
+resource "aws_appsync_api_cache" "this" {
+  api_id                     = aws_appsync_graphql_api.this.id
+  api_caching_behavior       = "FULL_REQUEST_CACHING"
+  type                       = "SMALL"
+  ttl                        = 900
+  transit_encryption_enabled = true
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/provider.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/provider.tf
new file mode 100644
index 000000000..14678fce1
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-650-appsync_cache_encrypted_in_transit"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/terraform.tfvars b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/variables.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/iam/650-policy.json b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/iam/650-policy.json
new file mode 100644
index 000000000..05b4bff13
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/iam/650-policy.json
@@ -0,0 +1,15 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "appsync:ListGraphqlApis",
+                "appsync:GetGraphqlApi",
+                "appsync:GetApiCache"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/appsync.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/appsync.tf
new file mode 100644
index 000000000..05159d948
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/appsync.tf
@@ -0,0 +1,11 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "650_appsync-graphql-api_red"
+  authentication_type = "API_KEY"
+}
+
+resource "aws_appsync_api_cache" "this" {
+  api_id               = aws_appsync_graphql_api.this.id
+  api_caching_behavior = "FULL_REQUEST_CACHING"
+  type                 = "SMALL"
+  ttl                  = 900
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/provider.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/provider.tf
new file mode 100644
index 000000000..ffde4e37d
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-650-appsync_cache_encrypted_in_transit"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/terraform.tfvars b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/variables.tf b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-650-appsync_cache_encrypted_in_transit/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/green/appsync.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/green/appsync.tf
new file mode 100644
index 000000000..ee6d96659
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/green/appsync.tf
@@ -0,0 +1,24 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "651-appsync-graphql-api-green"
+  authentication_type = "API_KEY"
+}
+
+resource "aws_wafv2_web_acl" "this" {
+  name  = "651-wafv2-web-acl"
+  scope = "REGIONAL"
+
+  default_action {
+    allow {}
+  }
+
+  visibility_config {
+    cloudwatch_metrics_enabled = false
+    metric_name                = "651-metric-name"
+    sampled_requests_enabled   = false
+  }
+}
+
+resource "aws_wafv2_web_acl_association" "this" {
+  resource_arn = aws_appsync_graphql_api.this.arn
+  web_acl_arn  = aws_wafv2_web_acl.this.arn
+}
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/green/provider.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/green/provider.tf
new file mode 100644
index 000000000..b0886cd66
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-651-appsync_protected_by_waf"
+      ComplianceStatus = "Green"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/green/terraform.tfvars b/terraform/ecc-aws-651-appsync_protected_by_waf/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/green/variables.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/iam/651-policy.json b/terraform/ecc-aws-651-appsync_protected_by_waf/iam/651-policy.json
new file mode 100644
index 000000000..e1eba6ebc
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/iam/651-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "appsync:ListGraphqlApis",
+                "appsync:GetGraphqlApi"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/red/appsync.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/red/appsync.tf
new file mode 100644
index 000000000..bf11824bd
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/red/appsync.tf
@@ -0,0 +1,4 @@
+resource "aws_appsync_graphql_api" "this" {
+  name                = "651-appsync-graphql-api-red"
+  authentication_type = "API_KEY"
+}
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/red/provider.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/red/provider.tf
new file mode 100644
index 000000000..3b9c9a1dd
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-651-appsync_protected_by_waf"
+      ComplianceStatus = "Red"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/red/terraform.tfvars b/terraform/ecc-aws-651-appsync_protected_by_waf/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-651-appsync_protected_by_waf/red/variables.tf b/terraform/ecc-aws-651-appsync_protected_by_waf/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-651-appsync_protected_by_waf/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/emr.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/emr.tf
new file mode 100644
index 000000000..0e1bdb7fd
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/emr.tf
@@ -0,0 +1,44 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "670_emr_cluster_green"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+  security_configuration            = aws_emr_security_configuration.this.name
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "670_master_instance_group_green"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "670_core_instance_group_green"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "aws_emr_security_configuration" "this" {
+  name = "670_security_configuration_green"
+  configuration = <<EOF
+{
+  "InstanceMetadataServiceConfiguration" : {
+      "MinimumInstanceMetadataServiceVersion": 2,
+      "HttpPutResponseHopLimit": 1
+   }
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/iam.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/iam.tf
new file mode 100644
index 000000000..12a7cb17d
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "670_emr_service_role_green"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "670_emr_profile_role_green"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "670_emr_instance_profile_green"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/provider.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/provider.tf
new file mode 100644
index 000000000..e6fc9fbd5
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-670-emr_imdsv1_disabled"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/terraform.tfvars b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/variables.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/green/vpc.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/vpc.tf
new file mode 100644
index 000000000..f0f43e2cf
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/green/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "670_vpc_green"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "670_security_group_green"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/iam/670-policy.json b/terraform/ecc-aws-670-emr_imdsv1_disabled/iam/670-policy.json
new file mode 100644
index 000000000..522082dfd
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/iam/670-policy.json
@@ -0,0 +1,14 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "elasticmapreduce:DescribeSecurityConfiguration",
+                "elasticmapreduce:ListClusters",
+                "elasticmapreduce:DescribeCluster"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/emr.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/emr.tf
new file mode 100644
index 000000000..951fdbb83
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/emr.tf
@@ -0,0 +1,44 @@
+resource "aws_emr_cluster" "this" {
+  name                              = "670_emr_cluster_red"
+  release_label                     = "emr-5.33.0"
+  applications                      = ["Spark"]
+  termination_protection            = false
+  keep_job_flow_alive_when_no_steps = true
+  ebs_root_volume_size              = 10
+  security_configuration            = aws_emr_security_configuration.this.name
+
+  ec2_attributes {
+    subnet_id                         = aws_subnet.this.id
+    emr_managed_master_security_group = aws_security_group.this.id
+    emr_managed_slave_security_group  = aws_security_group.this.id
+    instance_profile                  = aws_iam_instance_profile.this.arn
+  }
+
+  master_instance_group {
+    name           = "670_master_instance_group_red"
+    instance_type  = "m4.large"
+    instance_count = 1
+  }
+
+  core_instance_group {
+    name           = "670_core_instance_group_red"
+    instance_count = 1
+    instance_type  = "m4.large"
+  }
+
+  service_role = aws_iam_role.emr_service_role.arn
+
+  depends_on = [aws_subnet.this, aws_iam_role.emr_service_role, aws_iam_role.emr_ec2_instance_profile, aws_iam_instance_profile.this]
+}
+
+resource "aws_emr_security_configuration" "this" {
+  name = "670_security_configuration_red"
+  configuration = <<EOF
+{
+  "InstanceMetadataServiceConfiguration" : {
+      "MinimumInstanceMetadataServiceVersion": 1,
+      "HttpPutResponseHopLimit": 1
+   }
+}
+EOF
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/iam.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/iam.tf
new file mode 100644
index 000000000..7042c687d
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/iam.tf
@@ -0,0 +1,52 @@
+resource "aws_iam_role" "emr_service_role" {
+  name               = "670_emr_service_role_red"
+  assume_role_policy = data.aws_iam_policy_document.this.json
+}
+
+resource "aws_iam_role_policy_attachment" "emr_service_role" {
+  role       = aws_iam_role.emr_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+}
+
+data "aws_iam_policy_document" "this" {
+  statement {
+    effect = "Allow"
+
+    principals {
+      type        = "Service"
+      identifiers = ["elasticmapreduce.amazonaws.com"]
+    }
+
+    actions = ["sts:AssumeRole"]
+  }
+}
+
+resource "aws_iam_role" "emr_ec2_instance_profile" {
+  name = "670_emr_profile_role_red"
+
+  assume_role_policy = <<EOF
+{
+  "Version": "2008-10-17",
+  "Statement": [
+    {
+      "Sid": "",
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "emr_ec2_instance_profile" {
+  role       = aws_iam_role.emr_ec2_instance_profile.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "this" {
+  name = "670_emr_instance_profile_red"
+  role = aws_iam_role.emr_ec2_instance_profile.name
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/provider.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/provider.tf
new file mode 100644
index 000000000..3362fa3be
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/provider.tf
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+} 
+
+provider "aws"{
+  profile = var.profile
+  region = var.default-region  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-670-emr_imdsv1_disabled"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/terraform.tfvars b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/variables.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/variables.tf
new file mode 100644
index 000000000..09e482677
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-670-emr_imdsv1_disabled/red/vpc.tf b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/vpc.tf
new file mode 100644
index 000000000..ae413e678
--- /dev/null
+++ b/terraform/ecc-aws-670-emr_imdsv1_disabled/red/vpc.tf
@@ -0,0 +1,49 @@
+resource "aws_vpc" "this" {
+  cidr_block = "10.0.0.0/16"
+
+  tags = {
+    Name = "406_vpc_red"
+  }
+}
+
+resource "aws_subnet" "this" {
+  vpc_id                  = aws_vpc.this.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "us-east-1a"
+  map_public_ip_on_launch = "true"
+}
+
+resource "aws_security_group" "this" {
+  name   = "406_security_group_red"
+  vpc_id = aws_vpc.this.id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = [aws_vpc.this.cidr_block]
+  }
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_internet_gateway" "this" {
+  vpc_id = aws_vpc.this.id
+}
+
+resource "aws_route_table" "this" {
+  vpc_id = aws_vpc.this.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.this.id
+  }
+}
+
+resource "aws_route_table_association" "this" {
+  subnet_id      = aws_subnet.this.id
+  route_table_id = aws_route_table.this.id
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/green/provider.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/provider.tf
new file mode 100644
index 000000000..aa01b0ff6
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-689-bucket_not_dns_compliant"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/green/s3.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/s3.tf
new file mode 100644
index 000000000..a503a2273
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/s3.tf
@@ -0,0 +1,17 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "689-bucket-green"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/green/terraform.tfvars b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/green/variables.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/iam/689-policy.json b/terraform/ecc-aws-689-bucket_not_dns_compliant/iam/689-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/iam/689-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/red/provider.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/provider.tf
new file mode 100644
index 000000000..7352d112d
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws"{
+  profile = var.profile
+  region  = var.default-region
+  
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-689-bucket_not_dns_compliant"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/red/s3.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/s3.tf
new file mode 100644
index 000000000..85115b9fb
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/s3.tf
@@ -0,0 +1,17 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "689.bucket.red"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  depends_on = [aws_s3_bucket_ownership_controls.this]
+
+  bucket = aws_s3_bucket.this.id
+  acl    = "private"
+}
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/red/terraform.tfvars b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/terraform.tfvars
new file mode 100644
index 000000000..368bc468f
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
\ No newline at end of file
diff --git a/terraform/ecc-aws-689-bucket_not_dns_compliant/red/variables.tf b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/variables.tf
new file mode 100644
index 000000000..948c49afd
--- /dev/null
+++ b/terraform/ecc-aws-689-bucket_not_dns_compliant/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/provider.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/provider.tf
new file mode 100644
index 000000000..9cbc38a1c
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-900-s3_bucket_acl_prohibited"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/s3.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/s3.tf
new file mode 100644
index 000000000..99611bfc8
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/s3.tf
@@ -0,0 +1,19 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "900-s3-bucket-green"
+}
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    object_ownership = "BucketOwnerEnforced"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/terraform.tfvars b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/variables.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/iam/900-policy.json b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/iam/900-policy.json
new file mode 100644
index 000000000..40b051ed3
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/iam/900-policy.json
@@ -0,0 +1,25 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration",
+				"s3:GetBucketOwnershipControls"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/provider.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/provider.tf
new file mode 100644
index 000000000..e4a02fd01
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-900-s3_bucket_acl_prohibited"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/s3.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/s3.tf
new file mode 100644
index 000000000..0aa881e71
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/s3.tf
@@ -0,0 +1,28 @@
+data "aws_canonical_user_id" "current" {}
+
+resource "aws_s3_bucket" "this" {
+  bucket = "900-s3-bucket-red"
+}
+
+resource "aws_s3_bucket_ownership_controls" "this" {
+  bucket = aws_s3_bucket.this.id
+  rule {
+    object_ownership = "BucketOwnerPreferred"
+  }
+}
+
+resource "aws_s3_bucket_acl" "this" {
+  bucket = aws_s3_bucket.this.id
+  access_control_policy {
+    grant {
+      grantee {
+        id   = data.aws_canonical_user_id.current.id
+        type = "CanonicalUser"
+      }
+      permission = "FULL_CONTROL"
+    }
+    owner {
+      id = data.aws_canonical_user_id.current.id
+    }
+  }
+}
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/terraform.tfvars b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/variables.tf b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-900-s3_bucket_acl_prohibited/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/provider.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/provider.tf
new file mode 100644
index 000000000..22f7d834e
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-901-s3_version_lifecycle_policy_check"
+      ComplianceStatus = "Green"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/s3.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/s3.tf
new file mode 100644
index 000000000..52dbadb5c
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/s3.tf
@@ -0,0 +1,42 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "901-bucket-green"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+resource "aws_s3_bucket_lifecycle_configuration" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  rule {
+    id = "rule-1"
+
+    expiration {
+      days = 90
+    }
+    transition {
+      days          = 30
+      storage_class = "STANDARD_IA"
+    }
+
+    transition {
+      days          = 60
+      storage_class = "GLACIER"
+    }
+
+    status = "Enabled"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/terraform.tfvars b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/variables.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/green/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/iam/901-policy.json b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/iam/901-policy.json
new file mode 100644
index 000000000..53a7390fd
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/iam/901-policy.json
@@ -0,0 +1,24 @@
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [ 
+                "s3:ListAllMyBuckets",
+                "s3:GetBucketAcl",
+                "s3:GetBucketLocation",
+                "s3:GetBucketLogging",
+                "s3:GetBucketTagging",
+                "s3:GetBucketWebsite",
+                "s3:GetBucketNotification",
+                "s3:GetBucketVersioning",
+                "s3:GetBucketLifecycle",
+                "s3:GetLifecycleConfiguration",
+                "s3:GetReplicationConfiguration",
+                "s3:GetBucketPolicy",
+				"s3:GetEncryptionConfiguration"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/provider.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/provider.tf
new file mode 100644
index 000000000..09aecd7c8
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 4"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule     = "ecc-aws-901-s3_version_lifecycle_policy_check"
+      ComplianceStatus = "Red"
+    }
+  }
+}
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/s3.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/s3.tf
new file mode 100644
index 000000000..8a8b30430
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/s3.tf
@@ -0,0 +1,19 @@
+resource "aws_s3_bucket" "this" {
+  bucket = "901-bucket-red"
+}
+
+resource "aws_s3_bucket_public_access_block" "this" {
+  bucket = aws_s3_bucket.this.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_versioning" "this" {
+  bucket = aws_s3_bucket.this.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/terraform.tfvars b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/variables.tf b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/variables.tf
new file mode 100644
index 000000000..c8b410c24
--- /dev/null
+++ b/terraform/ecc-aws-901-s3_version_lifecycle_policy_check/red/variables.tf
@@ -0,0 +1,9 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..824555469
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "080-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..af76f0a1a
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:*\",\"Resource\":\"arn:aws:s3:::080-bucket-green/*\",\"Condition\":{\"Bool\":{\"aws:SecureTransport\":\"false\"}}}]}"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..8a6e603fc
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "080-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..99de26001
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-080-bucket_policy_allows_https_requests"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..e25995c30
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "080-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..676e88041
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "080-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 10,
+                    "minute": 19,
+                    "second": 4,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..824555469
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "080-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..7e19f7c43
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "080-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..085139e41
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "080-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..eab2d605d
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-080-bucket_policy_allows_https_requests"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..c5c0f1d81
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "080-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..8e2c85695
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "080-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 10,
+                    "minute": 19,
+                    "second": 11,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-080-bucket_policy_allows_https_requests/red_policy_test.py b/tests/ecc-aws-080-bucket_policy_allows_https_requests/red_policy_test.py
new file mode 100644
index 000000000..7ce79f219
--- /dev/null
+++ b/tests/ecc-aws-080-bucket_policy_allows_https_requests/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Policy'])
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1e3932837
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,17 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "aws:kms",
+                        "KMSMasterKeyID": "arn:aws:kms:us-east-1:1111111111:key/1ee1cfc5-ca15-463a-a4da-d95682fddc05"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..d3d0a360d
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "141-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..e30315504
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "141-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..fe873dab5
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "141-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..c9a6241aa
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-141-s3_encrypted_using_kms"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..a8e368b1b
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "141-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..2029f9ad7
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "141-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 13,
+                    "minute": 37,
+                    "second": 9,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..1d51f436e
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "141-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..43b1e55aa
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "141-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..eda715b81
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "141-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..990dc686d
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-141-s3_encrypted_using_kms"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..56877c113
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "141-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..4fa744a13
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "141-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 13,
+                    "minute": 37,
+                    "second": 9,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-141-s3_encrypted_using_kms/red_policy_test.py b/tests/ecc-aws-141-s3_encrypted_using_kms/red_policy_test.py
new file mode 100644
index 000000000..2216ba4d2
--- /dev/null
+++ b/tests/ecc-aws-141-s3_encrypted_using_kms/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotEqual(resources[0]['c7n:bucket-encryption']['ServerSideEncryptionConfiguration']['Rules'][0]['ApplyServerSideEncryptionByDefault']['SSEAlgorithm'], 'aws:kms')
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..ebc532b44
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Rules": [
+            {
+                "Expiration": {
+                    "Days": 1
+                },
+                "ID": "Expire logs after 1 day",
+                "Filter": {
+                    "Prefix": ""
+                },
+                "Status": "Enabled"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..059cfc7f6
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..59da16f27
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..1d8db7bf2
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-162-s3_bucket_lifecycle"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..65e8bef64
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..34211fd73
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "162-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..ebb520124
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..059cfc7f6
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..59da16f27
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..6ae0c54ae
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-162-s3_bucket_lifecycle"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..65e8bef64
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "162-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..34211fd73
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "162-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-162-s3_bucket_lifecycle/red_policy_test.py b/tests/ecc-aws-162-s3_bucket_lifecycle/red_policy_test.py
new file mode 100644
index 000000000..27c332cb5
--- /dev/null
+++ b/tests/ecc-aws-162-s3_bucket_lifecycle/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Lifecycle'])
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..57152a36b
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "163-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..ae7b60120
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "163-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..dd38eb79d
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "163-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..fc1f39d40
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-163-s3_buckets_without_tags"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..151047a45
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "163-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..9c4f1188a
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "163-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..7c04ca57c
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "163-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..a1d62891a
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "163-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..35e746b82
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "163-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..57f09cd11
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchTagSet",
+            "Message": "The TagSet does not exist",
+            "BucketName": "163-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..0591c4ac9
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "163-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..77f8e7a41
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "163-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-163-s3_buckets_without_tags/red_policy_test.py b/tests/ecc-aws-163-s3_buckets_without_tags/red_policy_test.py
new file mode 100644
index 000000000..af8d2da9e
--- /dev/null
+++ b/tests/ecc-aws-163-s3_buckets_without_tags/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..1ca9e9a6e
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket1-216-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..8026f3d25
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket1-216-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..ff60b4802
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ReplicationConfiguration": {
+            "Role": "arn:aws:iam::11111111111:role/216_role_green",
+            "Rules": [
+                {
+                    "ID": "1111111111111111111111",
+                    "Prefix": "",
+                    "Status": "Enabled",
+                    "Destination": {
+                        "Bucket": "arn:aws:s3:::bucket2-216-green",
+                        "StorageClass": "STANDARD"
+                    }
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..bb96e924b
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-216-s3_bucket_cross_region_replication_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..0492328b0
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket1-216-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..1e2986ab9
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket1-216-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..f647125e2
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket-216-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..68ebb468f
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket-216-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..1a25b26be
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "bucket-216-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..e453d9314
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-216-s3_bucket_cross_region_replication_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..0155e7354
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket-216-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..ce369552d
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-216-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red_policy_test.py b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red_policy_test.py
new file mode 100644
index 000000000..e495adce5
--- /dev/null
+++ b/tests/ecc-aws-216-s3_bucket_cross_region_replication_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Replication'], None)
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..e17f8e185
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "246-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..28f313ab9
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "246-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..c089b2e3c
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "246-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..a227bad60
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..1cbda220e
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Status": "Enabled",
+        "MFADelete": "Enabled"
+    }
+}
+
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..130a1fa4b
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "246-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..1c100e922
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "246-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..e538661ee
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "246-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..c3f135d32
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "246-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..0b4213739
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "246-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..bba854d6c
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..74d938d19
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "246-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..2a9928182
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "246-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red_policy_test.py b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red_policy_test.py
new file mode 100644
index 000000000..e53e681c5
--- /dev/null
+++ b/tests/ecc-aws-246-s3_bucket_versioning_mfa_delete_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Versioning'])
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..adef1f76f
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket-280-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..ced63c11b
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket-280-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..bf147972e
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "bucket-280-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..87394e54b
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-280-s3_buckets_configured_with_block_public_access"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..0c564315f
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket-280-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetPublicAccessBlock_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetPublicAccessBlock_1.json
new file mode 100644
index 000000000..f23115e5f
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.GetPublicAccessBlock_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "PublicAccessBlockConfiguration": {
+            "BlockPublicAcls": true,
+            "IgnorePublicAcls": true,
+            "BlockPublicPolicy": true,
+            "RestrictPublicBuckets": true
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..f2395aa1b
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-280-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..666167c89
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket-280-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..3df270979
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket-280-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..ded7509cd
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "bucket-280-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..041e9edb2
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-280-s3_buckets_configured_with_block_public_access"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..d25792964
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket-280-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetPublicAccessBlock_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetPublicAccessBlock_1.json
new file mode 100644
index 000000000..386fef0a0
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.GetPublicAccessBlock_1.json
@@ -0,0 +1,12 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "PublicAccessBlockConfiguration": {
+            "BlockPublicAcls": true,
+            "IgnorePublicAcls": false,
+            "BlockPublicPolicy": false,
+            "RestrictPublicBuckets": true
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..58823633a
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-280-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/red_policy_test.py b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/red_policy_test.py
new file mode 100644
index 000000000..8657a1b44
--- /dev/null
+++ b/tests/ecc-aws-280-s3_buckets_configured_with_block_public_access/red_policy_test.py
@@ -0,0 +1,9 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        access_policy = resources[0]["c7n:PublicAccessBlock"]
+        arr = []
+        for i in access_policy:
+            arr.append(access_policy[i])
+        base_test.assertIn(False, arr)
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..e996b1cf8
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket-290-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..3a2e7b345
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,10 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "LoggingEnabled": {
+            "TargetBucket": "log-bucket-290-green",
+            "TargetPrefix": "log/"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..2ed272953
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket-290-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..ce96ea9c5
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "bucket-290-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..ab2445f82
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-290-logging_for_s3_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..bf00c1600
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket-290-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..50ad6e03b
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-290-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..d9223e807
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "bucket-290-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..fc0444cc9
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "bucket-290-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..ddb6101ac
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "bucket-290-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..a95205a35
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-290-logging_for_s3_enabled"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..2ffa059a1
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "bucket-290-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..fb4e5e2d1
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "bucket-290-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-290-logging_for_s3_enabled/red_policy_test.py b/tests/ecc-aws-290-logging_for_s3_enabled/red_policy_test.py
new file mode 100644
index 000000000..2ef2192c9
--- /dev/null
+++ b/tests/ecc-aws-290-logging_for_s3_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0] ['Logging'])
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..488995394
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBInstances_1.json
@@ -0,0 +1,169 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-352-green",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mariadb",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "green352",
+                "Endpoint": {
+                    "Address": "database-352-green.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "Z2R2ITUGPM61AM"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 10,
+                    "second": 57,
+                    "microsecond": 592000
+                },
+                "PreferredBackupWindow": "08:02-08:32",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-352-green",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1c",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-111111",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sat:04:56-sat:05:26",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "10.6.10",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "option-group-352-green",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-W22Z3IHYVSMBOUF75TWIIERRWA",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:1111111111:db:database-352-green",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-352-rds_mariadb_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "352_db_instance_green"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region",
+                "NetworkType": "IPV4",
+                "StorageThroughput": 0,
+                "CertificateDetails": {
+                    "CAIdentifier": "rds-ca-2019",
+                    "ValidTill": {
+                        "__class__": "datetime",
+                        "year": 2024,
+                        "month": 8,
+                        "day": 22,
+                        "hour": 17,
+                        "minute": 8,
+                        "second": 50,
+                        "microsecond": 0
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..c30435cc1
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeDBParameters_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }
+       ],
+        "ResponseMetadata": {}
+    }
+}
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeOptionGroups_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeOptionGroups_1.json
new file mode 100644
index 000000000..348df2439
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-green/rds.DescribeOptionGroups_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "OptionGroupsList": [
+            {
+                "OptionGroupName": "option-group-352-green",
+                "OptionGroupDescription": "Managed by Terraform",
+                "EngineName": "mariadb",
+                "MajorEngineVersion": "10.6",
+                "Options": [
+                    {
+                        "OptionName": "MARIADB_AUDIT_PLUGIN",
+                        "OptionDescription": "MariaDB Audit Plugin",
+                        "Persistent": false,
+                        "Permanent": false,
+                        "OptionSettings": [
+                            {
+                                "Name": "SERVER_AUDIT_EVENTS",
+                                "Value": "CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL",
+                                "DefaultValue": "CONNECT,QUERY",
+                                "Description": "Types of actions to be logged (connect, query, or table)",
+                                "ApplyType": "DYNAMIC",
+                                "DataType": "STRING",
+                                "AllowedValues": "CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL,QUERY_DML_NO_SELECT",
+                                "IsModifiable": true,
+                                "IsCollection": true
+                            }
+                        ],
+                        "DBSecurityGroupMemberships": [],
+                        "VpcSecurityGroupMemberships": []
+                    }
+                ],
+                "AllowsVpcAndNonVpcInstanceMemberships": false,
+                "VpcId": "vpc-111111",
+                "OptionGroupArn": "arn:aws:rds:us-east-1:1111111111:og:option-group-352-green"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
new file mode 100644
index 000000000..3856e5adc
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBInstances_1.json
@@ -0,0 +1,168 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBInstances": [
+            {
+                "DBInstanceIdentifier": "database-352-red",
+                "DBInstanceClass": "db.t2.micro",
+                "Engine": "mariadb",
+                "DBInstanceStatus": "available",
+                "MasterUsername": "root",
+                "DBName": "red352",
+                "Endpoint": {
+                    "Address": "database-352-red.chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                    "Port": 3306,
+                    "HostedZoneId": "Z2R2ITUGPM61AM"
+                },
+                "AllocatedStorage": 20,
+                "InstanceCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 10,
+                    "second": 51,
+                    "microsecond": 768000
+                },
+                "PreferredBackupWindow": "05:14-05:44",
+                "BackupRetentionPeriod": 0,
+                "DBSecurityGroups": [],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "DBParameterGroups": [
+                    {
+                        "DBParameterGroupName": "parameter-group-352-red",
+                        "ParameterApplyStatus": "in-sync"
+                    }
+                ],
+                "AvailabilityZone": "us-east-1f",
+                "DBSubnetGroup": {
+                    "DBSubnetGroupName": "default",
+                    "DBSubnetGroupDescription": "default",
+                    "VpcId": "vpc-111111",
+                    "SubnetGroupStatus": "Complete",
+                    "Subnets": [
+                        {
+                            "SubnetIdentifier": "subnet-cd7af8ec",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1c"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-fa9dcab7",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1d"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-247c052a",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1f"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-b045c2d6",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1b"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-5264af63",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1e"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        },
+                        {
+                            "SubnetIdentifier": "subnet-8158d8de",
+                            "SubnetAvailabilityZone": {
+                                "Name": "us-east-1a"
+                            },
+                            "SubnetOutpost": {},
+                            "SubnetStatus": "Active"
+                        }
+                    ]
+                },
+                "PreferredMaintenanceWindow": "sun:07:38-sun:08:08",
+                "PendingModifiedValues": {},
+                "MultiAZ": false,
+                "EngineVersion": "10.6.10",
+                "AutoMinorVersionUpgrade": true,
+                "ReadReplicaDBInstanceIdentifiers": [],
+                "LicenseModel": "general-public-license",
+                "OptionGroupMemberships": [
+                    {
+                        "OptionGroupName": "option-group-352-red",
+                        "Status": "in-sync"
+                    }
+                ],
+                "PubliclyAccessible": false,
+                "StorageType": "gp2",
+                "DbInstancePort": 0,
+                "StorageEncrypted": false,
+                "DbiResourceId": "db-QQNKDRABV4SCQ2YUIQXRUX7GTU",
+                "CACertificateIdentifier": "rds-ca-2019",
+                "DomainMemberships": [],
+                "CopyTagsToSnapshot": false,
+                "MonitoringInterval": 0,
+                "DBInstanceArn": "arn:aws:rds:us-east-1:1111111111:db:database-352-red",
+                "IAMDatabaseAuthenticationEnabled": false,
+                "PerformanceInsightsEnabled": false,
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "general",
+                    "slowquery"
+                ],
+                "DeletionProtection": false,
+                "AssociatedRoles": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-352-rds_mariadb_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    },
+                    {
+                        "Key": "Name",
+                        "Value": "352_db_instance_red"
+                    }
+                ],
+                "CustomerOwnedIpEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "BackupTarget": "region",
+                "NetworkType": "IPV4",
+                "StorageThroughput": 0,
+                "CertificateDetails": {
+                    "CAIdentifier": "rds-ca-2019",
+                    "ValidTill": {
+                        "__class__": "datetime",
+                        "year": 2024,
+                        "month": 8,
+                        "day": 22,
+                        "hour": 17,
+                        "minute": 8,
+                        "second": 50,
+                        "microsecond": 0
+                    }
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
new file mode 100644
index 000000000..63f07bf9c
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeDBParameters_1.json
@@ -0,0 +1,41 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "TABLE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate"
+            }            
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeOptionGroups_1.json b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeOptionGroups_1.json
new file mode 100644
index 000000000..c77d0439d
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/placebo-red/rds.DescribeOptionGroups_1.json
@@ -0,0 +1,40 @@
+{
+    "status_code": 200,
+    "data": {
+        "OptionGroupsList": [
+            {
+                "OptionGroupName": "option-group-352-red",
+                "OptionGroupDescription": "Managed by Terraform",
+                "EngineName": "mariadb",
+                "MajorEngineVersion": "10.6",
+                "Options": [
+                    {
+                        "OptionName": "MARIADB_AUDIT_PLUGIN",
+                        "OptionDescription": "MariaDB Audit Plugin",
+                        "Persistent": false,
+                        "Permanent": false,
+                        "OptionSettings": [
+                            {
+                                "Name": "SERVER_AUDIT_EVENTS",
+                                "Value": "CONNECT,QUERY,TABLE,QUERY_DML,QUERY_DCL",
+                                "DefaultValue": "CONNECT,QUERY",
+                                "Description": "Types of actions to be logged (connect, query, or table)",
+                                "ApplyType": "DYNAMIC",
+                                "DataType": "STRING",
+                                "AllowedValues": "CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL,QUERY_DML_NO_SELECT",
+                                "IsModifiable": true,
+                                "IsCollection": true
+                            }
+                        ],
+                        "DBSecurityGroupMemberships": [],
+                        "VpcSecurityGroupMemberships": []
+                    }
+                ],
+                "AllowsVpcAndNonVpcInstanceMemberships": false,
+                "VpcId": "vpc-111111",
+                "OptionGroupArn": "arn:aws:rds:us-east-1:1111111111:og:option-group-352-red"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-352-rds_mariadb_logging_enabled/red_policy_test.py b/tests/ecc-aws-352-rds_mariadb_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..89648c127
--- /dev/null
+++ b/tests/ecc-aws-352-rds_mariadb_logging_enabled/red_policy_test.py
@@ -0,0 +1,29 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "mariadb")
+        base_test.assertNotIn('error',resources[0]['EnabledCloudwatchLogsExports'])
+        parameter_group_name=resources[0]["DBParameterGroups"][0]["DBParameterGroupName"]
+        
+        describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_output":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertNotEqual(parameter['ParameterValue'], 'FILE')
+
+          describe_parameters = local_session.client("rds").describe_db_parameters(DBParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+        
+        option_group_name=resources[0]["OptionGroupMemberships"][0]["OptionGroupName"]
+        option_settings = local_session.client("rds").describe_option_groups(OptionGroupName=option_group_name)["OptionGroupsList"][0].get("Options")[0].get("OptionSettings")
+        for setting in option_settings:
+          if setting.get("Name") == "SERVER_AUDIT_EVENTS":
+            base_test.assertNotIn('QUERY_DDL',setting.get("Value").split(","))
+
+ 
diff --git a/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..50ee06d9c
--- /dev/null
+++ b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_logs",
+                "ParameterValue": "enabled",
+                "Description": "Enables auditing on cluster.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "enabled,disabled",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "profiler",
+                "ParameterValue": "enabled",
+                "Description": "Enables profiling for slow operations",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "enabled,disabled",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..7fce695c3
--- /dev/null
+++ b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,104 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DBClusterIdentifier": "cluster-421-green",
+                "DBClusterParameterGroup": "parameter-group-421-green",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 27,
+                    "second": 25,
+                    "microsecond": 764000
+                },
+                "Endpoint": "cluster-421-green.cluster-chhajgiktbgu.us-east-1.docdb.amazonaws.com",
+                "ReaderEndpoint": "cluster-421-green.cluster-ro-chhajgiktbgu.us-east-1.docdb.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "docdb",
+                "EngineVersion": "5.0.0",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 36,
+                    "second": 25,
+                    "microsecond": 142000
+                },
+                "Port": 27017,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "03:39-04:09",
+                "PreferredMaintenanceWindow": "tue:06:28-tue:06:58",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "docdb-421-green-0",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ZNKXH85TT8WVW",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-MKJ72FOUL24GAR7OGO3IBPLSAU",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:cluster-421-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 26,
+                    "second": 19,
+                    "microsecond": 417000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "profiler"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-421-documentdb_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": false,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..9e260bb07
--- /dev/null
+++ b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,38 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "audit_logs",
+                "ParameterValue": "disabled",
+                "Description": "Enables auditing on cluster.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "list",
+                "AllowedValues": "enabled,disabled,ddl,dml_read,dml_write,all,none",
+                "IsModifiable": true,
+                "MinimumEngineVersion": "5.0.0",
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "profiler",
+                "ParameterValue": "disabled",
+                "Description": "Enables profiling for slow operations",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "enabled,disabled",
+                "IsModifiable": true,
+                "MinimumEngineVersion": "5.0.0",
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..dca581966
--- /dev/null
+++ b/tests/ecc-aws-421-documentdb_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,103 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1b",
+                    "us-east-1a",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DBClusterIdentifier": "cluster-421-red",
+                "DBClusterParameterGroup": "parameter-group-421-red",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 28,
+                    "second": 8,
+                    "microsecond": 45000
+                },
+                "Endpoint": "cluster-421-red.cluster-chhajgiktbgu.us-east-1.docdb.amazonaws.com",
+                "ReaderEndpoint": "cluster-421-red.cluster-ro-chhajgiktbgu.us-east-1.docdb.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "docdb",
+                "EngineVersion": "5.0.0",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 34,
+                    "second": 48,
+                    "microsecond": 554000
+                },
+                "Port": 27017,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:19-04:49",
+                "PreferredMaintenanceWindow": "sat:08:56-sat:09:26",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "docdb-421-red-0",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "ZNKXH85TT8WVW",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-OMWQVGHSQSS73DOWRUVIAW3W7Y",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:cluster-421-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 26,
+                    "second": 47,
+                    "microsecond": 627000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "audit"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-421-documentdb_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": false,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-421-documentdb_logging_enabled/red_policy_test.py b/tests/ecc-aws-421-documentdb_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..a03b3e6ed
--- /dev/null
+++ b/tests/ecc-aws-421-documentdb_logging_enabled/red_policy_test.py
@@ -0,0 +1,23 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('profiler', resources[0]['EnabledCloudwatchLogsExports'])
+
+        parameter_group_name=resources[0]["DBClusterParameterGroup"]
+        describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name)
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+
+          for parameter in parameters:
+            if parameter["ParameterName"]=="audit_logs":
+              base_test.assertEqual(parameter['ParameterValue'], 'disabled')
+            elif parameter["ParameterName"]=="profiler":
+              base_test.assertEqual(parameter['ParameterValue'], 'disabled')
+
+
+          describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
\ No newline at end of file
diff --git a/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..9c8cca41a
--- /dev/null
+++ b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,52 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned",
+                    "serverless"
+                ]
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "ParameterValue": "1",
+                "Description": "Enable or disable the slow query log",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned",
+                    "serverless"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..20965033f
--- /dev/null
+++ b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,107 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "green423",
+                "DBClusterIdentifier": "aurora-cluster-423-green",
+                "DBClusterParameterGroup": "cluster-parameter-group-423-green",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 48,
+                    "second": 39,
+                    "microsecond": 739000
+                },
+                "Endpoint": "aurora-cluster-423-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "aurora-cluster-423-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.11.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 1,
+                    "second": 16,
+                    "microsecond": 818000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "09:01-09:31",
+                "PreferredMaintenanceWindow": "sat:07:22-sat:07:52",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "database-423-green",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "Z2R2ITUGPM61AM",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-6L2HKPSTMDIYQBX4IEKH765KLQ",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:aurora-cluster-423-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 47,
+                    "second": 52,
+                    "microsecond": 821000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "error",
+                    "general",
+                    "slowquery"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": true,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..ef4dd29cf
--- /dev/null
+++ b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,51 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "general_log",
+                "ParameterValue": "1",
+                "Description": "Whether the general query log is enabled",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned",
+                    "serverless"
+                ]
+            },
+            {
+                "ParameterName": "log_output",
+                "ParameterValue": "FILE",
+                "Description": "Controls where to store query logs",
+                "Source": "system",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "TABLE,FILE,NONE",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "slow_query_log",
+                "Description": "Enable or disable the slow query log",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "boolean",
+                "AllowedValues": "0,1",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned",
+                    "serverless"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..29e463774
--- /dev/null
+++ b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,105 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "red423",
+                "DBClusterIdentifier": "aurora-cluster-423-red",
+                "DBClusterParameterGroup": "cluster-parameter-group-423-red",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 47,
+                    "second": 58,
+                    "microsecond": 578000
+                },
+                "Endpoint": "aurora-cluster-423-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "aurora-cluster-423-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-mysql",
+                "EngineVersion": "5.7.mysql_aurora.2.11.2",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 1,
+                    "second": 15,
+                    "microsecond": 109000
+                },
+                "Port": 3306,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "09:28-09:58",
+                "PreferredMaintenanceWindow": "thu:04:21-thu:04:51",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "database-423-red",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "Z2R2ITUGPM61AM",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-IIXCHNHB5NRW6KYR3I6F3I235U",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:aurora-cluster-423-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 10,
+                    "minute": 46,
+                    "second": 58,
+                    "microsecond": 784000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "audit",
+                    "general"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": true,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red_policy_test.py b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..9c7d29754
--- /dev/null
+++ b/tests/ecc-aws-423-rds_aurora_mysql_cluster_logging_enabled/red_policy_test.py
@@ -0,0 +1,27 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora-mysql")
+        base_test.assertNotIn('error',resources[0]['EnabledCloudwatchLogsExports'])
+        base_test.assertNotIn('slowquery',resources[0]['EnabledCloudwatchLogsExports'])
+        parameter_group_name=resources[0]["DBClusterParameterGroup"]
+        describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name)  
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+        
+          for parameter in parameters:
+            if parameter["ParameterName"]=="slow_query_log":
+              base_test.assertNotIn('ParameterValue', parameter)
+            elif parameter["ParameterName"]=="general_log":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], '1')
+            elif parameter["ParameterName"]=="log_output":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], "FILE")
+
+          describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
diff --git a/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..712482737
--- /dev/null
+++ b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,36 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_duration_statement",
+                "ParameterValue": "1",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..10a3b81fb
--- /dev/null
+++ b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-green/rds.DescribeDBClusters_1.json
@@ -0,0 +1,104 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1b",
+                    "us-east-1a",
+                    "us-east-1c"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "green424",
+                "DBClusterIdentifier": "aurora-cluster-424-green",
+                "DBClusterParameterGroup": "cluster-parameter-group-424-green",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 21,
+                    "second": 38,
+                    "microsecond": 688000
+                },
+                "Endpoint": "aurora-cluster-424-green.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "aurora-cluster-424-green.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-postgresql",
+                "EngineVersion": "13.10",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 26,
+                    "second": 48,
+                    "microsecond": 379000
+                },
+                "Port": 5432,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "06:48-07:18",
+                "PreferredMaintenanceWindow": "wed:08:19-wed:08:49",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "database-424-green",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "Z2R2ITUGPM61AM",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-UNHKOJXIOVMFLSBXKKZNQYXDTM",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:aurora-cluster-424-green",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 20,
+                    "second": 13,
+                    "microsecond": 843000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": true,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
new file mode 100644
index 000000000..7555081f9
--- /dev/null
+++ b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusterParameters_1.json
@@ -0,0 +1,35 @@
+{
+    "status_code": 200,
+    "data": {
+        "Parameters": [
+            {
+                "ParameterName": "log_min_duration_statement",
+                "Description": "(ms) Sets the minimum execution time above which statements will be logged.",
+                "Source": "engine-default",
+                "ApplyType": "dynamic",
+                "DataType": "integer",
+                "AllowedValues": "-1-2147483647",
+                "IsModifiable": true,
+                "ApplyMethod": "pending-reboot",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            },
+            {
+                "ParameterName": "log_statement",
+                "ParameterValue": "all",
+                "Description": "Sets the type of statements logged.",
+                "Source": "user",
+                "ApplyType": "dynamic",
+                "DataType": "string",
+                "AllowedValues": "none,ddl,mod,all",
+                "IsModifiable": true,
+                "ApplyMethod": "immediate",
+                "SupportedEngineModes": [
+                    "provisioned"
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
new file mode 100644
index 000000000..abe129ce8
--- /dev/null
+++ b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/placebo-red/rds.DescribeDBClusters_1.json
@@ -0,0 +1,104 @@
+{
+    "status_code": 200,
+    "data": {
+        "DBClusters": [
+            {
+                "AllocatedStorage": 1,
+                "AvailabilityZones": [
+                    "us-east-1a",
+                    "us-east-1c",
+                    "us-east-1d"
+                ],
+                "BackupRetentionPeriod": 1,
+                "DatabaseName": "red424",
+                "DBClusterIdentifier": "aurora-cluster-424-red",
+                "DBClusterParameterGroup": "cluster-parameter-group-424-red",
+                "DBSubnetGroup": "default",
+                "Status": "available",
+                "EarliestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 21,
+                    "second": 58,
+                    "microsecond": 381000
+                },
+                "Endpoint": "aurora-cluster-424-red.cluster-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "ReaderEndpoint": "aurora-cluster-424-red.cluster-ro-chhajgiktbgu.us-east-1.rds.amazonaws.com",
+                "MultiAZ": false,
+                "Engine": "aurora-postgresql",
+                "EngineVersion": "13.10",
+                "LatestRestorableTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 27,
+                    "second": 2,
+                    "microsecond": 544000
+                },
+                "Port": 5432,
+                "MasterUsername": "root",
+                "PreferredBackupWindow": "04:29-04:59",
+                "PreferredMaintenanceWindow": "mon:07:20-mon:07:50",
+                "ReadReplicaIdentifiers": [],
+                "DBClusterMembers": [
+                    {
+                        "DBInstanceIdentifier": "database-424-red",
+                        "IsClusterWriter": true,
+                        "DBClusterParameterGroupStatus": "in-sync",
+                        "PromotionTier": 0
+                    }
+                ],
+                "VpcSecurityGroups": [
+                    {
+                        "VpcSecurityGroupId": "sg-a5befc90",
+                        "Status": "active"
+                    }
+                ],
+                "HostedZoneId": "Z2R2ITUGPM61AM",
+                "StorageEncrypted": false,
+                "DbClusterResourceId": "cluster-RFNS5UMATENHUV4FRHOMJHQ2EM",
+                "DBClusterArn": "arn:aws:rds:us-east-1:1111111111:cluster:aurora-cluster-424-red",
+                "AssociatedRoles": [],
+                "IAMDatabaseAuthenticationEnabled": false,
+                "ClusterCreateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 20,
+                    "second": 17,
+                    "microsecond": 485000
+                },
+                "EnabledCloudwatchLogsExports": [
+                    "postgresql"
+                ],
+                "EngineMode": "provisioned",
+                "DeletionProtection": false,
+                "HttpEndpointEnabled": false,
+                "ActivityStreamStatus": "stopped",
+                "CopyTagsToSnapshot": false,
+                "CrossAccountClone": false,
+                "DomainMemberships": [],
+                "TagList": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ],
+                "AutoMinorVersionUpgrade": true,
+                "NetworkType": "IPV4"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red_policy_test.py b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..e3d093bc1
--- /dev/null
+++ b/tests/ecc-aws-424-rds_aurora_postgresql_cluster_logging_enabled/red_policy_test.py
@@ -0,0 +1,27 @@
+class PolicyTest(object):
+
+     def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]['Engine'], "aurora-postgresql")
+
+        base_test.assertIn('postgresql',resources[0]['EnabledCloudwatchLogsExports'])
+
+        parameter_group_name=resources[0]["DBClusterParameterGroup"]
+        describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name)  
+        parameters=describe_parameters["Parameters"]
+        marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+        while marker is not None:
+              
+          for parameter in parameters:
+            if parameter["ParameterName"]=="log_statement":
+              base_test.assertIn('ParameterValue', parameter)
+              base_test.assertEqual(parameter['ParameterValue'], 'all')
+            elif parameter["ParameterName"]=="log_min_duration_statement":
+              base_test.assertNotIn('ParameterValue', parameter)
+
+          describe_parameters = local_session.client("rds").describe_db_cluster_parameters(DBClusterParameterGroupName=parameter_group_name, Marker=marker)
+          parameters=describe_parameters["Parameters"]
+          marker=describe_parameters["Marker"] if "Marker" in describe_parameters else None
+
+
diff --git a/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/kinesisvideo.ListStreams_1.json
new file mode 100644
index 000000000..6c80788ae
--- /dev/null
+++ b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/kinesisvideo.ListStreams_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "StreamInfoList": [
+            {
+                "StreamName": "614_kinesis_stream_green",
+                "StreamARN": "arn:aws:kinesisvideo:us-east-1:1111111111:stream/614_kinesis_stream_green/1687779310534",
+                "MediaType": "video/h264",
+                "KmsKeyId": "arn:aws:kms:us-east-1:1111111111:alias/aws/kinesisvideo",
+                "Version": "sf6RLPnWeMkpF4r4u2MZ",
+                "Status": "ACTIVE",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 35,
+                    "second": 10,
+                    "microsecond": 534000
+                },
+                "DataRetentionInHours": 1
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..06c9520e8
--- /dev/null
+++ b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:1111111111:stream/614_kinesis_stream_green/1687779310534",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-614-kinesis_video_stream_without_tag_information"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/kinesisvideo.ListStreams_1.json b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/kinesisvideo.ListStreams_1.json
new file mode 100644
index 000000000..d4d94d547
--- /dev/null
+++ b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/kinesisvideo.ListStreams_1.json
@@ -0,0 +1,27 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "StreamInfoList": [
+            {
+                "StreamName": "614_kinesis_stream_red",
+                "StreamARN": "arn:aws:kinesisvideo:us-east-1:1111111111:stream/614_kinesis_stream_red/1687779313287",
+                "MediaType": "video/h264",
+                "KmsKeyId": "arn:aws:kms:us-east-1:1111111111:alias/aws/kinesisvideo",
+                "Version": "Nr8lGkDVPIPOxtv5aijr",
+                "Status": "ACTIVE",
+                "CreationTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 26,
+                    "hour": 11,
+                    "minute": 35,
+                    "second": 13,
+                    "microsecond": 287000
+                },
+                "DataRetentionInHours": 1
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..141f6d2a1
--- /dev/null
+++ b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:kinesisvideo:us-east-1:1111111111:stream/614_kinesis_stream_red/1687779313287",
+                "Tags": []
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/red_policy_test.py b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/red_policy_test.py
new file mode 100644
index 000000000..aca91fa3b
--- /dev/null
+++ b/tests/ecc-aws-614-kinesis_video_stream_without_tag_information/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertFalse(resources[0]['Tags'])
diff --git a/tests/ecc-aws-646-appsync_logging_enabled/placebo-green/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-646-appsync_logging_enabled/placebo-green/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..0dcff8575
--- /dev/null
+++ b/tests/ecc-aws-646-appsync_logging_enabled/placebo-green/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,33 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "646_appsync-graphql-api_green",
+                "apiId": "26yurn6hfzc6bnjgsodw4icuwe",
+                "authenticationType": "API_KEY",
+                "logConfig": {
+                    "fieldLogLevel": "ERROR",
+                    "cloudWatchLogsRoleArn": "arn:aws:iam::1111111111:role/646_role_green",
+                    "excludeVerboseContent": false
+                },
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/26yurn6hfzc6bnjgsodw4icuwe",
+                "uris": {
+                    "REALTIME": "wss://neez2ey4vjd6nbiatuf6voo4ti.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://neez2ey4vjd6nbiatuf6voo4ti.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-646-appsync_logging_enabled",
+                    "ComplianceStatus": "Green"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "neez2ey4vjd6nbiatuf6voo4ti.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "neez2ey4vjd6nbiatuf6voo4ti.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-646-appsync_logging_enabled/placebo-red/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-646-appsync_logging_enabled/placebo-red/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..93f7ae4ba
--- /dev/null
+++ b/tests/ecc-aws-646-appsync_logging_enabled/placebo-red/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "646_appsync-graphql-api_red",
+                "apiId": "t2ke7ood6bfnhdgdradmseb6z4",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/t2ke7ood6bfnhdgdradmseb6z4",
+                "uris": {
+                    "REALTIME": "wss://pa6p7kbyyffj5bwfflcf2fqqlu.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://pa6p7kbyyffj5bwfflcf2fqqlu.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-646-appsync_logging_enabled",
+                    "ComplianceStatus": "Red"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "pa6p7kbyyffj5bwfflcf2fqqlu.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "pa6p7kbyyffj5bwfflcf2fqqlu.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-646-appsync_logging_enabled/red_policy_test.py b/tests/ecc-aws-646-appsync_logging_enabled/red_policy_test.py
new file mode 100644
index 000000000..023178ed3
--- /dev/null
+++ b/tests/ecc-aws-646-appsync_logging_enabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+     def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn("logConfig",resources[0])
diff --git a/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.GetApiCache_1.json b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.GetApiCache_1.json
new file mode 100644
index 000000000..27a234ed4
--- /dev/null
+++ b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.GetApiCache_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "apiCache": {
+            "ttl": 900,
+            "apiCachingBehavior": "FULL_REQUEST_CACHING",
+            "transitEncryptionEnabled": false,
+            "atRestEncryptionEnabled": true,
+            "type": "SMALL",
+            "status": "AVAILABLE"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..c44e1d42c
--- /dev/null
+++ b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-green/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "649_appsync-graphql-api_green",
+                "apiId": "jgbrl255qnf63hijklxasupfyi",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/jgbrl255qnf63hijklxasupfyi",
+                "uris": {
+                    "REALTIME": "wss://qqz4l6m57vcqvemqfxgewo3t2i.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://qqz4l6m57vcqvemqfxgewo3t2i.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-649-appsync_cache_encrypted_at_rest",
+                    "ComplianceStatus": "Green"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "qqz4l6m57vcqvemqfxgewo3t2i.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "qqz4l6m57vcqvemqfxgewo3t2i.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.GetApiCache_1.json b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.GetApiCache_1.json
new file mode 100644
index 000000000..f5572982b
--- /dev/null
+++ b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.GetApiCache_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "apiCache": {
+            "ttl": 900,
+            "apiCachingBehavior": "FULL_REQUEST_CACHING",
+            "transitEncryptionEnabled": false,
+            "atRestEncryptionEnabled": false,
+            "type": "SMALL",
+            "status": "AVAILABLE"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..8c125c2b6
--- /dev/null
+++ b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/placebo-red/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "649_appsync-graphql-api_red",
+                "apiId": "douqtuczszc6vaya76j5rqvpsm",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/douqtuczszc6vaya76j5rqvpsm",
+                "uris": {
+                    "REALTIME": "wss://h3vcr55eobeblnxlivcd6ro6se.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://h3vcr55eobeblnxlivcd6ro6se.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-649-appsync_cache_encrypted_at_rest",
+                    "ComplianceStatus": "Red"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "h3vcr55eobeblnxlivcd6ro6se.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "h3vcr55eobeblnxlivcd6ro6se.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/red_policy_test.py b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/red_policy_test.py
new file mode 100644
index 000000000..aa74bacf7
--- /dev/null
+++ b/tests/ecc-aws-649-appsync_cache_encrypted_at_rest/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        appsync = local_session.client("appsync").get_api_cache(apiId=resources[0]["apiId"])
+        base_test.assertFalse(appsync['apiCache']['atRestEncryptionEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.GetApiCache_1.json b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.GetApiCache_1.json
new file mode 100644
index 000000000..6af51db60
--- /dev/null
+++ b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.GetApiCache_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "apiCache": {
+            "ttl": 900,
+            "apiCachingBehavior": "FULL_REQUEST_CACHING",
+            "transitEncryptionEnabled": true,
+            "atRestEncryptionEnabled": false,
+            "type": "SMALL",
+            "status": "AVAILABLE"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..e37cc1d74
--- /dev/null
+++ b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-green/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "650_appsync-graphql-api_green",
+                "apiId": "7ohqjc36jbaktbvdkpidcxinwe",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/7ohqjc36jbaktbvdkpidcxinwe",
+                "uris": {
+                    "REALTIME": "wss://ock7r3rb3jeybcm2pfafuf55he.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://ock7r3rb3jeybcm2pfafuf55he.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-650-appsync_cache_encrypted_in_transit",
+                    "ComplianceStatus": "Green"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "ock7r3rb3jeybcm2pfafuf55he.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "ock7r3rb3jeybcm2pfafuf55he.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.GetApiCache_1.json b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.GetApiCache_1.json
new file mode 100644
index 000000000..f5572982b
--- /dev/null
+++ b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.GetApiCache_1.json
@@ -0,0 +1,14 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "apiCache": {
+            "ttl": 900,
+            "apiCachingBehavior": "FULL_REQUEST_CACHING",
+            "transitEncryptionEnabled": false,
+            "atRestEncryptionEnabled": false,
+            "type": "SMALL",
+            "status": "AVAILABLE"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..8d8cf9a32
--- /dev/null
+++ b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/placebo-red/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "650_appsync-graphql-api_red",
+                "apiId": "pg7ahgkbhrcbnij3z4n7ytzkhu",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/pg7ahgkbhrcbnij3z4n7ytzkhu",
+                "uris": {
+                    "REALTIME": "wss://kkk56scbobckbpr5ekoh5q6vxe.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://kkk56scbobckbpr5ekoh5q6vxe.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-650-appsync_cache_encrypted_in_transit",
+                    "ComplianceStatus": "Red"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "kkk56scbobckbpr5ekoh5q6vxe.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "kkk56scbobckbpr5ekoh5q6vxe.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/red_policy_test.py b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/red_policy_test.py
new file mode 100644
index 000000000..e9778d12b
--- /dev/null
+++ b/tests/ecc-aws-650-appsync_cache_encrypted_in_transit/red_policy_test.py
@@ -0,0 +1,6 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        appsync = local_session.client("appsync").get_api_cache(apiId=resources[0]["apiId"])
+        base_test.assertFalse(appsync['apiCache']['transitEncryptionEnabled'])
\ No newline at end of file
diff --git a/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..69bd995ac
--- /dev/null
+++ b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,29 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "651-appsync-graphql-api-green",
+                "apiId": "75jboei7fzhoxfmjvo7voaeiju",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/75jboei7fzhoxfmjvo7voaeiju",
+                "uris": {
+                    "REALTIME": "wss://epa635ww75eunpq6lmaamlcn3y.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://epa635ww75eunpq6lmaamlcn3y.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-651-appsync_protected_by_waf",
+                    "ComplianceStatus": "Green"
+                },
+                "xrayEnabled": false,
+                "wafWebAclArn": "arn:aws:wafv2:us-east-1:1111111111:regional/webacl/651-wafv2-web-acl/d8eee5bc-9b47-4931-b4eb-cc389256256b",
+                "dns": {
+                    "REALTIME": "epa635ww75eunpq6lmaamlcn3y.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "epa635ww75eunpq6lmaamlcn3y.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/wafv2.ListWebACLs_1.json b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/wafv2.ListWebACLs_1.json
new file mode 100644
index 000000000..783b2ee11
--- /dev/null
+++ b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-green/wafv2.ListWebACLs_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "NextMarker": "651-wafv2-web-acl",
+        "WebACLs": [
+            {
+                "Name": "651-wafv2-web-acl",
+                "Id": "d8eee5bc-9b47-4931-b4eb-cc389256256b",
+                "Description": "",
+                "LockToken": "4602c297-d85a-4ac0-88d3-0494f3ff7d66",
+                "ARN": "arn:aws:wafv2:us-east-1:1111111111:regional/webacl/651-wafv2-web-acl/d8eee5bc-9b47-4931-b4eb-cc389256256b"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/appsync.ListGraphqlApis_1.json b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/appsync.ListGraphqlApis_1.json
new file mode 100644
index 000000000..cc55dbb35
--- /dev/null
+++ b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/appsync.ListGraphqlApis_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "graphqlApis": [
+            {
+                "name": "651-appsync-graphql-api-red",
+                "apiId": "s4aubt7bffhytaos64gf3ugz5q",
+                "authenticationType": "API_KEY",
+                "arn": "arn:aws:appsync:us-east-1:1111111111:apis/s4aubt7bffhytaos64gf3ugz5q",
+                "uris": {
+                    "REALTIME": "wss://4wnjm4u4a5f4dipbsavrle65em.appsync-realtime-api.us-east-1.amazonaws.com/graphql",
+                    "GRAPHQL": "https://4wnjm4u4a5f4dipbsavrle65em.appsync-api.us-east-1.amazonaws.com/graphql"
+                },
+                "tags": {
+                    "CustodianRule": "ecc-aws-651-appsync_protected_by_waf",
+                    "ComplianceStatus": "Red"
+                },
+                "xrayEnabled": false,
+                "dns": {
+                    "REALTIME": "4wnjm4u4a5f4dipbsavrle65em.appsync-realtime-api.us-east-1.amazonaws.com",
+                    "GRAPHQL": "4wnjm4u4a5f4dipbsavrle65em.appsync-api.us-east-1.amazonaws.com"
+                },
+                "visibility": "GLOBAL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/wafv2.ListWebACLs_1.json b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/wafv2.ListWebACLs_1.json
new file mode 100644
index 000000000..de02a145a
--- /dev/null
+++ b/tests/ecc-aws-651-appsync_protected_by_waf/placebo-red/wafv2.ListWebACLs_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "WebACLs": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-651-appsync_protected_by_waf/red_policy_test.py b/tests/ecc-aws-651-appsync_protected_by_waf/red_policy_test.py
new file mode 100644
index 000000000..74255b9e5
--- /dev/null
+++ b/tests/ecc-aws-651-appsync_protected_by_waf/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotIn('wafWebAclArn', resources[0])
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..bbd52d69c
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2PH7JZWU9Q3WQ",
+            "Name": "670_emr_cluster_green",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 7,
+                        "day": 5,
+                        "hour": 9,
+                        "minute": 34,
+                        "second": 51,
+                        "microsecond": 759000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 7,
+                        "day": 5,
+                        "hour": 9,
+                        "minute": 44,
+                        "second": 26,
+                        "microsecond": 226000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-0c85a8109d0d13c27",
+                "RequestedEc2SubnetIds": [
+                    "subnet-0c85a8109d0d13c27"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::644160558196:instance-profile/670_emr_instance_profile_green",
+                "EmrManagedMasterSecurityGroup": "sg-025c130a14fd74437",
+                "EmrManagedSlaveSecurityGroup": "sg-025c130a14fd74437",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-670-emr_imdsv1_disabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Green"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::644160558196:role/670_emr_service_role_green",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "3.81.144.20",
+            "Configurations": [],
+            "SecurityConfiguration": "670_security_configuration_green",
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:644160558196:cluster/j-2PH7JZWU9Q3WQ",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeSecurityConfiguration_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeSecurityConfiguration_1.json
new file mode 100644
index 000000000..dda77274d
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.DescribeSecurityConfiguration_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Name": "670_security_configuration_green",
+        "SecurityConfiguration": "{\n  \"InstanceMetadataServiceConfiguration\" : {\n      \"MinimumInstanceMetadataServiceVersion\": 2,\n      \"HttpPutResponseHopLimit\": 1\n   }\n}\n",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 7,
+            "day": 5,
+            "hour": 9,
+            "minute": 34,
+            "second": 37,
+            "microsecond": 424000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..f3ca5abb5
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2PH7JZWU9Q3WQ",
+                "Name": "670_emr_cluster_green",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 7,
+                            "day": 5,
+                            "hour": 9,
+                            "minute": 34,
+                            "second": 51,
+                            "microsecond": 759000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 7,
+                            "day": 5,
+                            "hour": 9,
+                            "minute": 44,
+                            "second": 26,
+                            "microsecond": 226000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:644160558196:cluster/j-2PH7JZWU9Q3WQ"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListSecurityConfigurations_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListSecurityConfigurations_1.json
new file mode 100644
index 000000000..e99d5eb7b
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-green/elasticmapreduce.ListSecurityConfigurations_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "670_security_configuration_green",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 9,
+                    "minute": 34,
+                    "second": 37,
+                    "microsecond": 424000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeCluster_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
new file mode 100644
index 000000000..e6d675698
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeCluster_1.json
@@ -0,0 +1,89 @@
+{
+    "status_code": 200,
+    "data": {
+        "Cluster": {
+            "Id": "j-2P278RML26SQ8",
+            "Name": "670_emr_cluster_red",
+            "Status": {
+                "State": "WAITING",
+                "StateChangeReason": {
+                    "Message": "Cluster ready to run steps."
+                },
+                "Timeline": {
+                    "CreationDateTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 7,
+                        "day": 5,
+                        "hour": 9,
+                        "minute": 34,
+                        "second": 56,
+                        "microsecond": 816000
+                    },
+                    "ReadyDateTime": {
+                        "__class__": "datetime",
+                        "year": 2023,
+                        "month": 7,
+                        "day": 5,
+                        "hour": 9,
+                        "minute": 43,
+                        "second": 27,
+                        "microsecond": 580000
+                    }
+                }
+            },
+            "Ec2InstanceAttributes": {
+                "Ec2KeyName": "",
+                "Ec2SubnetId": "subnet-0d9ba373e154cd2b9",
+                "RequestedEc2SubnetIds": [
+                    "subnet-0d9ba373e154cd2b9"
+                ],
+                "Ec2AvailabilityZone": "us-east-1a",
+                "RequestedEc2AvailabilityZones": [],
+                "IamInstanceProfile": "arn:aws:iam::644160558196:instance-profile/670_emr_instance_profile_red",
+                "EmrManagedMasterSecurityGroup": "sg-0ddf0a5a6cde8e60a",
+                "EmrManagedSlaveSecurityGroup": "sg-0ddf0a5a6cde8e60a",
+                "ServiceAccessSecurityGroup": "",
+                "AdditionalMasterSecurityGroups": [
+                    ""
+                ],
+                "AdditionalSlaveSecurityGroups": [
+                    ""
+                ]
+            },
+            "InstanceCollectionType": "INSTANCE_GROUP",
+            "ReleaseLabel": "emr-5.33.0",
+            "AutoTerminate": false,
+            "TerminationProtected": false,
+            "VisibleToAllUsers": true,
+            "Applications": [
+                {
+                    "Name": "Spark",
+                    "Version": "2.4.7"
+                }
+            ],
+            "Tags": [
+                {
+                    "Key": "CustodianRule",
+                    "Value": "ecc-aws-670-emr_imdsv1_disabled"
+                },
+                {
+                    "Key": "ComplianceStatus",
+                    "Value": "Red"
+                }
+            ],
+            "ServiceRole": "arn:aws:iam::644160558196:role/670_emr_service_role_red",
+            "NormalizedInstanceHours": 0,
+            "MasterPublicDnsName": "184.73.45.113",
+            "Configurations": [],
+            "SecurityConfiguration": "670_security_configuration_red",
+            "ScaleDownBehavior": "TERMINATE_AT_TASK_COMPLETION",
+            "EbsRootVolumeSize": 10,
+            "KerberosAttributes": {},
+            "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:644160558196:cluster/j-2P278RML26SQ8",
+            "StepConcurrencyLevel": 1,
+            "PlacementGroups": []
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeSecurityConfiguration_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeSecurityConfiguration_1.json
new file mode 100644
index 000000000..1431414b6
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.DescribeSecurityConfiguration_1.json
@@ -0,0 +1,18 @@
+{
+    "status_code": 200,
+    "data": {
+        "Name": "670_security_configuration_red",
+        "SecurityConfiguration": "{\n  \"InstanceMetadataServiceConfiguration\" : {\n      \"MinimumInstanceMetadataServiceVersion\": 1,\n      \"HttpPutResponseHopLimit\": 1\n   }\n}\n",
+        "CreationDateTime": {
+            "__class__": "datetime",
+            "year": 2023,
+            "month": 7,
+            "day": 5,
+            "hour": 9,
+            "minute": 34,
+            "second": 42,
+            "microsecond": 78000
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListClusters_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListClusters_1.json
new file mode 100644
index 000000000..6daaaef0b
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Clusters": [
+            {
+                "Id": "j-2P278RML26SQ8",
+                "Name": "670_emr_cluster_red",
+                "Status": {
+                    "State": "WAITING",
+                    "StateChangeReason": {
+                        "Message": "Cluster ready to run steps."
+                    },
+                    "Timeline": {
+                        "CreationDateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 7,
+                            "day": 5,
+                            "hour": 9,
+                            "minute": 34,
+                            "second": 56,
+                            "microsecond": 816000
+                        },
+                        "ReadyDateTime": {
+                            "__class__": "datetime",
+                            "year": 2023,
+                            "month": 7,
+                            "day": 5,
+                            "hour": 9,
+                            "minute": 43,
+                            "second": 27,
+                            "microsecond": 580000
+                        }
+                    }
+                },
+                "NormalizedInstanceHours": 0,
+                "ClusterArn": "arn:aws:elasticmapreduce:us-east-1:644160558196:cluster/j-2P278RML26SQ8"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListSecurityConfigurations_1.json b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListSecurityConfigurations_1.json
new file mode 100644
index 000000000..ad4b16b87
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/placebo-red/elasticmapreduce.ListSecurityConfigurations_1.json
@@ -0,0 +1,21 @@
+{
+    "status_code": 200,
+    "data": {
+        "SecurityConfigurations": [
+            {
+                "Name": "670_security_configuration_red",
+                "CreationDateTime": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 7,
+                    "day": 5,
+                    "hour": 9,
+                    "minute": 34,
+                    "second": 42,
+                    "microsecond": 78000
+                }
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py b/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
new file mode 100644
index 000000000..9e006340c
--- /dev/null
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertTrue(resources[0]['SecurityConfiguration']['InstanceMetadataServiceConfiguration']['MinimumInstanceMetadataServiceVersion'], 1)
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..ff10225d9
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "689-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..01ebf1fd7
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "689-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..dc88fc39f
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "689-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..be2cd9b9f
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-689-bucket_not_dns_compliant"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..0f9a2a675
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "689-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..021f8599e
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "689-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..624b4322a
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "689.bucket.red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..985e08ae0
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "689.bucket.red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..0befa6192
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "689.bucket.red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..2731d40e4
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-689-bucket_not_dns_compliant"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..ddfc75260
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "689.bucket.red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..2a1ddb04c
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "689.bucket.red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-689-bucket_not_dns_compliant/red_policy_test.py b/tests/ecc-aws-689-bucket_not_dns_compliant/red_policy_test.py
new file mode 100644
index 000000000..4e84f2b90
--- /dev/null
+++ b/tests/ecc-aws-689-bucket_not_dns_compliant/red_policy_test.py
@@ -0,0 +1,5 @@
+class PolicyTest(object):
+
+    def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertNotRegex(resources[0]['Name'], r'^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$')
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..3190f7a7e
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "900-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketOwnershipControls_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketOwnershipControls_1.json
new file mode 100644
index 000000000..6b5ab2429
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketOwnershipControls_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "OwnershipControls": {
+            "Rules": [
+                {
+                    "ObjectOwnership": "BucketOwnerEnforced"
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..03b2dd169
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "900-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..6afb5e93b
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "900-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..dcfa8c766
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-900-s3_bucket_acl_prohibited"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..a99292a5d
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "900-s3-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..6e04b74f0
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "900-s3-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..e70997407
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "ID": "11111111111111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "ID": "11111111111111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            },
+            {
+                "Grantee": {
+                    "ID": "22222222222222222222",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..e68e53d7a
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "900-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketOwnershipControls_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketOwnershipControls_1.json
new file mode 100644
index 000000000..f2a714464
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketOwnershipControls_1.json
@@ -0,0 +1,13 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "OwnershipControls": {
+            "Rules": [
+                {
+                    "ObjectOwnership": "ObjectWriter"
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..1f9ee3c05
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "900-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..ecaae9f8a
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "900-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..8ebca6692
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-900-s3_bucket_acl_prohibited"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..99a9b9144
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "900-s3-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..9832fe55e
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "900-s3-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-900-s3_bucket_acl_prohibited/red_policy_test.py b/tests/ecc-aws-900-s3_bucket_acl_prohibited/red_policy_test.py
new file mode 100644
index 000000000..2fe75e556
--- /dev/null
+++ b/tests/ecc-aws-900-s3_bucket_acl_prohibited/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        bucket_id = resources[0]['Name']
+        s3_client = local_session.client("s3").get_bucket_ownership_controls(Bucket=bucket_id)
+        base_test.assertEqual(s3_client['OwnershipControls']['Rules'][0]["ObjectOwnership"],"ObjectWriter")
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketAcl_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketEncryption_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..653a97b62
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,28 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Rules": [
+            {
+                "Expiration": {
+                    "Days": 90
+                },
+                "ID": "rule-1",
+                "Filter": {
+                    "Prefix": ""
+                },
+                "Status": "Enabled",
+                "Transitions": [
+                    {
+                        "Days": 60,
+                        "StorageClass": "GLACIER"
+                    },
+                    {
+                        "Days": 30,
+                        "StorageClass": "STANDARD_IA"
+                    }
+                ]
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLocation_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLogging_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketPolicy_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..657801950
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "901-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketReplication_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..609b25dd5
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "901-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketTagging_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..179d6d117
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-901-s3_version_lifecycle_policy_check"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Green"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketVersioning_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..714bb6f8d
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketVersioning_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Status": "Enabled"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketWebsite_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..8c8fa7ca2
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "901-bucket-green"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.ListBuckets_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.ListBuckets_1.json
new file mode 100644
index 000000000..1aa78f7fe
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-green/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "901-bucket-green",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketAcl_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketAcl_1.json
new file mode 100644
index 000000000..555ef14cb
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketAcl_1.json
@@ -0,0 +1,20 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        },
+        "Grants": [
+            {
+                "Grantee": {
+                    "DisplayName": "test",
+                    "ID": "1111111111",
+                    "Type": "CanonicalUser"
+                },
+                "Permission": "FULL_CONTROL"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketEncryption_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketEncryption_1.json
new file mode 100644
index 000000000..1c7ed8f95
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketEncryption_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "ServerSideEncryptionConfiguration": {
+            "Rules": [
+                {
+                    "ApplyServerSideEncryptionByDefault": {
+                        "SSEAlgorithm": "AES256"
+                    },
+                    "BucketKeyEnabled": false
+                }
+            ]
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLifecycleConfiguration_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
new file mode 100644
index 000000000..eab26be33
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLifecycleConfiguration_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchLifecycleConfiguration",
+            "Message": "The lifecycle configuration does not exist",
+            "BucketName": "901-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLocation_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLocation_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLocation_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLogging_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLogging_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketLogging_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketNotificationConfiguration_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketNotificationConfiguration_1.json
new file mode 100644
index 000000000..5b2170a07
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketNotificationConfiguration_1.json
@@ -0,0 +1,6 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketPolicy_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketPolicy_1.json
new file mode 100644
index 000000000..e0702340a
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketPolicy_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchBucketPolicy",
+            "Message": "The bucket policy does not exist",
+            "BucketName": "901-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketReplication_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketReplication_1.json
new file mode 100644
index 000000000..2868148d5
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketReplication_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "ReplicationConfigurationNotFoundError",
+            "Message": "The replication configuration was not found",
+            "BucketName": "901-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketTagging_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketTagging_1.json
new file mode 100644
index 000000000..419ad2ffc
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketTagging_1.json
@@ -0,0 +1,16 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "TagSet": [
+            {
+                "Key": "CustodianRule",
+                "Value": "ecc-aws-901-s3_version_lifecycle_policy_check"
+            },
+            {
+                "Key": "ComplianceStatus",
+                "Value": "Red"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketVersioning_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketVersioning_1.json
new file mode 100644
index 000000000..714bb6f8d
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketVersioning_1.json
@@ -0,0 +1,7 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Status": "Enabled"
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketWebsite_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketWebsite_1.json
new file mode 100644
index 000000000..4d551a1c5
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.GetBucketWebsite_1.json
@@ -0,0 +1,11 @@
+{
+    "status_code": 404,
+    "data": {
+        "Error": {
+            "Code": "NoSuchWebsiteConfiguration",
+            "Message": "The specified bucket does not have a website configuration",
+            "BucketName": "901-bucket-red"
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.ListBuckets_1.json b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.ListBuckets_1.json
new file mode 100644
index 000000000..312c84461
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/placebo-red/s3.ListBuckets_1.json
@@ -0,0 +1,25 @@
+{
+    "status_code": 200,
+    "data": {
+        "ResponseMetadata": {},
+        "Buckets": [
+            {
+                "Name": "901-bucket-red",
+                "CreationDate": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 22,
+                    "hour": 11,
+                    "minute": 33,
+                    "second": 16,
+                    "microsecond": 0
+                }
+            }
+        ],
+        "Owner": {
+            "DisplayName": "test",
+            "ID": "1111111111"
+        }
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-901-s3_version_lifecycle_policy_check/red_policy_test.py b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/red_policy_test.py
new file mode 100644
index 000000000..2990356a1
--- /dev/null
+++ b/tests/ecc-aws-901-s3_version_lifecycle_policy_check/red_policy_test.py
@@ -0,0 +1,13 @@
+from botocore.exceptions import ClientError
+
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        bucket_id = resources[0]['Name']
+        s3_client_versioning = local_session.client("s3").get_bucket_versioning(Bucket=bucket_id)
+        base_test.assertEqual(s3_client_versioning['Status'],"Enabled")
+        try:
+          s3_client_lifecycle = local_session.client("s3").get_bucket_lifecycle_configuration(Bucket=bucket_id)
+        except ClientError as e:
+          base_test.assertEqual(e.response['Error']['Code'],"NoSuchLifecycleConfiguration")
\ No newline at end of file

From 98f9de8edebc99c3977f20c280f8dbc53daec717 Mon Sep 17 00:00:00 2001
From: Vladyslav Yevsiukov <Vladyslav_Yevsiukov@epam.com>
Date: Wed, 5 Jul 2023 13:07:20 +0000
Subject: [PATCH 15/15] update

---
 tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py b/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
index 9e006340c..c28693545 100644
--- a/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
+++ b/tests/ecc-aws-670-emr_imdsv1_disabled/red_policy_test.py
@@ -2,4 +2,7 @@ class PolicyTest(object):
 
     def test_resources_with_client(self, base_test, resources, local_session):
         base_test.assertEqual(len(resources), 1)
-        base_test.assertTrue(resources[0]['SecurityConfiguration']['InstanceMetadataServiceConfiguration']['MinimumInstanceMetadataServiceVersion'], 1)
\ No newline at end of file
+        emr_client = local_session.client("emr")
+        config_name = resources[0]['SecurityConfiguration']
+        configuration = emr_client.describe_security_configuration(Name=config_name)
+        base_test.assertRegexpMatches(configuration['SecurityConfiguration'], r'\"MinimumInstanceMetadataServiceVersion\": 1')